Who we are
Remasked is the data controller for the personal data described in this policy. For privacy inquiries, contact us at support@remasked.com.
What we collect
Account information
Email address, subscription status, quota usage, and referral codes. If you sign up anonymously, we store only a session identifier until you create a full account.
Face photos (ephemeral)
Photos you upload for persona generation or face swapping. These are deleted immediately after processing completes. They are never written to long-term storage and are processed only by automated systems.
Face embedding (biometric data)
A mathematical vector derived from your uploaded photos during persona generation. This embedding is used to identify your face in future swap uploads. It is biometric data — stored encrypted at rest, never shared, and persists for the lifetime of your account.
Persona image (synthetic)
The AI-generated face image that serves as your persona. This is a synthetic image — it is not your real face, and we test it against your real face during generation to ensure it is biometrically distinct.
Swap outputs (temporary)
Face-swapped images are stored in temporary storage and automatically deleted after 7 days.
Cookies
We use strictly necessary cookies for authentication and session management. We do not use cookies for analytics, advertising, or tracking.
Legal basis for processing
We process your data on the following legal bases under the EU General Data Protection Regulation (GDPR):
- Explicit consent (Art. 6(1)(a) and Art. 9(2)(a)): processing of your face photos and storage of your biometric face embedding. Consent is obtained at signup through two distinct disclosures before you can upload any content.
- Contract performance (Art. 6(1)(b)): providing the Remasked service, managing your account, subscription, and quota.
- Legitimate interest (Art. 6(1)(f)): security, fraud prevention, and enforcing our Content Policy.
Biometric data and consent
Under GDPR Article 9 and the Illinois Biometric Information Privacy Act (BIPA), face embeddings are classified as biometric data. We process this data only with your explicit consent, obtained at signup through two distinct disclosures:
- Photo processing: your face photos are processed during persona generation. The photos are deleted immediately after.
- Embedding storage: the face embedding derived from your photos is stored persistently and used to identify your face in future swap uploads. It remains until you delete your account.
You must be 18 or older to use Remasked. Both consent items are required before you can upload any content.
How we use your data
- Generate your persona face from your uploaded photos
- Identify your face in swap uploads using your stored embedding
- Manage your account, subscription, and quota
- Send transactional emails (account confirmation, password reset)
- Detect and prevent prohibited content (see our Content Policy)
What we do NOT do with your data
- We do not train AI models on your data. Your photos and embeddings are never used to train or fine-tune any model. This is a standing policy, not subject to change without explicit re-consent.
- We do not sell, rent, or share your personal data with third parties for marketing purposes.
- We do not store your face photos beyond the immediate processing window.
- We do not log the content of your photos or the values of your face embedding.
Data retention
| Data type | Retention |
|---|---|
| Source photos | Deleted immediately after processing |
| Swap outputs | Auto-deleted after 7 days |
| Face embedding | Stored until account deletion |
| Persona image | Stored until account deletion |
| Account metadata | Stored until account deletion |
Upon account deletion, all personal data including biometric identifiers is permanently deleted from all systems within 30 days.
Third-party services
We use the following services to operate Remasked. Each processes data only as necessary to provide its function:
| Service | Purpose | Data processed |
|---|---|---|
| Supabase | Database, auth, file storage | Account data, embeddings, persona images, temporary uploads |
| Modal | GPU compute | Photos in transit (not stored), face embeddings in memory |
| Vercel | Web hosting | Standard web request logs |
| Paddle | Payment processing | Billing information (Paddle is the Merchant of Record) |
| Resend | Transactional email | Email address |
International data transfers
Your data is processed and stored in the United States by our third-party service providers. Where required, these transfers are governed by Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework to ensure an adequate level of data protection.
Security
- All data in transit is encrypted via HTTPS/TLS.
- Face embeddings and persona images are encrypted at rest.
- Row Level Security ensures users can only access their own data.
- Source photos use short-lived signed URLs — they are never publicly accessible.
In the event of a data breach, an attacker would find synthetic persona faces (not your real face) and encrypted embeddings (mathematical vectors, not photos). Your real face photos are not in our systems.
Your rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and all associated data
- Export your data in a portable format
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Withdraw consent for biometric data processing (this requires account deletion, as the embedding is essential to the service)
To exercise any of these rights, email support@remasked.com. Account deletion can also be done directly from your account settings — this permanently removes your persona image, face embedding, quota credits, referral codes, and email. No data is retained after deletion.
You also have the right to lodge a complaint with your local data protection supervisory authority.
Payments
Payments are processed by Paddle, our Merchant of Record. Your bank statement will show "PADDLE.NET" — the Remasked product name does not appear on bank statements. Email receipts and invoices from Paddle do reference Remasked.
Children
Remasked is not intended for anyone under 18. We do not knowingly collect data from minors. If we learn that a user is under 18, their account will be terminated and all data deleted immediately.
Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice in the app. Material changes to how we process biometric data will require your renewed consent.
Contact
For privacy questions or requests, email support@remasked.com.