Privacy Policy

Reclaim Privacy is the data controller for personal data processed through this service.

Contact: hello@reclaimprivacy.app

• Facial images — uploaded by you for the sole purpose of scanning the public web for matching images. Images are processed in-memory and are not stored on our servers after the scan completes.
• Email address — collected via Clerk when you create an account, used for authentication and service notifications.
• Payment information — processed by Stripe. We do not store or have access to card numbers or full payment details. Stripe provides us with a customer ID and subscription status only.
• Usage data — scan counts and session identifiers stored locally in your browser (localStorage/sessionStorage). We do not retain scan results on our servers.

Facial images constitute biometric data under UK GDPR Article 9. We process this data using AWS Rekognition solely to find matching or similar images on the public web.

Legal basis: Explicit consent given when you initiate a scan (Article 9(2)(a)). You may withdraw consent at any time by not uploading further images. Because images are not retained, there is no stored biometric data to delete.

Data minimisation: Images are downloaded to our servers temporarily during the scan (typically less than two minutes), processed by AWS Rekognition, then immediately discarded. We do not index, store, or profile facial geometry.

• Uploaded images: Not stored. Processed in-memory on our servers during the scan and discarded immediately after. No backups are taken.
• Scan results: Stored locally in your browser via localStorage. We do not retain scan results (URLs, match percentages) on our servers.
• Account data (email, name): Retained for as long as your account is active. You may request deletion at any time.
• Payment records: Retained by Stripe in accordance with their policies and applicable financial regulations.

We rely on the following sub-processors, each with their own GDPR-compliant data processing agreements:

• Clerk (clerk.com) — user authentication and account management. Processes email address and authentication tokens. Data may be stored in the US under Standard Contractual Clauses.
• Stripe (stripe.com) — payment processing. Processes payment card data and billing information. Operates under Standard Contractual Clauses for any US transfers. Stripe is PCI-DSS Level 1 certified.
• Amazon Web Services — Rekognition — face comparison service. We use the eu-north-1 (Stockholm) region. Images are transmitted to AWS for comparison and are not retained by AWS after the API call completes. AWS processes data under GDPR-compliant terms.
• SerpAPI — reverse image search. Receives the public URL of your uploaded image (a temporary Vercel Blob URL, valid for ~2 minutes) to perform a reverse image search. SerpAPI does not receive the image itself.

As a UK data subject, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate personal data.
• Right to erasure (Article 17) — request deletion of your personal data. As uploaded images are never stored, there is no biometric data to erase. Account data (email) can be deleted on request.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to withdraw consent — you may withdraw consent for biometric processing at any time by ceasing to use the scan feature.
• Right to object — object to processing of your personal data in certain circumstances.
• Right to lodge a complaint — you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email hello@reclaimprivacy.app. We will respond within 30 days.

To request deletion of your account and any associated personal data, email hello@reclaimprivacy.app with the subject line "Data Deletion Request". We will process your request within 30 days.

• AWS Rekognition: Processing occurs in the EU (Stockholm, eu-north-1). No transfer outside the EEA/UK.
• Clerk: May process data in the United States under Standard Contractual Clauses (SCCs).
• Stripe: May process data in the United States under Standard Contractual Clauses (SCCs).

We use essential cookies required for authentication (Clerk) and payments (Stripe). We do not use tracking, advertising, or analytics cookies.

Scan results, consent flags, and session state are stored in your browser's localStorage and sessionStorage. You can clear these at any time through your browser settings.

This service is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has used this service, please contact us at hello@reclaimprivacy.app.

We may update this Privacy Policy from time to time. For material changes, we will notify registered users by email. The current version is always available at this URL. Continued use of the service after changes constitutes acceptance.

Data controller: Reclaim Privacy
Email: hello@reclaimprivacy.app