Privacy Policy

Last updated November 4, 2024

This privacy policy (the “Privacy Policy”) describes the privacy practices of FaceApp in connection with the FaceApp mobile applications (each, an “App” and collectively, the “Apps”) and the FaceApp.com website (the “Site”).

Welcome to FaceApp’s Privacy Policy!

If you decide not to read this entire Privacy Policy, we want you to walk away with a few key points about FaceApp’s privacy practices:

  • The Apps are photo or video editors that allow users to edit portraits with highly realistic facial transformations.
  • We do not use photographs or videos you provide when you use the Apps for any reason other than to provide you with the editing functionality of the Apps.
  • We use third-party cloud providers - specifically, Google Cloud Platform and Amazon Web Services - to process and edit photographs and videos.
  • You only send to the cloud the photographs or videos that you specifically select for editing.
  • Photographs or videos are temporarily cached on the cloud servers during the editing process and encrypted using a key stored locally on your mobile device.
  • Photographs or videos may remain in the cloud for a maximum limited period of 24 to 48 hours, for improved performance and lower bandwidth allowing additional changes to recently selected photos or videos in an optimal manner.

Here’s more on our privacy practices.

1. Information We Collect

1.1. When you use the Apps and select photographs or videos for editing, we cache them for processing to render the requested editing service:

  • Photographs or videos you select when you use the Apps, via your camera or camera roll (if you have granted the Apps the permission to access your camera or camera roll), or via the in-App internet search functionality. We process only specific photos and videos you choose to modify using the Apps; and we do not collect your photo or video albums even if you grant us access to them. We safeguard each photograph or video that you select using an encryption key stored locally on your device. This means that the only device that can view the photo or video is the device from which the photograph or video was submitted using the Apps - the user’s device. Please note that while we do not require or request any metadata attached to the photographs or videos you select for editing, metadata (including, for example, geotags) may be associated with your photographs or videos by default. We take steps to delete any metadata that may be associated with a photograph or video you provide when you use the Apps. Photographs or videos may remain cached in the cloud for a limited period between 24 to 48 hours after your last edit, so that you can return to it and make additional changes if you so choose.

1.2. When you use the Apps and the Site, we may collect some information, including:

  • Apps usage information and online activity data, such as information about 1) how you use the Apps and interact with them, including the features you use, your preferred language, the date and time when you first installed the Apps and the date and time when you launch the Apps; 2) sources of referrals to the Site.
  • App-related purchase history, if you choose to purchase an Apps subscription, we will not receive such information as billing address, credit card etc. (as we don’t distribute subscriptions directly), we will only receive confirmation from the relevant application store that you are a paid subscriber to the Apps so we can provide Pro services.
  • Device data, such as your computer and mobile device operating system type and version number, manufacturer and model, push tokens, browser type, screen resolution, IP address (and the associated city/country in which you are located), and the website you visited before visiting our Site.

Generally, all data are associated only with an App Instance ID (assigned to an instance of the Apps installed on your mobile device). Online identifiers such as an IP address and App Instance ID are generally considered as personal data. However, we are not in a position to identify you specifically by name or address on the basis of such identifiers.

This information may be collected through our Site and Apps using cookies, and similar technologies. We may collect this information directly or through our use of third-party software development kits (“SDKs”). SDKs may enable third parties to collect information directly from the App. For more information, please see our Cookie Policy.

1.3. When you contact us by email, we may also collect:

  • Contact information, such as your name and email address, and information relating to your communication.

2. How We Use Your Information

2.1. We do not use photographs or videos you provide when you use the Apps for any reason other than to provide you with the editing functionality of the Apps.

2.2. We may use information other than photographs and videos for the following purposes:

To operate and improve the Apps and the Site. We use your personal information to operate, maintain, and provide you with the Apps and the Site. In particular, we will use your personal information to perform our contractual obligations under our Terms of Use, such as to:

  • Enable you to use the Apps’ features and to visit the Site.
  • Communicate with you about the Apps, and the Site, including by sending you announcements, updates, and security alerts, which we may send through a push notification, and responding to your email requests, questions, and feedback.
  • Provide technical support and maintenance for the Apps.

