Legal Documentation

Privacy Policy

Last Updated: March 26, 2026

Facemint ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, share, and protect information when you use our services, including the Facemint Face Swap API, website, and related tools. This policy applies to all users worldwide and is designed to comply with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant legislation.

1. Information We Collect

We collect information in the following categories:

1.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address, username, and any additional profile information you provide voluntarily.
  • Payment Information: If you purchase paid features, our third-party payment processors (such as Stripe) collect billing details including credit/debit card information, billing address, and transaction history. We do not store your full credit card numbers on our servers.
  • Communications: When you contact our support team or communicate with us, we collect the content of those communications, including email addresses and any attachments.
  • Media Files: When you upload videos, images, or GIFs for face swapping, we temporarily process those files to deliver the requested service.

1.2 Information Collected Automatically

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data: Pages visited, features used, API calls made, timestamps, referring URLs, and interaction patterns.
  • Log Data: Server logs that record API requests, error reports, and performance metrics.
  • Cookies and Similar Technologies: We use cookies, web beacons, and similar tracking technologies as described in Section 5.

1.3 Biometric Data

Our face swap technology processes facial geometry data from uploaded media. This data is used solely for the purpose of performing the face swap operation. We do not create biometric templates, facial recognition databases, or persistent biometric identifiers. All facial data is processed in real-time and automatically deleted along with the uploaded media within 24 hours. We do not use facial data for identification, authentication, or surveillance purposes.

2. How We Use Your Information

We use your information for the following purposes:

2.1 Service Delivery

  • Processing and delivering your face-swapped media content.
  • Managing your account and providing customer support.
  • Processing payments and managing subscriptions.
  • Sending essential service-related communications (e.g., task status, system alerts, account notifications).

2.2 Safety and Security

  • Preventing fraud, abuse, and unauthorized access to our services.
  • Detecting and preventing violations of our Terms of Service, including prohibited content such as CSAM, non-consensual intimate imagery, and other harmful material.
  • Maintaining the integrity and security of our systems and infrastructure.
  • Complying with legal obligations, including reporting illegal content to authorities.

2.3 Improvement and Analytics

  • Analyzing usage patterns to improve our services, features, and user experience.
  • Conducting aggregated, anonymized research and analysis.
  • Diagnosing technical issues and optimizing performance.

Important: We do NOT use your uploaded media files (images, videos, GIFs) or any facial data for AI model training, research, advertising, profiling, or any purpose other than delivering the specific face swap service you requested.

3. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and other jurisdictions requiring a legal basis for data processing, we process your personal data on the following grounds:

  • Contract Performance: Processing necessary to provide our services to you pursuant to our Terms of Service (account management, service delivery, payment processing).
  • Legitimate Interests: Processing necessary for our legitimate business interests, including fraud prevention, security, service improvement, and analytics, where those interests are not overridden by your rights.
  • Legal Obligation: Processing necessary to comply with applicable laws, including reporting illegal content and responding to legal processes.
  • Consent: Where required, we will obtain your explicit consent before processing certain types of data, including biometric data in jurisdictions where consent is required (e.g., Illinois BIPA). You may withdraw consent at any time.

4. File Handling, Storage, and Retention

4.1 Media Files

  • All uploaded media (videos, images, GIFs) and processed output files are automatically and permanently deleted within 24 hours of processing.
  • We do not create backups of user-uploaded media files.
  • Only the user who uploads the media has access to the processed content during the retention period.
  • We do not use any uploaded media for training AI models, internal research, marketing, or any purpose beyond the requested service.

4.2 Account Data

  • Account information is retained for as long as your account is active.
  • Upon account deletion request, we will delete your personal data within 30 days, except where retention is required by law.
  • Transaction and billing records may be retained for up to 7 years to comply with tax and accounting obligations.

4.3 Usage Logs

  • API access logs and usage data are retained for up to 90 days for security and debugging purposes, after which they are anonymized or deleted.
  • Aggregated, anonymized analytics data may be retained indefinitely.

