Privacy Policy

Last updated: October 10, 2025

Effective Date: October 10, 2025

🔒 Our Privacy Commitment

CloudFace AI ("we," "our," or "us") is a product of Elephic Technologies. We are fundamentally committed to protecting your privacy. Unlike other photo apps, we do not create user profiles, collect phone numbers, or store your photos on our servers. This Privacy Policy explains our privacy-first approach and how we handle your data with complete transparency.

1. Information We Collect

1.1 Google Account Information (via OAuth)

When you sign in with Google, we collect:

  • Email address: To identify your account
  • Profile information: Name and profile picture (from Google)
  • OAuth tokens: Temporary access tokens to access your Google Drive (read-only)

Why we need this: Google OAuth provides secure authentication without requiring you to create a separate password.

1.2 Google Drive Access (Read-Only)

Scope requested: https://www.googleapis.com/auth/drive.readonly

What this allows us to do:

  • List files and folders in Drive folders you choose to share with us
  • Download photos temporarily for face detection processing
  • Read file metadata (name, size, type, creation date)

What we CANNOT do:

  • ❌ Modify, delete, or rename your Drive files
  • ❌ Access files you haven't explicitly shared
  • ❌ Upload or create new files in your Drive
  • ❌ Share your files with others

How we use it: When you paste a Google Drive folder URL, we use read-only access to temporarily download photos, detect faces, and create face embeddings. Original photos are immediately deleted from our servers after processing.

You control access: You can revoke our Drive access anytime through your Google Account settings at https://myaccount.google.com/permissions

1.3 Photos and Face Data

  • Selfie photos: For face search queries
  • Drive photos: Temporarily processed for face detection
  • Face embeddings: Mathematical representations of faces (512-dimensional vectors)
  • Photo metadata: File names, Drive IDs, folder references

Critical Privacy Feature: Face embeddings are stored in YOUR Google Drive, not on our servers. This means only you have access to your face data.

1.4 Payment Information

For paid subscriptions, we collect:

  • Payment method information (processed securely by Razorpay)
  • Billing information and transaction history
  • We do NOT store your credit card details - Razorpay handles all payment data securely
  • Transaction IDs and payment status for subscription management
  • Billing address for tax compliance (GST for Indian customers)

1.5 Usage and Analytics Data

  • Service usage statistics (searches performed, photos processed)
  • Technical logs (error logs, performance metrics)
  • Browser type and IP address (for security)

Note: We do NOT use tracking cookies or sell your data to advertisers.

⚡ What Makes CloudFace AI Different

  • 🔐 No User Profiles: We don't create accounts or profiles - just Google OAuth
  • 📱 No Phone Numbers: We never ask for your phone number or address
  • 🚫 Zero Photo Storage: Photos are processed in real-time and immediately deleted
  • 🔒 No Server Databases: Face embeddings stored in YOUR Google Drive, not our servers
  • Privacy by Design: We can't access your data even if we wanted to
  • 🎯 No Tracking or Ads: We don't track you or show advertisements

2. How We Use Your Information

2.1 Core Service Functionality

  • Face Recognition: Detect faces in your photos using AI
  • Face Search: Match your selfie against processed photos
  • Photo Organization: Help you find specific people in large photo collections
  • Results Delivery: Show you matching photos and provide download links

2.2 Service Improvement

  • Improve AI accuracy and performance
  • Fix bugs and technical issues
  • Develop new features based on user feedback

2.3 Communication

  • Send service-related notifications (payment confirmations, subscription renewals)
  • Respond to your support requests
  • Send important security or policy updates

Note: We do NOT send marketing emails without your explicit consent.

3. Data Processing & Retention

3.1 Photo Processing Workflow

  1. Upload: You paste a Google Drive folder URL or upload photos directly
  2. Download: We temporarily download photos to our servers (read-only Drive access)
  3. Process: AI detects faces and creates mathematical embeddings (512D vectors)
  4. Store Embeddings: Face embeddings saved to YOUR Google Drive (not our servers)
  5. Delete Photos: Original photos immediately deleted from our servers
  6. Search: When you upload a selfie, we match it against your stored embeddings

⏱️ Data Retention: Photos are retained in memory for less than 60 seconds during processing, then permanently deleted.

