← Back to home

Privacy Policy

Last updated: March 6, 2026

Overview

Faceflux is a product of Alter AI Studios. This policy explains what personal data we collect, how we use it, how long we keep it, and your rights regarding it. We believe in plain-language transparency — no hidden tracking, no selling your data.

What We Collect

  • Account information: Your email address and a securely hashed password (we never store your plain-text password).
  • Uploaded photos (Biometric data): Selfie images you upload to create your character for face-swap generation. These photos may contain biometric identifiers (your face). They are uploaded to our AI processing pipeline (fal.ai) and stored on their CDN.
  • Generated images: AI face-swap outputs created from your character photos. Stored temporarily for you to download.
  • Token & purchase history: Records of token purchases and generation usage. Payment details are handled entirely by Stripe — we never see or store your card number.
  • Usage data: Basic service analytics (feature usage, generation counts, errors) to improve Faceflux. No third-party advertising trackers.
  • Technical data: IP address, browser type, and device type for security and abuse prevention.

How We Use Your Data

  • To provide the service: Your uploaded photos are sent to our AI processing pipeline to create face-swapped images. This is the core function of Faceflux.
  • Account management: Your email is used for login, purchase confirmations, and important service communications.
  • Service improvement: Anonymized, aggregated usage data helps us improve generation quality and product features.
  • Security & abuse prevention: Technical data is used to detect and prevent unauthorized access, fraud, and violations of our Terms of Service.
  • Legal compliance: We may use or disclose data as required by applicable law or legal process.

Biometric Data (Illinois BIPA Notice)

If you are a resident of Illinois, please note that Faceflux collects and processes facial geometry data from your uploaded photos to perform face-swap generation. This constitutes “biometric identifiers” and “biometric information” under the Illinois Biometric Information Privacy Act (BIPA).

By creating an account and uploading photos, you explicitly consent to this collection and processing. Your biometric data is used solely to provide the face-swap service. We do not sell, lease, trade, or profit from your biometric data. We use contractually-secured third-party vendors (fal.ai) to process this data. Your biometric data will be deleted when you delete your character or account.

Third-Party Services

We rely on the following third-party providers to operate Faceflux:

  • fal.ai — AI image processing and CDN storage for uploaded photos and generated images. Subject to fal.ai’s privacy policy.
  • Stripe — Payment processing. We never store your card information. Subject to Stripe’s privacy policy.
  • Resend — Transactional emails (purchase confirmations, account notifications).
  • Vercel — Frontend website hosting. Subject to Vercel’s privacy policy.
  • Railway — Backend API hosting.

Data Storage & Retention

  • Uploaded photos: Stored on fal.ai’s CDN. Retained as long as your character exists. Deleted when you delete your character or account.
  • Generated images: Accessible via temporary download links. We do not retain generated images indefinitely in our database.
  • Account data: Retained as long as your account is active. Deleted within 30 days of a valid account deletion request.
  • Payment records: Retained for 7 years as required by accounting and tax law, as processed and stored by Stripe.

Your Rights & Choices

You have the right to:

  • Delete your photos — Remove uploaded selfies from your account at any time through the characters dashboard.
  • Delete your account — Request full account deletion by emailing us. We will delete your data within 30 days.
  • Access your data — Request a copy of the personal data we hold about you.
  • Correct your data — Contact us to update or correct your account information.
  • Opt out of non-essential communications — Unsubscribe from marketing emails at any time. Transactional emails (purchase receipts, security alerts) cannot be opted out of.

To exercise any of these rights, email support@faceflux.ai.

Cookies & Authentication

We use authentication tokens (stored as browser cookies and/or local storage) solely to keep you logged in. We do not use third-party advertising or tracking cookies. We do not use Google Analytics, Facebook Pixel, or similar advertising trackers.

Children’s Privacy

Faceflux is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has created an account, please contact us at support@faceflux.ai and we will delete the account promptly.

GDPR (European Users)

If you are in the European Economic Area (EEA), you have rights under the GDPR:

  • Right to access, rectify, or erase your personal data
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local data protection authority

Our legal basis for processing your data is: consent (account creation and photo upload), contract performance (providing the service), and legitimate interests (service security and improvement). We do not transfer your personal data to third countries without appropriate safeguards.

CCPA (California Users)

If you are a California resident, you have rights under the CCPA/CPRA:

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to delete your personal information
  • Right to correct inaccurate personal information
  • Right to opt-out of the sale or sharing of your personal information — We do not sell or share your personal information with third parties for their marketing purposes.
  • Right to non-discrimination for exercising your privacy rights

Data Security

We use industry-standard security practices including TLS encryption for all data in transit, bcrypt password hashing, and contractually secured third-party providers. No internet transmission or storage system is perfectly secure, but we take reasonable and appropriate technical measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email and/or a notice within the service. The “Last updated” date at the top of this page reflects when the policy was most recently revised. Continued use of Faceflux after changes take effect constitutes acceptance.

Contact & Data Controller

Questions about your privacy or data? Contact us at: support@faceflux.ai
Data Controller: Alter AI Studios, Los Angeles, CA, USA