Privacy Policy

1. Introduction

Unimpersonationable ("we," "our," or "us") operates a platform that protects people from deepfakes, unauthorized likeness use, and identity theft. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, including our web face scan tool, guardian enrollment, DMCA notice generator, Telegram Mini App, and LINE bot.

By using our services, you agree to this Privacy Policy. If you do not agree, please do not use our services.

Contact: admin@unimpersonationable.com

2. Data We Collect

We collect the following categories of personal data:

• Account data: Email address and subscription plan (if applicable).
• Payment data: Billing address and payment method (processed by Stripe; we do not store raw card numbers).
• Face scan photos (web): Before your photo leaves your device, your browser automatically tight-crops to your face and applies auto-levels (color/exposure correction). What gets uploaded is a 640px face crop — not your original photo. That crop is sent to public reverse-image search engines (Yandex, Bing, Google Lens, FaceCheck, and others) to locate matches. The crop transits a Cloudflare Worker proxy briefly to reach these engines and is not retained on our servers. The face embedding used for match verification is computed and stored in your browser's local cache (IndexedDB) — it never leaves your device. We do not maintain a server-side face index.
• Telegram Mini App scans: If you scan via our Telegram Mini App (t.me/UnimpersonationableBot/scan), no image of any kind leaves your device. The face embedding is computed in your browser using on-device ArcFace (WebGPU/WASM), and only a 512-dimensional vector — a list of numbers that cannot be reverse-engineered into your face — is sent to our server to look up matches in the existing collective face index. No reverse-image search engine is called, no third-party ML inference is invoked, and no image data is processed server-side at any stage.
• Guardian enrollment data: If you enroll for ongoing protection, we store your email address (for notifications) and your monitoring preferences. Your face embedding stays on your device; we use it locally during each scheduled scan and never transmit it to our servers.
• LINE bot images: If you use our LINE bot, images you send are downloaded temporarily, used to compute a face embedding, then immediately deleted. We do not store the original images, and the embedding is not retained server-side.
• Usage data: Page views, scan activity, IP address, browser type (collected via PostHog analytics).
• Communications: Messages you send us via contact forms or email.

3. How We Use Your Data

• To scan the web for unauthorized use of your likeness and return results to you.
• To provide ongoing guardian monitoring and alert you when matches are found.
• To generate DMCA takedown notices on your behalf.
• To process your subscription and send billing communications.
• To send service notifications and alerts you have opted into.
• To improve our detection accuracy (we never use your biometric data to train AI models).
• To comply with legal obligations.

4. Third-Party Services

We use the following third-party services to operate Unimpersonationable:

• Yandex — We perform reverse image searches via Yandex to find where your face appears online. Your face embedding is used to match results. Yandex image search is subject to Yandex's terms.
• Supabase — Database and authentication infrastructure.
• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Resend — Transactional email delivery.
• Vercel — Application hosting.
• PostHog — Usage analytics. You may opt out (see Cookies section below).
• Modal.com — Machine learning inference (face embedding computation). Processes data transiently; does not store your photos or embeddings.

We do not sell your data to any third party. We do not share your biometric data with any third party except as described above or as required by law. The only case where your information may be shared with external parties is when we include it in DMCA takedown notices sent to platforms hosting unauthorized content of you — and only with your explicit request.

5. Cookies and Analytics

We use strictly necessary cookies for authentication sessions. We use PostHog for usage analytics to understand how people use Unimpersonationable and to improve the service. You may opt out of PostHog tracking through our cookie banner or by contacting us. Your cookie preference is stored in localStorage.

6. Data Retention

• Face scan photos: Never stored. Processed in memory and discarded immediately after embedding computation.
• Face embeddings (guardian): Stored only in your browser's IndexedDB cache. Never transmitted to our servers. To clear them, clear your browser site data or sign out — they cannot be recovered by us because we never had them.
• Account data: Retained for the duration of your account plus 3 years, unless you request deletion.
• Billing data: Retained as required by tax and financial regulations (typically 7 years).
• Scan results and detection logs: Retained for 2 years to support evidence preservation.
• LINE bot images: Deleted immediately after processing. Never stored beyond the duration of the scan.

7. Your GDPR Rights

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

• Right of access (Art. 15): Request a copy of the personal data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate or incomplete data.
• Right to erasure (Art. 17): Request deletion of your personal data, including face embeddings.
• Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to restrict processing (Art. 18): Limit how we use your data in certain circumstances.
• Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
• Explicit consent for biometric data (Art. 9): We process biometric data only under your explicit prior consent. You may withdraw consent at any time by emailing admin@unimpersonationable.com.

To exercise any GDPR right, contact us at admin@unimpersonationable.com. We will respond within 30 days.

8. Your CCPA Rights (California) {#do-not-sell}

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to opt-out of sale or sharing: We do not sell your personal information. We do not share your biometric data with third parties for cross-context behavioral advertising.
• Right to non-discrimination: We will not discriminate against you for exercising CCPA rights.

To exercise any CCPA right, contact admin@unimpersonationable.com.

9. Your BIPA Rights (Illinois)

If you are an Illinois resident, the Illinois Biometric Information Privacy Act (BIPA), 740 ILCS 14, gives you specific rights regarding biometric data. We do not collect, store, or sell biometric data on our servers — face embeddings are computed and stored exclusively in your browser's IndexedDB cache (see §2). Because we never have your biometric data, there is nothing on our side to delete. You can clear it from your device by clearing your browser site data. Questions: admin@unimpersonationable.com.

10. Security

We take the security of your data seriously. Face embeddings never reach our servers — they are computed in your browser and stored only in your local IndexedDB cache. Original photos transit our infrastructure ephemerally during a scan and are never written to disk. Account data, scan history, and monitoring preferences that DO reach our servers are stored in encrypted databases with row-level security policies. Access to those systems is restricted to engineers with a documented business need.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (if you are a guardian enrollee) or by posting a notice on our website. Your continued use of Unimpersonationable after changes take effect constitutes acceptance of the updated policy.

12. Contact

For any privacy-related request or question, contact us at:

Email: admin@unimpersonationable.com