3.3 Payment Data Retention

  • Transaction Records: Kept for 7 years for tax compliance (GST requirements)
  • Subscription Data: Retained for active subscriptions, deleted after cancellation
  • Payment Method Info: Stored by Razorpay, not on our servers
  • Billing History: Available in your account dashboard, deleted with account

3.2 What We Store vs. What We Don't

We Store We DON'T Store
✅ Your email address ❌ Your photos (deleted immediately)
✅ Face embeddings (in YOUR Drive) ❌ Phone numbers or addresses
✅ Photo metadata (filenames, Drive IDs) ❌ User profiles or personal details
✅ Subscription status ❌ Browsing history or tracking data

4. Google Drive Permission - Detailed Explanation

4.1 Why We Need Google Drive Access

CloudFace AI helps you organize and search photos stored in your Google Drive. To provide this service, we need read-only access to:

  • See which files and folders you want us to process
  • Temporarily download photos for AI face detection
  • Read file metadata to organize results

4.2 What "Read-Only" Means

The drive.readonly permission gives us permission to:

  • View and download: Files in folders you explicitly share with us
  • List contents: See filenames and folder structure
  • Read metadata: File size, type, creation date

It does NOT allow us to:

  • ❌ Edit, modify, or delete your files
  • ❌ Create new files or folders
  • ❌ Share your files with anyone
  • ❌ Access files outside folders you specify

4.3 How We Protect Your Drive Data

  • Temporary Processing: Photos downloaded to RAM, processed, then immediately deleted
  • No Permanent Storage: We never save your photos to our databases or file systems
  • Encrypted Transfer: All Drive API calls use HTTPS/TLS encryption
  • Limited Access: Only files in folders you explicitly provide URLs for
  • Revocable: You can revoke access anytime from Google Account settings

4.4 Revoking Drive Access

You can revoke CloudFace AI's access to your Google Drive at any time:

  1. Go to Google Account Permissions
  2. Find "CloudFace AI" in the list
  3. Click "Remove Access"

Effect: CloudFace AI will no longer be able to access your Drive. Existing face embeddings in your Drive will remain until you delete them.

5. Data Security Measures

  • Encryption in Transit: All data transmitted using TLS/SSL encryption
  • Encryption at Rest: Face embeddings stored encrypted in your Google Drive
  • Secure Authentication: Google OAuth 2.0 (industry standard)
  • No Third-Party Access: We never share your data with advertisers or data brokers
  • Regular Security Audits: Continuous monitoring and updates
  • HTTPS Only: All connections are encrypted end-to-end

6. Data Sharing and Third Parties

6.1 We Do NOT Share Your Data

We do not sell, rent, or trade your personal information to anyone. Period.

6.2 Limited Third-Party Services

We use these trusted services (they do NOT receive your photos):

  • Google Cloud Platform: For OAuth authentication only
  • Firebase/Firestore: To store face embeddings in YOUR Google Drive
  • Razorpay: Payment processing (they see payment info only, not photos)

6.4 Razorpay Data Sharing

We share the following data with Razorpay for payment processing:

  • Transaction Details: Amount, currency, subscription plan
  • Customer Information: Email, billing address, phone number
  • Payment Method: Card details, UPI ID, bank account (processed securely by Razorpay)
  • Fraud Prevention: IP address, device information for security

What Razorpay Does NOT See: Your photos, face data, search history, or any personal content.

6.3 Legal Requirements

We may disclose information if required by law:

  • Valid court orders or subpoenas
  • Government investigations (with legal documentation)
  • Protection against fraud or security threats

Transparency commitment: We will notify you of any legal requests unless prohibited by law.

7. Your Privacy Rights

7.1 Right to Access

You can access all your data at any time. Your face embeddings are in your Google Drive.

7.2 Right to Deletion

You can delete your data:

  • Photos: Already deleted (we don't store them)
  • Face Embeddings: Delete from your Google Drive
  • Account: Contact support@cloudface-ai.com to delete your account

7.3 Right to Data Portability

Your face embeddings are stored in YOUR Google Drive as JSON files. You can download, export, or move them anytime.

7.4 Right to Revoke Permissions

Revoke Google Drive access anytime via Google Account Permissions.

8. Children's Privacy

CloudFace AI is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately at support@cloudface-ai.com.

9. International Users & GDPR Compliance

CloudFace AI is operated from India but serves users worldwide. We comply with:

  • GDPR (EU): European data protection regulations
  • CCPA (California): California privacy rights
  • India IT Act: Indian data protection laws

Data transfers: Minimal data crosses borders. Face embeddings stay in your Google Drive (your Google account region).

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date. Significant changes will be communicated via email or prominent notice in the app.

Your continued use of CloudFace AI after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@cloudface-ai.com

Business Address:
Elephic Technologies
E-2/22, Block E2, DLF Phase 1
Sector 26A, Gurugram, Haryana 122003
India

Phone: +91 9718686723 (Mon-Fri: 10:00 AM-5:30 PM IST)

Response Time: We aim to respond to all privacy inquiries within 48 hours.

💡 Privacy Summary (TL;DR)

  • ✅ We use Google OAuth for secure login (email + profile)
  • ✅ We need read-only Drive access to process your photos
  • ✅ Photos are processed in memory and immediately deleted (not stored)
  • ✅ Face embeddings saved in YOUR Google Drive (not our servers)
  • ✅ We don't collect phone numbers, addresses, or create user profiles
  • ✅ You can revoke access anytime
  • ✅ We don't sell your data or show ads
  • ✅ If you delete your Drive files, all your data is gone forever