Selfies are deleted after the match
When a guest uploads a selfie, we use it only to compute a face embedding and find matching photos. The selfie is removed within minutes. We retain the match result, not the photo.
We built this on the assumption that the person in the photo should always have more power than the person who took it. Here's how that translates into engineering decisions.
When a guest uploads a selfie, we use it only to compute a face embedding and find matching photos. The selfie is removed within minutes. We retain the match result, not the photo.
Embeddings from event photos are tied to that event and the studio that uploaded it. They are never sold or used to train external models. The only account-level face data is the optional reference you can switch on yourself, described below.
We do not name faces or match against external databases. The system only answers one question: where does this guest appear in this one event?
All photos and embeddings are encrypted. Access is scoped to studio accounts; guests never see another guest's match results.
All photos, embeddings and event data are stored in the European Union (Google Cloud, europe-west1). We do not currently offer per-studio region selection — if you need your data pinned to another region, talk to us before your event.
Guests are told what's happening before the camera opens. Galleries can be configured to require explicit consent for any guest under 16.
From any event gallery, scroll to the footer and tap "Remove my data." We delete your match results, any face embeddings derived from your selfie, and your optional face reference within 24 hours. Couples can delete an entire event from the dashboard.
Questions, concerns, or requests: frameeabj@gmail.com. We answer within two business days.