FraMee
Privacy & data handling

Face data is sensitive.
We act like it.

We built this on the assumption that the person in the photo should always have more power than the person who took it. Here's how that translates into engineering decisions.

01

Selfies are deleted after the match

When a guest uploads a selfie, we use it only to compute a face embedding and find matching photos. The selfie is removed within minutes. We retain the match result, not the photo.

02

Face vectors are scoped to one event

Embeddings from event photos are tied to that event and the studio that uploaded it. They are never sold or used to train external models. The only account-level face data is the optional reference you can switch on yourself, described below.

03

We do not run identity lookup

We do not name faces or match against external databases. The system only answers one question: where does this guest appear in this one event?

04

Encrypted at rest and in transit

All photos and embeddings are encrypted. Access is scoped to studio accounts; guests never see another guest's match results.

05

Regional data residency

All photos, embeddings and event data are stored in the European Union (Google Cloud, europe-west1). We do not currently offer per-studio region selection — if you need your data pinned to another region, talk to us before your event.

06

Consent, by default

Guests are told what's happening before the camera opens. Galleries can be configured to require explicit consent for any guest under 16.

01

What we collect

  • Selfies uploaded by guests (deleted after match completes).
  • Face embeddings derived from the event’s photos, kept for that event so guests can search it. The embedding from a guest’s selfie is used for the match and then discarded — unless they opt in to keeping a reference (below).
  • The original gallery photos uploaded by the studio.
  • Basic device info (browser, viewport) for performance debugging.
  • An optional face reference, and only if you switch it on yourself. Off by default.
02

What we don't collect

  • Names of guests. We index faces, not identities.
  • Cross-event tracking of people who never asked for it. Unless you opt in to a face reference, each event stays its own boundary.
  • Any biometric data unrelated to the photographic match.
03

The optional face reference

  • Off by default. We keep no face signature for you unless you switch on "Keep my reference photo" in your account.
  • If you switch it on, we store one encrypted face signature on your account, so photos added later to events you have already searched can find you automatically and we can email you.
  • It is used only to match you within those events. It is never used to identify you by name, never shared, never sold, and never used to train models.
  • Switch it off, use "Forget my photos", or delete your account, and the signature is erased immediately.
04

Google Drive

  • If a studio connects a Google Drive folder, we read only that folder, and only to import the event photos in it. We never modify or delete anything in their Drive.
  • FraMee’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • Drive data is used solely to import and index that event’s photos. It is not sold, not used for advertising, and not used to train models.
  • A studio can disconnect Drive at any time from their account. We then stop reading it and delete the stored access token.
05

How to delete your data

From any event gallery, scroll to the footer and tap "Remove my data." We delete your match results, any face embeddings derived from your selfie, and your optional face reference within 24 hours. Couples can delete an entire event from the dashboard.

06

Contact

Questions, concerns, or requests: frameeabj@gmail.com. We answer within two business days.