Last Updated: June 2025 |
Effective Date: June 1, 2025
This Privacy Policy explains how Facewise collects, uses, stores, and protects your personal and
biometric information across all our platforms. Please read it carefully.
Biometric Data Notice:
Facewise processes facial biometric data (face embeddings/vectors). This is sensitive personal data under
Indian IT (Amendment) Act 2008 and SPDI Rules 2011. By using our services, you provide explicit informed
consent to such processing as described in this policy.
Facewise ("we," "our," or "us") is an AI-powered face recognition platform operating two distinct services:
Facewise Events (event.facewise.in) — An event photo identification platform that allows attendees to find
themselves in event photo albums using facial recognition.
Facewise Attendance (attendance.facewise.in) — A geo-fenced attendance management system for companies and
institutions using facial recognition for employee/member identification.
Our main website is located at facewise.in. This Privacy Policy applies to all three
domains and any associated mobile applications.
Name — First and last name for account registration
Email address — For account creation, login, and communication
Phone number — Optional, for account recovery and notifications
Organization/Company name — For Facewise Attendance business accounts
2.2 Biometric Data (Sensitive Personal Data)
Important: The following constitutes "sensitive personal data
or information" (SPDI) under Indian law and requires explicit informed consent.
Facial photographs — Images you upload for face recognition processing
Face embeddings / feature vectors — Mathematical numerical representations of facial geometry
derived from your photo (NOT the raw photo itself, after processing)
Liveness detection data — Data generated during anti-spoofing checks
2.3 Location Data (Facewise Attendance only)
GPS coordinates — Real-time location at the moment of attendance marking
Geo-fence zone data — Defined workplace boundaries configured by your employer/admin
2.4 Technical & Usage Data
IP address, browser type, device information
Pages visited, features used, timestamps
Error logs for technical troubleshooting
2.5 Data We Do NOT Collect
We do NOT collect financial information, payment card data, or banking details
We do NOT collect social media passwords or credentials
We do NOT build advertising profiles or sell your data to advertisers
3. How We Collect Your Data
Registration forms — When you create an account on any Facewise platform
Photo upload — When you upload a photo for event search or attendance registration
Camera / device — When you use our mobile-based attendance feature requiring real-time face
capture
Automatic collection — Technical data collected automatically when you use our services
(cookies, server logs)
From your employer (Facewise Attendance) — Your employer/HR may register your details on our
platform as part of their attendance setup
4. Why We Process Your Data (Legal Basis)
We process your personal data on the following legal grounds:
Explicit Consent — For all biometric data processing, we obtain your explicit, informed,
freely-given consent. You may withdraw this consent at any time.
Contract Performance — To provide the services you've signed up for (e.g., finding your event
photos, recording your attendance)
Legitimate Interests — For platform security, fraud prevention, and service improvement
Legal Obligation — Where required by applicable Indian laws
5. Biometric Data — Special Category Processing
This section is critical. Face recognition is a biometric technology. We treat biometric data
with the highest level of care.
5.1 How Biometric Data Works in Facewise
When you upload a photo, our AI system:
Detects and locates facial regions in the image
Generates a numerical "face embedding" — a unique mathematical vector representing facial geometry
Stores this embedding (NOT the original photo, in most processing steps) for matching purposes
Compares your embedding against stored embeddings in the event album or employee database
5.2 Storage of Biometric Data
Face embeddings are stored on encrypted servers located in India
Original uploaded photos are stored encrypted with AES-256 encryption
Biometric data is stored in isolated databases with access controls and audit logs
Biometric data is never stored in plain text
5.3 Consent for Biometric Processing
Before any biometric data is processed, we display a clear, plain-language consent notice explaining:
What biometric data will be collected
The specific purpose of collection
How long it will be retained
How to request deletion
You must actively check a consent checkbox to proceed. Pre-ticked boxes are not used.
5.4 Biometric Data — Facewise Events vs. Attendance
Facewise Events: Your face embedding is used only to match you against photos in the specific
event album you searched. It is not used for any other event or shared with other users.
Facewise Attendance: Your face embedding is stored by your company/institution for ongoing
attendance tracking. Your employer controls data access. Facewise acts as a data processor; your employer is the
data controller for this data.
6. How We Use Your Data
To provide our core services — Face-based photo search (Events) and attendance tracking
(Attendance)
Account management — Create and manage your user account
Security & fraud prevention — Detect and prevent unauthorized access, spoofing, and abuse
Service improvement — Analyze usage patterns to improve accuracy and user experience (using
anonymized or aggregated data)
Communications — Send service notifications, updates, and support responses
Legal compliance — Comply with applicable laws, regulations, and court orders
We do NOT use your data for:
Targeted advertising or behavioral profiling
Sale to third parties for any commercial purpose
Training AI models on identifiable biometric data without separate explicit consent
7. Data Sharing & Third Parties
7.1 We Do NOT Sell Your Data
Facewise does not sell, rent, or trade your personal or biometric information to any third party.
