How FileSpin manages, secures and deletes Face Data
Data Collection and Storage
- Facial Embeddings: Our system uses facial embeddings. These are mathematical representations of facial features, not directly identifiable images.
- Temporary Storage: Embeddings are stored temporarily for processing and matching purposes only.
- Encryption: All facial data is encrypted at rest and in transit using industry-standard encryption protocols.
- Data Separation: Customer data is logically separated to prevent unauthorized access.
- Search Images: Input images provided for search are discarded when the search request completes. These images are not retained by the system.
Data Retention and Deletion
- Purging: Facial data is purged immediately upon a deletion API request.
- Asset Deletion: When an asset is deleted, all associated facial recognition data is immediately and permanently removed from our systems.
- Deletion APIs: We provide APIs for programmatic deletion of all Face data.
Security and Compliance
- Infrastructure: We use AWS infrastructure, which adheres to strict security standards and best practices.
- Independent Review: Our system has undergone a well-architected review by an independent, AWS-approved reviewer.
- Compliance: We comply with relevant data protection regulations (e.g., GDPR, CCPA) as applicable.
- Privacy Agreement: Our SaaS agreement includes comprehensive privacy clauses signed by all parties.
Transparency and Control
- Audit Logs: We maintain detailed logs of all data access and processing activities.
- Access Controls: Strict role-based access controls are in place to limit data access to authorized personnel only.
- Customer Control: You have control over when facial recognition is applied to assets and can request data deletion at any time.