4.4 Violation Evidence

In cases of Terms of Service violations, particularly involving illegal content (CSAM, non-consensual intimate imagery, fraud, etc.), we may retain relevant data and evidence as required by law or as necessary to cooperate with law enforcement investigations, even after account termination.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our services:

5.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the operation of our website and services (e.g., authentication, session management, security). These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors interact with our website so we can improve the user experience. We may use third-party analytics services such as Google Analytics.
  • Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

5.2 Managing Cookies

You can manage or disable cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services. Most browsers allow you to block or delete cookies. For more information about cookies and how to manage them, visit allaboutcookies.org.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data or media files. We may share your information only in the following limited circumstances:

6.1 Service Providers

We may share data with trusted third-party service providers who assist us in operating our services, including cloud hosting providers, payment processors, email delivery services, and analytics providers. These providers are bound by contractual data protection agreements and are prohibited from using your data for any purpose other than providing services to us.

6.2 Legal Requirements

We may disclose your information when required by law, regulation, legal process, or governmental request, including:

  • Responding to valid subpoenas, court orders, or legal processes.
  • Reporting illegal content (including CSAM and non-consensual intimate imagery) to law enforcement agencies, NCMEC, IWF, and other authorities as required by law.
  • Cooperating with law enforcement investigations related to fraud, identity theft, or other criminal activity.
  • Protecting the rights, property, or safety of Facemint, our users, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on our website before your personal data is transferred and becomes subject to a different privacy policy.

We never sell your personal data to advertisers, data brokers, or any third parties for marketing purposes. Your media files are never shared with, accessed by, or disclosed to any third party.

7. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL. Sensitive data at rest is encrypted using AES-256 or equivalent encryption.
  • Access Controls: Strict role-based access controls limit who within our organization can access personal data, on a need-to-know basis.
  • Infrastructure Security: Our servers are hosted in secure data centers with physical and network security protections.
  • Monitoring: We employ continuous security monitoring, intrusion detection, and regular security assessments.
  • Incident Response: We maintain an incident response plan and will notify affected users and relevant authorities of data breaches in accordance with applicable law (within 72 hours for GDPR-covered incidents).

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining commercially reasonable standards to protect your information.

8. International Data Transfers

Your data may be processed and stored in countries outside of your home jurisdiction, including the United States. When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data protection agreements with all service providers and sub-processors.
  • Compliance with applicable cross-border data transfer mechanisms.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

9.1 Rights Under GDPR (EEA/UK Users)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restriction: Request that we limit our processing of your data.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority (supervisory authority).

9.2 Rights Under CCPA (California Residents)

  • Right to Know: Request information about the categories and specific pieces of personal data we have collected.
  • Right to Delete: Request deletion of personal data we have collected from you.
  • Right to Opt-Out of Sale: We do not sell personal data. However, you have the right to direct us not to sell your information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

9.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

10. Children's Privacy

Our services are strictly not intended for individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect, use, or process personal data from children under 18.

  • If we discover that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete such data from our systems.
  • If you believe a child under 18 has provided us with personal information, please contact us immediately at [email protected].
  • We comply with the Children's Online Privacy Protection Act (COPPA) and equivalent international legislation.

Any use of our services to create, distribute, or facilitate child sexual abuse material (CSAM) or any content that sexually exploits or endangers minors is strictly prohibited and will be immediately reported to NCMEC, law enforcement, and all relevant authorities. We employ automated detection measures to identify and prevent such content.

11. Prohibited Data Practices

In addition to the prohibited uses outlined in our Terms of Service, the following data practices are expressly forbidden:

  • Uploading or processing biometric data (facial images) of individuals without their explicit, informed consent.
  • Using our services to build facial recognition databases, surveillance systems, or biometric identification tools.
  • Processing images of individuals for the purpose of stalking, harassment, or tracking their location or activities.
  • Creating non-consensual intimate imagery (NCII), deepfake pornography, or any sexually explicit content using another person's likeness without their verified consent.
  • Processing images of individuals to create content that defames, humiliates, or causes harm to their reputation.
  • Using our services to circumvent privacy settings or access controls on any platform or service.

12. Third-Party Links and Services

Our website and services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party sites you visit. This Privacy Policy applies only to information collected by Facemint.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) signal. Because there is no universally accepted standard for how to interpret DNT signals, we currently do not respond to DNT signals. However, you can manage tracking preferences through your browser cookie settings as described in Section 5.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this page with a revised "Last Updated" date.
  • Notify you via email or a prominent notice on our website at least 30 days before material changes take effect.
  • Where required by law, seek your consent to the revised policy.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Facemint — Data Protection

[email protected]

For GDPR-related inquiries, you may also contact our Data Protection Officer at the email address above.

© 2025 Facemint, Inc. All rights reserved.