7.2 When We May Share Data
With your employer/event organizer — For Facewise Attendance, your company admin can view
your attendance records. For Events, organizers can see aggregated usage (not your identity).
Service providers (processors) — We use trusted third-party providers for cloud hosting,
email delivery, and analytics. All are bound by data processing agreements and confidentiality obligations.
Legal requirements — We may disclose data if required by law, court order, or government
authority under Indian law.
Business transfers — If Facewise is acquired or merged, your data may be transferred as part
of the business assets. You will be notified before your data is subject to a different privacy policy.
7.3 Third-Party Services Used
Cloud hosting (data stored in India)
Email delivery service for transactional emails
Analytics (using anonymized/aggregated data only)
8. Data Retention
8.1 Facewise Events
Your uploaded selfie: Deleted immediately after the face embedding is generated (unless you
request otherwise)
Your face embedding: Retained for 30 days after your last search in that event, then
automatically deleted
Matched photos: Available for download for 90 days after the event
Account data: Retained as long as your account is active. Deleted within 30 days of account
deletion request.
8.2 Facewise Attendance
Employee biometric data: Retained for the duration of employment or as configured by the
company admin. Deleted within 30 days of termination/removal from the system.
Attendance logs: Retained as required by your employer (typically 3-7 years for employment
records as per Indian labor laws)
GPS location data: Retained in attendance logs; not stored separately beyond the log entry
8.3 You Can Request Early Deletion
You may request deletion of your biometric data at any time by contacting us at [email protected]. We will process deletion requests within 30 days.
9. Security Measures
We implement industry-standard and beyond-standard security measures to protect your data:
Encryption at rest: All data stored using AES-256 encryption
Encryption in transit: All communications over HTTPS with TLS 1.2+ only
Access controls: Role-based access control (RBAC); biometric databases are accessible only to
authorized system components
Audit logs: All access to biometric data is logged with timestamps, user IDs, and IP
addresses
Liveness detection: Anti-spoofing checks to prevent photo-based fraud
Regular security audits: Periodic vulnerability assessments and penetration testing
Data minimization: We only collect and store what is strictly necessary for service delivery
Note: While we take all reasonable steps to protect
your data, no system is 100% secure. In the event of a data breach involving biometric data, we will notify
affected users within 72 hours as required by applicable law.
10. Your Rights
Under Indian IT Act, SPDI Rules, and applicable data protection principles, you have the following rights:
Right to Access: Request a copy of all personal/biometric data we hold about you
Right to Correction: Request correction of inaccurate personal data
Right to Deletion ("Right to be Forgotten"): Request deletion of your biometric data and
personal information
Right to Withdraw Consent: Withdraw consent to biometric processing at any time (this will
affect your ability to use face recognition features)
Right to Data Portability: Receive your data in a machine-readable format
Right to Object: Object to specific uses of your data
Right not to be subject to automated decisions: Request human review of decisions made solely
by automated processing
To exercise any of these rights, email us at [email protected] with
subject line "Data Rights Request — [Your Name]". We will respond within 30 days.
11. Cookies & Tracking
Our websites use the following types of cookies:
Essential cookies: Required for login sessions and core functionality. Cannot be disabled.
Analytics cookies: Help us understand how visitors use our site (using anonymized data). You
may opt out.
Preference cookies: Remember your language and UI preferences.
We do NOT use advertising or tracking cookies. We do NOT use Facebook Pixel or Google Ads tracking.
You can manage cookie preferences through your browser settings or our cookie consent dialog.
12. Children's Privacy
Facewise services are intended for users aged 13 years and above. For users aged 13–18,
parental or guardian consent is required before registering or uploading any biometric data.
For Facewise Attendance, if minors are enrolled (e.g., in a school), the institution is responsible for
obtaining appropriate parental consent as required by applicable law.
If we become aware that we have collected biometric data from a child under 13 without verifiable parental
consent, we will delete it immediately. Contact [email protected]
to report such a concern.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal
requirements. When we make material changes:
We will update the "Last Updated" date at the top of this policy
We will display a prominent notice on our website for 30 days
For changes to biometric data processing, we will send you an email notification and require re-consent before
the changes take effect
Your continued use of our services after the effective date constitutes acceptance of the updated policy.
14. Contact & Grievance Officer
For any privacy-related concerns, requests, or complaints, please contact us:
As per the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital
Media Ethics Code) Rules, 2021, we have designated a Grievance Officer to address complaints
related to data processing. You may contact the Grievance Officer at [email protected]. Complaints will be acknowledged within 24 hours and
resolved within 15 days.