Privacy Policy

Last updated: October 17, 2025

BlurFaces helps you hide faces and other sensitive details in photos. We design for privacy from the start: detection and blurring run on your device in your browser. Original photos are never uploaded to our servers.

What We Process

• On‑device only: Face detection and blurring happen locally in your browser. Originals never leave your device.
• Blurred outputs: If you create a ShareLink, only the blurred result (or a pointer to it) is stored, and only for 24 hours.

ShareLinks (24 hours)

When you opt in to a ShareLink, we store a short token and a pointer to the blurred image. Links auto‑expire after 24 hours, and we schedule deletion. We do not store original images, face coordinates, or embeddings.

Payments

We use Stripe Checkout to process payments. Stripe acts as our payment processor and may handle limited personal and payment information under its own policies. We do not store customer personal information on our servers.

Telemetry

Any analytics are optional and aggregate‑only (e.g., feature usage counts). We do not create per‑user profiles. You can use BlurFaces without analytics.

Cookies & Storage

• No tracking cookies.
• We may store a short‑lived entitlement token in your browser after purchase to unlock features.

Data Retention

• ShareLinks: blurred assets and metadata auto‑expire after 24 hours.
• Server logs: minimal and aggregate only; no originals or biometric data.

Your Rights

If you have questions or requests about your data, contact us at support@blurfaces.org.

Changes

We may update this policy as the product evolves. We will update the date above and, when material, highlight changes in‑app.