To improve, monitor, and protect our Apps and the Site. It is in our legitimate business interests to improve and keep our services safe and secure for our users. We do this by:

  • Performing statistical analysis on aggregated data relating to the use of the Apps and Site (including through the use of third-party services).
  • Troubleshooting, testing, and researching.

To market and to promote our Services. We may use your personal information to understand where our App and Site traffic comes from to improve our marketing strategies and our promotional companies. It helps us to personalize our promotion offers and understand broader our Service audience behavior, offering a tailored experience. Where required under applicable law, we process your personal information based on your consent for these purposes, which you may withdraw at any time. Otherwise, we process your personal information for marketing and promotional purposes where it is in our legitimate interests to do so.

For compliance, fraud prevention, and safety. We may use and disclose the information we collect (such as device data and Apps usage information) where it is in our legitimate business interests to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Apps and Site; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity. We may disclose this information to government authorities and other third parties as required by applicable law. We cannot disclose the photos and videos that have been cached for processing as we do not store the encryption keys.

To create anonymous, aggregated, or de-identified data. We may create anonymous, aggregated, or de-identified data where it is in our legitimate business interests, and use and share it with third parties.

2.3. We will only process personal information on the basis of our legitimate interests where such interests are not overridden by your interests or your fundamental rights and freedoms.

2.4. We use cookies that are essential for FaceApp to function. We would also like to use cookies and similar technologies to store, access and process your information for analytics, troubleshooting, and marketing. With your consent, we and our third-party partners may use additional tracking technologies to enhance your user experience.

3. How We Share Your Information

3.1. We do not disclose user photographs or videos to third parties (with the exception of temporarily caching an encrypted version with our cloud providers, Google Cloud Platform and Amazon Web Services, to provide the photo and video editing features of the Apps). We cannot disclose the photos and videos cached for processing as we do not store the encryption keys.

3.2. We do not sell personal information. We may share your non-photograph and non-video information in the following circumstances:

Affiliates. We may share information we collect from you with our subsidiaries and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We may share your information with service providers that perform services on our behalf or help us operate the Apps (such as customer support, hosting, analytics, email delivery, marketing, and database management services). These third parties may use your information only as directed or authorized by us and in a manner consistent with this Privacy Policy and are prohibited from using or disclosing your information for any other purpose.

Third-party platforms and social media networks. You may select to post the edited photograph or edited video to your social media account. We do not control any third-party platform’s use of your information, which is governed by that third party’s privacy policy and terms and conditions.

Professional advisors. We may disclose your information to professional advisors, such as lawyers and auditors, where necessary in the course of the professional services that they render to us.

Business transfers. We may also transfer or assign your personal data in the course of corporate divestitures, consolidations, mergers, acquisition, reorganization or other transfers of assets, or in the event of bankruptcy or dissolution.

Compliance with law. We may be required to disclose your information to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities, or for the compliance, fraud prevention, and safety reasons described above. We do not have any access to your photos or videos as they are cached in encrypted format, and the key resides on the user’s device so we cannot disclose such content.

4. Your Choices

Opt out of push notifications. You may opt out of the push notifications we may send you by changing the settings on your mobile device.

Device permissions. You may revoke any permissions you previously granted to us, such as permission to access your camera, camera roll, or microphone through the settings on your mobile device.

Cloud processing. You may request that we remove your information, including the photographs and videos that are temporarily cached on Google Cloud Platform or Amazon Web Services, prior to the automatic 24 to 48 hours post-edit deletion time by clicking the “Request cloud data removal” button in the “Support” section of the Apps settings.

Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your jurisdiction, you may request the following in relation to your personal information:

  • Information about how we have collected and used your personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
  • Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
  • Correction of personal information that is inaccurate or out of date.
  • Deletion of personal information that we no longer need to provide the services or for other lawful purposes.
  • Additional rights, such as to object to and request that we restrict our use of your personal information.

To make a request, please email us at [email protected]. We may ask for specific information from you to help us confirm your identity. California residents can empower an “authorized agent” to submit requests on their behalf. We will require authorized agents to confirm their identity and authority, in accordance with applicable laws. You are entitled to exercise the rights described above free from discrimination.

