Privacy Policy

This Privacy Policy describes how Phossil AI ("we," "us," or "our") collects, uses, and discloses information, and what choices you have with respect to the information. By using our Services, you agree to the Terms of Service and this Privacy Policy.

1. Information We Collect

A. Information You Provide Directly

• Account Information: When you create an account, we collect your email address, name, and password.
• Payment Information: If you subscribe to a paid plan, our third-party payment processor collects your financial information. We do not store full credit card numbers on our servers.
• User Content (Your Photos): We collect and store the photographs and images you upload to the Service ("User Content"), along with any associated metadata (such as existing filenames).

B. Information Generated by AI Processing (Biometric Data)

To group photos by person and to estimate when a photo was taken, Phossil works with face data. Depending on the feature and your settings, this happens in one or both of the following ways:

• On your device (People feature): When you turn on People, Phossil looks for faces in your photos directly on your device (on-device face detection) and shows a box around each one so you can tag and name the people yourself. Phossil does not create a face map on your device. What stays on your device is the grouping you create (which photos belong to which person).
• On our servers (facial recognition service, being retired): Some face grouping is performed by a secured server-side facial recognition service (see Section 4). Where this applies, a facial template derived from your photos is stored in a private, account-scoped face index so the same person can be matched across photos. This data may be considered biometric information under certain laws. We are moving this processing onto your device and retiring the server-side version. Until that move is complete for your account, the retention and deletion terms in Section 5 apply to any server-side facial templates.
• Visual Metadata: Our AI analyzes images for visual cues (such as clothing styles, photo texture, or film type) to estimate the date the photo was taken.

2. How We Use Artificial Intelligence

This is crucial: We use AI technologies solely to provide the Phossil AI service to you and your invited family members.

• We use facial embeddings to group your photos by person within your private account.
• We use generative AI models to create "Live Photo" animations upon your request.

We do NOT use your User Content or Facial Embeddings to train general-purpose, public artificial intelligence models. Your data remains isolated within your account's scope.

3. How We Use Your Information

We use the collected information to:

• Provide, maintain, and improve the Service.
• Process your transactions.
• Send you technical notices, updates, security alerts, and support messages.
• Respond to your comments and questions and provide customer service.

4. How We Share Your Information

We are not in the business of selling your data. We do not share your personal information or User Content with third parties for marketing or advertising purposes.

We only share information in the following limited circumstances:

• Service Providers: We may share information with third-party vendors who need access to perform services for us. These partners are strictly prohibited from using your data for any purpose other than providing these services to us. Our service providers include:
  • Cloud Infrastructure: Industry-standard secure cloud providers for hosting and storage
  • Payment Processing: Stripe
  • AI Processing: Amazon Web Services (facial recognition), Google Cloud Platform (photo analysis), Replicate (video generation)

  Our AI processing partners process your photos solely to provide the Service. Per their enterprise data policies, they do not use your content to train their models and do not retain your data beyond the processing request.

• Legal Requirements: We may disclose information if required to do so by law or in the good faith belief that such action is necessary to comply with legal obligations or protect the safety of any person.

5. Data Retention and Security

We retain your User Content for as long as your account is active. Phossil does not create face maps on your device, so there are none to retain there. Any server-side facial templates and the groupings you produce are retained as described below. We employ industry-standard security measures designed to protect your information from unauthorized access, including:

• Encryption: All data is encrypted at rest and in transit using TLS 1.2+ and AES-256 encryption standards.
• Access Controls: Biometric data access is restricted to automated systems; human access requires explicit authorization and is logged.
• Secure Infrastructure: We use enterprise-grade cloud providers with SOC 2 Type II compliance.

However, no internet transmission or electronic storage method is 100% secure, and we cannot guarantee absolute security.

Biometric Data Retention Policy

Phossil does not create face maps on your device, so there are none stored there. For the photo groupings you create on your device, and for any facial templates held by the server-side facial recognition service (being retired), our retention and destruction schedule is:

• When you forget a person or turn off People: We remove the affected face groupings, and your device clears its local face data, when you use Forget or turn off People in Settings.
• When you delete a photo: Any face data associated with that photo is removed.
• When you delete your account: Your User Content, face groupings, and any server-side facial templates are permanently deleted from our active servers.
• Inactivity backstop: Face groupings and any server-side facial templates are automatically deleted when the purpose for them has been satisfied, or within 3 years of your last activity, whichever comes first.

We do not sell, lease, trade, or otherwise profit from your biometric data. Your face data is used solely to provide the face grouping feature within your private account and is never shared with third parties for commercial purposes.

6. Your Rights and Choices

• Access and Export: You may access and download your User Content at any time through the Service interface. You may also request a complete copy of your personal data, including the metadata and face groupings associated with your account, by contacting us.
• Data Portability: Upon request, we will provide your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) to facilitate transfer to another service.
• Deletion: You may use Forget or turn off People in Settings to remove your face data, delete photos individually, or delete your entire account via your account settings. When you delete your account, your User Content, face groupings, and any server-side facial templates are permanently deleted from our active servers within 30 days. You may also request deletion by contacting us directly.
• Withdraw Consent: You may withdraw your consent to biometric data processing at any time by deleting your photos or account. This does not affect the lawfulness of processing based on consent before its withdrawal.

7. Children

Our Service is intended for use by adults to archive family history. We do not knowingly collect personal information directly from children under 13. If you become aware that a child has provided us with personal information without parental consent, please contact us.

8. Changes to This Policy

We may change this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service to provide you the opportunity to review the changes before they become effective.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us.