Privacy Policy
Last updated: February 1, 2026
1. What We Collect
Biometric Data
When you upload a photo, Pheno processes facial geometry data including facial landmarks (68 points), facial proportions, symmetry measurements, and other geometric features. This data is classified as biometric information under BIPA (Illinois), CCPA (California), and PIPEDA (Canada).
This biometric data is used to generate your analysis report. We do not share biometric data with third parties. You may request deletion of your data at any time.
Analysis Results
Numerical scores, grades, and textual analysis results are retained for up to 90 days for free-tier users and indefinitely for paid users (until account deletion). These results contain no biometric identifiers and cannot be used to reconstruct your facial image.
Account Data
If you create an account: email address, hashed password, date of birth (for age verification), and jurisdiction (auto-detected from IP, overridable).
Payment Data
Payment processing is handled by Stripe and PayPal. We do not store credit card numbers. We retain transaction IDs and amounts for accounting purposes.
2. How We Use Your Data
- Generate facial analysis reports (sole purpose of biometric processing)
- Process payments
- Provide analysis history and progress tracking
- Comply with legal obligations
We do not sell, lease, trade, or profit from your biometric data.
3. Image Handling
Uploaded images are used to generate your analysis. We do not make specific guarantees about image retention periods. You may request deletion of your data at any time by contacting phenoface@proton.me.
4. Data Retention
| Data Type | Retention Period |
|---|---|
| Analysis results | 24 hours (free tier) / until deletion (paid) |
| Consent records | 3 years (legal requirement) |
| Payment records | 7 years (accounting requirement) |
| Deletion audit logs | 3 years (compliance) |
5. Your Rights
Depending on your jurisdiction, you have the right to:
- Access: Request a copy of your data
- Deletion: Request deletion of all your data
- Portability: Export your analysis results
- Withdraw consent: Revoke consent at any time
- Opt-out of sale: We do not sell data, but you may exercise this right
To exercise these rights, contact: phenoface@proton.me
6. Security
We implement industry-standard security measures including HTTPS encryption, secure server infrastructure, access controls, and regular security audits.
7. Third Parties
- Stripe: Payment processing (PCI DSS compliant)
- PayPal: Payment processing
- Cloudflare: CDN, DDoS protection, temporary image storage
- Fly.io: API hosting
- Supabase: Database hosting
We do not share biometric data with any third party.
8. Children
Pheno is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. If we discover data from a minor has been collected, it will be immediately deleted.
9. Contact
Privacy inquiries: phenoface@proton.me