Privacy Notice

deepface.dev is a product of Tech Local (Pty) Ltd (reg. no. 2025/315373/07), 18 Rosyth Road, Nahoon, East London, Eastern Cape, 5241, South Africa.

Privacy questions and data rights requests can be sent to hello@deepface.dev.

We act as the controller for account, billing, and website data. When you send face data to our API, we generally act as a processor on your behalf. You are responsible for determining a lawful basis to collect and submit that data and for meeting notice and consent requirements in your region.

Information Officer (POPIA): Troy Drummond, Head of Operations and Delivery, hello@deepface.dev.

• Account data: name, email, company, role, and authentication details.
• Billing data: billing address, tax information, payment status, and invoices (payment card data is processed by our payment provider).
• API content: face images, embeddings, templates, labels, and metadata you submit for verification or identification.
• Usage data: request timestamps, endpoints, usage volume, and diagnostics for reliability and abuse prevention.
• Support communications:messages you send to our team by email or chat.

• Provide the service: run verification, identification, and enrollment workflows (contract).
• Secure the platform: detect abuse, protect accounts, and maintain reliability (legitimate interests, legal obligations).
• Customer support: answer requests and troubleshoot issues (contract, legitimate interests).
• Product improvement:aggregate usage insights and operational analytics (legitimate interests).
• Marketing: only if you opt in (consent).

Face images and embeddings are biometric data in many jurisdictions. We process this data only on your instructions and do not use customer data to train models. You are responsible for obtaining any required notices, consents, or lawful bases before submitting face data to our API.

You control retention settings and deletion requests through the API or by contacting support. We will delete or return data according to your instructions and contractual terms.

We use a limited set of vendors for hosting, storage, monitoring, and communications. They may process data on our behalf under confidentiality and data protection terms. We will update this notice as our subprocessors change and provide a list on request.

Our providers may process data in the regions where they operate, which can include the United States, the EU, and South Africa. Where required, we rely on safeguards such as Standard Contractual Clauses.

We keep personal data only as long as needed for the purposes described above. Account and billing records may be retained for legal or tax obligations. API content is retained based on your configuration and deletion requests. Security logs are retained for a limited period.

Depending on your location, you may request access, correction, deletion, restriction, or portability of your personal data. To exercise these rights, contact hello@deepface.dev.

For more information about our use of cookies, see our Cookie Policy.

We may update this notice as our services evolve. The effective date above reflects the latest version.