If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. If you are in Europe, you can find your data protection regulator here. If you are in the United Kingdom, the Information Commissioner’s Office is the competent authority.

Choosing not to share your information. Where we need your information in order to provide the services to you or where we are required by law to collect your information, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with our services.

Limits on your choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below. Please note that we may require additional information in order to verify your identity and process your request.

5. Other Sites, Mobile Applications, and Services

The Apps may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications, or online services, and we are not responsible for their actions. Other websites, mobile applications, and online services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites, mobile applications, and online services you use.

6. Security Practices

We use commercially reasonable security practices to help keep the information collected through our services secure. However, FaceApp cannot guarantee the security of any information you provide, as bad actors, for example, may try to access, disclose, alter, or destroy your information.

Please do your part to help us. You are responsible for maintaining the confidentiality of your information, and for controlling access to communications between you and FaceApp, at all times. We are not responsible for the functionality, privacy, or security measures of any other organization.

7. Retention

We configure Google Cloud Platform and Amazon Web Services to delete photographs and videos, and the information associated with those photographs and videos, within 24 to 48 hours after the photograph or video was last edited using the Apps. This allows you to revisit photographs or videos to make additional modifications during that time.

With respect to non-photograph and non-video information that we may collect, we will retain such information only for as long as necessary to fulfill the purposes we have set out in this Privacy Policy unless a different retention period is permitted or required by applicable law. You may also ask that we delete your information using the “Request cloud data removal” option in the “Support” section of the Apps settings.

8. Cross-Border Data Transfers

If we transfer your personal information internationally, these countries may not provide the same protections as the data protection laws where you are based. Where we transfer information internationally, we:

  • Make sure the data transfer complies with applicable law; and
  • Make sure that the relevant safeguards are in place to afford adequate protection for your personal information.

We do this using a variety of protections, as appropriate for each data transfer. For example, we use:

  • Standard Contractual Clauses (or an alternative legal tool, such as the UK Government-approved International Data Transfer Agreement or Addendum) to require the third party to protect your data and to provide you with EU- and UK-level rights and protections;
  • Technical protections, such as automated deletion, encryption, and pseudonymization; and
  • Policies and processes to challenge disproportionate or unlawful government authority requests.

Note, our technical support team may also access your information, such as Apps usage information, in locations outside of your state, province, or country.

9. Children

We have a minimum ‘Age Limit.’ Our Apps and Site are not directed at children under the age of 13 years or whose age:

  • Makes it illegal to process their personal data; or
  • Requires parental consent to process their personal data.

We do not consciously collect data from subjects under the Age Limit. Please do not upload photos or videos of children under the Age Limit, unless you are their parent or guardian. If you are under the Age Limit, do not use our Apps or Site. If you are a parent or the guardian of a person under the Age Limit, please do not allow such person to use our Apps or Site.

If you believe that we have received personal data from a child under the Age Limit, please contact us at [email protected].

10. Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy and posting it on the Apps and Site. We may, and if required by law will, provide notification of changes in another way that we believe is reasonably likely to reach you, such as through the Apps.

Any modifications to this Privacy Policy will be effective upon our posting the new terms to the Site and/or upon implementation of the new changes on the Apps and Site (or as otherwise indicated at the time of posting). In all cases, your continued use of our services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.

11. How to Contact Us

FaceApp Technology Limited is the entity responsible for the processing of your personal information, and is the data controller in respect of such processing.

If you have any questions about FaceApp, or any concerns regarding your privacy, you can contact us at: [email protected].

If you have any questions regarding this Privacy Policy, or if you wish to make a complaint about how your personal data is being processed by FaceApp, you can contact our Data Protection Officer (“DPO”) at [email protected].

You may also write to us via postal mail at:

FaceApp Technology Limited
Attn: Privacy Manager
28th October Ave 319a
8th Floor - Office 801A
Limassol, 3105
Cyprus

12. UK Representative Contact Information

For users in the United Kingdom, VeraSafe has been appointed as FaceApp’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the UK General Data Protection Regulation. VeraSafe can be contacted only on matters related to the processing of personal data or data protection.

To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.

Please do not contact VeraSafe for customer service inquiries or issues unrelated to data protection.

Alternatively, VeraSafe can be contacted at:

VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom