Privacy Notice

deepface.dev is a product of Tech Local (Pty) Ltd (reg. no. 2025/315373/07), 18 Rosyth Road, Nahoon, East London, Eastern Cape, 5241, South Africa.

Privacy questions and data rights requests can be sent to hello@deepface.dev.

We act as the controller for account, billing, and website data. When you send face data to our API, we generally act as a processor on your behalf. You are responsible for determining a lawful basis to collect and submit that data and for meeting notice and consent requirements in your region.

For the public test studio on the marketing site, we act as the controller for preview access, quota enforcement, and abuse-prevention data used to protect the service.

Information Officer (POPIA): Troy Drummond, Head of Operations and Delivery, hello@deepface.dev.

• Account data: name, email, company, role, and authentication details.
• Billing data: billing address, tax information, PayFast payment status, and invoices (payment card data is processed by the payment provider, not stored by us).
• API content: face images, embeddings, vectors, labels, and metadata you submit for verification, embedding generation, or vector comparison.
• Usage data: request timestamps, endpoints, usage volume, latency, response size, and diagnostics for reliability and abuse prevention.
• Preview identity data: a signed tester identity cookie plus hashed IP and user-agent values used to enforce public preview limits and detect abuse.
• Support communications:messages you send to our team by email or chat.
• Consent preferences: your opt-in/opt-out settings for analytics tracking, session replay, product updates emails, and marketing emails.

• Provide the service: run verification, embedding, and vector comparison workflows (contract).
• Secure the platform: detect abuse, protect accounts, and maintain reliability (legitimate interests, legal obligations).
• Manage billing: process credit top-ups, invoices, payment reconciliation, and tax records (contract, legal obligations).
• Customer support: answer requests and troubleshoot issues (contract, legitimate interests).
• Product improvement:analytics and replay (enabled by default for authenticated users, and adjustable in account settings) to improve product quality and troubleshooting (consent/preference management).
• Marketing: according to your saved communication preferences (consent/preference management).

Face images and embeddings are biometric data in many jurisdictions. We process this data only on your instructions and do not use customer data to train models. You are responsible for obtaining any required notices, consents, or lawful bases before submitting face data to our API.

The same rule applies when you use the public test studio: submitted images are processed to return the requested result and to enforce preview-abuse controls, not to train models.

You control retention settings and deletion requests through the API or by contacting support. We will delete or return data according to your instructions and contractual terms.

We use a limited set of vendors for hosting, storage, authentication, payment processing, monitoring, and communications. They may process data on our behalf under confidentiality and data protection terms. We will update this notice as our subprocessors change and provide a list on request.

Our providers may process data in the regions where they operate, which can include the United States, the EU, and South Africa. Where required, we rely on safeguards such as Standard Contractual Clauses.

We keep personal data only as long as needed for the purposes described above. Account and billing records may be retained for legal or tax obligations. API content is retained based on your configuration and deletion requests. Signed preview identity cookies can remain on your device for up to 12 months unless you clear them earlier. Security and quota logs are retained for a limited period.

Depending on your location, you may request access, correction, deletion, restriction, or portability of your personal data. To exercise these rights, contact hello@deepface.dev.

Authenticated users can manage communication and telemetry consents in account settings. You can withdraw consent at any time, and we will apply the new preference to future processing.

For more information about our use of cookies, see our Cookie Policy.

We may update this notice as our services evolve. The effective date above reflects the latest version.