Biometric Data Policy

This policy describes how Stately Vows handles biometric data, in compliance with the Illinois Biometric Information Privacy Act (BIPA, 740 ILCS 14/), the Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's biometric privacy statute, and the European General Data Protection Regulation Article 9 (special-category data).

1. What Biometric Data We May Process

When you upload a photograph to the Service, our AI partner (OpenAI) processes the photograph to generate a stylized portrait. During this processing, facial features of the persons depicted may be extracted as part of the AI's internal representation. We refer to this collectively as "biometric data."

We do not generate facial recognition templates that are used to identify you across photographs, sessions, or services. We do not maintain a database of facial geometry templates for identification purposes.

2. Purpose of Processing

We process biometric data for the sole purpose of generating the AI portraits you have specifically requested. We do not use biometric data for any of the following purposes:

• Training, fine-tuning, or improving AI models
• Identifying you across photographs, sessions, or services
• Selling or sharing with third parties for advertising or any other purpose
• Profiling, scoring, or any automated decision-making with legal effect

3. Retention & Destruction Schedule

Stately Vows does not store your reference photographs or any derived biometric data on its servers. We follow a data-minimization (pass-through) model: your photographs are processed transiently and never written to our persistent storage. Specifically:

• Before a photograph leaves your device it is resized and re-encoded in your browser, which removes embedded metadata (including any EXIF GPS location).
• The photograph is transmitted directly to OpenAI to generate your portrait. It is held only in memory for the duration of that request and is not saved to Stately Vows storage or databases, and not retained by us after the request completes.
• We do not create, store, or maintain facial-geometry templates or any biometric identifiers on our infrastructure.
• The AI-generated portrait outputs we deliver to you are not biometric data — they are stylized artistic renderings, stored in private access-controlled storage only when a signed-in user chooses to save them to their account.

OpenAI, our AI processing partner, applies its own data-retention policy to API-submitted data: as represented to us, API inputs are retained by OpenAI for a limited period (currently up to 30 days) for abuse monitoring and are then deleted. OpenAI's API data policy states that API-submitted data is not used to train its models. Because we do not retain your photographs, OpenAI's window is the only place a copy of a submitted photograph briefly exists, and it is outside our control.

4. Consent

We process biometric data only after obtaining your written consent, captured electronically via the pre-upload consent panel. By checking the biometric consent box and submitting photos, you provide your written release authorizing the processing described in this policy.

Illinois residents: this constitutes the written notice and release required by 740 ILCS 14/15(b).

Texas residents: this constitutes the informed consent required by Texas Business and Commerce Code §503.001.

5. Disclosure to Third Parties

We do not sell or trade biometric data. We disclose biometric data only to:

• OpenAI, solely for the purpose of generating your requested portraits
• Our hosting and infrastructure provider (Vercel, Supabase), incidental to operating the Service
• Government or judicial authorities pursuant to a valid legal demand

6. Security

We protect biometric data primarily through data minimization — by not persisting your reference photographs at all (Section 3), there is no stored biometric dataset to breach. For the data we do store (your saved AI portraits and account information), we use industry-standard safeguards including TLS encryption in transit, encryption at rest, restricted access controls, and audit logging.

7. Your Rights

You have the right to:

• Withdraw your consent and request immediate deletion of any biometric data we hold
• Receive confirmation of whether we hold biometric data about you
• Request that we provide a copy or description of biometric data we hold

To exercise these rights, sign in to your account and use the data deletion controls, or email nilehagen@gmail.com. Note that because we do not retain your reference photographs after processing (Section 3), in most cases there is no biometric data in our possession to delete; any copy briefly held by OpenAI ages out under their retention window described above.

8. Changes to This Policy

We may update this policy from time to time. We will post the updated policy on this page with a revised version. For material changes, we will obtain renewed consent from existing users where required by applicable law.

9. Contact

For biometric privacy questions or to exercise your rights, contact nilehagen@gmail.com.

See also: Privacy Policy · Terms of Service · Privacy Choices