Legal
How biometric processing works on the Platform
The most important fact
Face embeddings are computed and stored in your browser’s local IndexedDB cache. They never reach our servers.
Photos sent to our scanning infrastructure are auto-cropped to a 640px face crop in your browser before upload — we never see your original image. The crop transits a privacy-preserving proxy briefly to reach reverse-image search engines and is not retained on our servers.
The sections below describe how the rest of our biometric protections work. The most important fact is the one above: we don’t have your biometric data, because it never leaves your device. There is nothing on our side to sell, breach, lose, or surrender to a subpoena.
When you use our scanning and monitoring features, the Platform processes the following biometric identifiers locally in your browser:
No body-shape measurements, gait analysis, iris/retinal patterns, or other biometric identifiers are collected by the Platform.
The biometric processing described in §1 is used exclusivelyto scan public reverse-image search engines for unauthorized use of your likeness on your behalf, and to verify that scan results match the face you enrolled. We do not use biometric data — yours or anyone else's — to train AI models, build advertising profiles, or for any purpose other than protective monitoring. We do not sell biometric data under any circumstances.
Before the Platform begins any biometric processing — even local, browser-side processing — you provide freely given, specific, informed, and unambiguous prior consent through our in-app consent gate. You may withdraw consent at any time by clearing your browser's site data for unimpersonationable.com (which removes the local face embedding) or by emailing admin@unimpersonationable.com to delete your account-level data (email, monitoring preferences, scan history).
Illinois' Biometric Information Privacy Act regulates the collection, storage, and disclosure of biometric identifiers by a controller. Because we do not collect or store your biometric data on our servers (see preamble + §1), most BIPA obligations do not apply to us in the ordinary course of business — there is nothing on our side to retain or destroy.
For the limited cases where biometric data is processed transiently on our infrastructure (e.g., a brief embedding pass for face-quality gating), we apply BIPA-aligned principles: written-policy disclosure (this Notice), no sale or trade, no disclosure absent legal process, and immediate discard after computation.
For Texas residents, the Texas Capture or Use of Biometric Identifier (CUBI) Act (Tex. Bus. & Com. Code § 503.001) regulates the capture of biometric identifiers. The same architectural minimization that addresses BIPA addresses CUBI: we do not capture or store biometric identifiers on our servers, and we do not sell biometric data.
For Washington State residents, biometric data may constitute consumer health data under the Washington My Health MY Data Act. Because the Platform does not process biometric data on our servers, the statute's collection and disclosure obligations are not triggered by our infrastructure. You retain the right to withdraw authorization and request deletion of any account-level data (non-biometric) at any time.
Biometric data is a special category of personal data under GDPR Article 9. The Article 9(1) prohibition on processing applies to controllers who process biometric data — which is materially different from a software platform whose users process their own biometric data on their own devices using software the platform provides. Because the embedding never reaches our servers, we are not the controller of that processing in the GDPR sense.
For the non-biometric account data we do hold (email, scan history, monitoring preferences), you retain all rights under GDPR Articles 15–21, including access, rectification, erasure, restriction, portability, and objection. Contact admin@unimpersonationable.com to exercise any right.
Biometric data security is architectural, not procedural.The strongest guarantee we can give you is that we don't have your biometric data — we cannot leak, sell, lose, or be compelled to disclose what we do not hold. Account-level data we DO hold (email, monitoring preferences, scan history) is encrypted at rest using AES-256 and in transit using TLS 1.3, with access restricted to engineers with a documented business need.
We do not sell or share biometric data. The 640px face crop you upload during a scan transits a Cloudflare Worker proxy briefly to reach public reverse-image search engines (Yandex, Bing, Google Lens, FaceCheck). Those engines have their own terms and we have no control over their retention. We do not transmit your face embedding, name, account email, or any account-identifying information to those engines — only the conditioned image. Our database subprocessor (Supabase) does not store biometric embeddings.
Depending on your state or country of residence, you may have rights regarding biometric data. Most of those rights — particularly access and deletion — are self-executingon the Platform: clearing your browser's site data for unimpersonationable.com immediately removes any locally-stored embedding. To exercise rights regarding non-biometric account data:
Email: admin@unimpersonationable.com
Subject line: Biometric Data Request
We will verify your identity and respond within the timeframe required by applicable law (typically 30–45 days).
Because the face embedding lives in your browser's IndexedDB cache, removing it is something you do directly:
Either action removes the embedding from your device immediately. We cannot recover it because we never had it.