Privacy Policy
Last updated: April 5, 2026
1. How Your Photo Is Handled
Your photo is permanently deleted within 24 hours and never shared or used for any other purpose.
Step 1 — You upload your photo
Your photo is sent via TLS 1.3 encrypted connection to our servers hosted on AWS (us-east-1 region). It is never transmitted unencrypted.
Step 2 — Processing
Your photo is processed by AWS Rekognition (face detection, compliance checks) and our cropping/background removal pipeline. The original upload and processed result are stored temporarily in AWS S3.
Step 3 — Delivery
After payment, your compliant photo and print sheet are emailed to you via Resend. A download link is generated that expires after 24 hours.
Step 4 — Deletion
All photo files (original upload, processed versions, print sheets) are automatically deleted from S3 within 24 hours of payment. Download links also expire after 24 hours. This is enforced by an S3 lifecycle policy — it is automatic and cannot be overridden by us. After 24 hours, your photos do not exist on our servers in any form.
What we never do with your photos:
- Never use them to train AI or machine learning models
- Never share them with third parties (beyond AWS processing)
- Never sell, license, or monetize your photos
- Never retain them beyond the 24-hour window
- Never access them manually unless you contact support with a specific issue (and only within the 24-hour window)
2. What Data We Collect
Processed photo
After editing, the final cropped image is uploaded to AWS S3 for compliance checks and print-sheet generation. Stored temporarily — deleted within 24 hours.
Email address
Provided at checkout so we can deliver your photo. Not used for marketing unless you explicitly opt in.
Payment information
Processed by Stripe. We never see or store your card number, CVV, or billing details.
Document type selection
Used to apply the correct photo dimensions and compliance rules.
Analytics (PostHog)
Anonymous usage analytics to understand how the editor is used. No photos are sent to PostHog. No personally identifiable information is tracked. You can opt out by enabling "Do Not Track" in your browser.
3. How We Use Your Data
- Generate your compliant passport photo and print sheet
- Run compliance checks on the processed image
- Send your photo via email after payment
- Process your payment through Stripe
- Provide customer support if you contact us
We do not use your photos to train AI models, share them with third parties, or use them for any purpose other than delivering your order.
4. Data Retention
| Data | Retention | How deleted |
|---|---|---|
| Photos (original + processed) | 24 hours from payment | S3 lifecycle policy (automatic) |
| Download links | 24 hours from payment | Signed URL expiry (automatic) |
| Email address | 90 days | Manual deletion after support window |
| Order metadata | 90 days | Database cleanup job |
| Payment records | Per Stripe's policy | Managed by Stripe |
| Analytics | 90 days | PostHog auto-expiry |
After 90 days, the only record of your order that exists is in Stripe's payment system, which we are legally required to retain for tax and refund purposes.
5. Third-Party Services
AWS
S3 for temporary photo storage; Rekognition for face detection. Processed in us-east-1.
Stripe
Secure payment processing. PCI-DSS Level 1 compliant.
Resend
Email delivery of your photo files.
Cloudflare
Website hosting and CDN.
Anthropic (Claude)
Used for generating plain-English explanations when a compliance check fails. The cropped photo may be sent to Claude's Vision API for analysis. Anthropic does not use API inputs for training. See Anthropic's privacy policy: anthropic.com/privacy
PostHog
Anonymous product analytics. No photos, email addresses, or personally identifiable information are sent to PostHog.
7. Your Rights
For all users:
- Request deletion of your data at any time
- Request a copy of any data we hold about you
- Withdraw consent for data processing
For EU/EEA residents (GDPR):
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge a complaint with your local data protection authority
- Legal basis for processing: contract performance (delivering your photo order)
For California residents (CCPA):
- Right to know what personal information we collect
- Right to delete your personal information
- Right to opt out of the sale of personal information
- We do not sell your personal information
Since photos are automatically deleted within 24 hours, in most cases there is no photo data remaining by the time a request is made. Email support@photopass.ai for any data request and we will respond within 48 hours.
8. Security Measures
We do not store passwords because we do not have user accounts. We do not store payment card details because Stripe handles all payment processing.
9. Children's Privacy
PhotoPass does not knowingly collect personal information from children under 13. Passport photos of minors should be taken and submitted by a parent or legal guardian.
10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated “Last updated” date. Continued use of PhotoPass after changes constitutes acceptance of the revised policy.
11. Contact Us
For privacy-related questions or data requests, email support@photopass.ai and we'll respond within 48 hours.