Privacy Policy

Last updated: April 18, 2026

At CloudFace AI, we believe your personal photos and memories deserve the highest level of privacy and security. This Privacy Policy explains how we collect, use, store, protect, and handle your information when you use our website (cloudface-ai.com), our AI face recognition application, and related services.

We are committed to transparency. We never sell your data, and we use strong encryption to keep your photos safe.

1. Information We Collect

Account & Authentication Data

When you sign in with Google, we receive your email address, name, and profile picture. We use secure Google OAuth 2.0 with read-only Drive permissions.

Photos and Face Data

  • Photos you upload directly or from Google Drive (or other supported cloud storage).
  • Selfies or reference images used for searching.
  • Face embeddings (mathematical representations of faces) and basic metadata (file names, dates, folder info).

Usage & Technical Data

IP address, browser type, device information, search activity, error logs, and performance metrics for improving the service and security.

Payment Information

We do not store credit card details. Payments are processed securely by Razorpay. We keep basic billing and transaction records for accounting and GST compliance.

We do not collect phone numbers, full addresses, or create detailed user profiles beyond what is necessary.

2. How We Use Your Information

We use your data only to:

  • Provide and improve the AI face recognition service (detect faces, create embeddings, enable fast searches).
  • Enable smart caching and secure guest sharing features.
  • Process your searches and deliver accurate results.
  • Send important service notifications and support responses.
  • Maintain security, prevent fraud, and debug issues.
  • Comply with legal obligations.

We do not use your photos or face data to train external AI models or for advertising.

3. Data Storage and Encryption

To deliver fast, repeated searches and convenient features like guest galleries, we securely store your photos on our servers using AES-256 encryption with unique per-user keys.

Even we (the CloudFace AI team) cannot view or decrypt your original photos without your explicit permission. Face embeddings and metadata receive the same protection.

You can delete all your photos, embeddings, and account data at any time with one click from your dashboard. Once deleted, the data is permanently removed and cannot be recovered.

Photos from Google Drive are accessed with read-only permission. We process them securely and do not modify or delete anything in your Drive.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information or photos.

We share data only with:

  • Google (for OAuth and Drive access – read-only).
  • Razorpay (for payment processing).
  • Our hosting and security providers (under strict data processing agreements).

All third parties are contractually obligated to protect your data and use it only for the purpose we specify. We may disclose information if required by law (court order, government request) and will notify you where legally allowed.

5. Security Measures

  • AES-256 encryption for photos at rest.
  • TLS/SSL encryption for all data in transit.
  • Regular automated security scans (including OWASP ZAP) and ongoing vulnerability assessments.
  • Strict access controls – our team has no routine access to decrypted user photos.
  • Compliance with GDPR, CCPA, and India’s Digital Personal Data Protection (DPDP) Act & IT Act.

We are working toward SOC 2 readiness as we grow.

6. Your Rights and Choices

You have the right to:

  • Access your data.
  • Correct inaccurate information.
  • Request deletion of your photos and account (“Delete All My Data” button).
  • Withdraw consent (where applicable).
  • Export your face embeddings (stored as accessible files).
  • Revoke Google Drive access anytime via your Google Account settings.

To exercise these rights, contact us at support@cloudface-ai.com. We respond within 30 days (or sooner where required by law).

7. Children’s Privacy

Our service is not directed at children under 13 (or 16 in some regions). We do not knowingly collect data from children. If we learn we have collected such data, we will delete it promptly.

8. International Data Transfers

As an India-based service (Gurugram), your data may be processed in India and other countries where our providers operate. We ensure appropriate safeguards are in place.

9. Changes to This Privacy Policy

We may update this policy occasionally. We will notify you of material changes via email or prominent notice on our website. Continued use after changes means you accept the updated policy.

10. Contact Us

Elephic Technologies
E-2/22, Block E2, DLF Phase 1, Sector 26A, Gurugram, Haryana 122003, India

Email: support@cloudface-ai.com
Phone: +91 9718686723

For security-related concerns: security@cloudface-ai.com