Privacy Policy & Data Security Audit

This isn't just a legal requirement. It's our core product philosophy. Here is exactly how we handle (and don't handle) your biometric data.

The Privacy First Manifesto

In an era where personal data is often treated as a currency to be mined, sold, and analyzed, facial data represents the most sensitive frontier. Your face is your identity. Unlike a password, you cannot reset your face if a database is breached.

Most "free" facial analysis tools operate on a cloud-based model: you upload your photo, it travels across the internet to a centralized server, an AI processes it, and the result is sent back. While this is easier to build, it creates massive privacy risks. That photo now exists on a server you don't control. It could be stored, used to train facial recognition algorithms, or sold to third-party data brokers.

SymmetryCheck rejects this model entirely.

We built our platform on a "Local-First" (or Client-Side) architecture. This means our application is essentially a downloaded program that runs inside your browser. Once the webpage loads, the code is on your device. When you open your camera or upload a photo, that data never leaves your computer or smartphone.

1. Data processing: The "Air Gap" Standard

We adhere to a strict standard of data isolation. Here is the technical breakdown of our processing pipeline:

Camera Feed Access

When you click "Start Camera," your browser (Chrome, Safari, Firefox, etc.) will ask for permission. This is a standard HTML5 API request (navigator.mediaDevices.getUserMedia).

  • Direct Stream: The video stream is piped directly from your camera hardare into the browser's memory (RAM).
  • Volatile Memory: This data exists only in volatile memory. It is not written to your hard drive, and it is certainly not transmitted over the network.
  • Sandboxed Execution: The analysis scripts run within the browser's security sandbox. They do not have access to your other files, contacts, or system data.

Photo Uploads

When you select a file to upload, it is read into the browser using the FileReader API.

  • No Server Upload: Contrary to the term "upload," the file is never sent to a remote server. It is simply loaded into the web page's memory space on your device.
  • Canvas Processing: We use the HTML5 Canvas API to manipulate the image pixels (flipping, overlaying lines) locally.

Proof of Privacy (The "Airplane Mode" Test)

You don't have to take our word for it. You can verify our claims with a simple test:

  1. Load the SymmetryCheck checker page.
  2. Turn off your Wi-Fi and disconnect from the internet (Airplane Mode).
  3. Use the tool. Upload a photo or start the camera (if your browser allows offline camera access).

The tool will continue to function perfectly. This proves physically that no internet connection is required for the analysis, and therefore, no data is being sent to a cloud server.

2. Data Retention Policy

Because we do not collect data, we have no data to retain. However, it is important to understand the lifecycle of the data on your own device:

Session-Only Existence: The images and video feeds exist only for the duration of your session.

Immediate Destruction: As soon as you:

  • Close the browser tab
  • Refresh the page
  • Navigate to a different URL
...the memory allocated for your images is instantly freed by your browser's garbage collector. We have no mechanism to recover, view, or save this data.

3. Analytics and Tracking

We differentiate between User Data (your face) and Usage Data (website statistics).

User Data: Zero collection.

Usage Data: We use Cloudflare Web Analytics to understand how many people visit our site and which pages are popular.

  • No Cookies: Cloudflare Web Analytics is designed to be privacy-preserving and does not require placing cookies on your device.
  • No Fingerprinting: It does not track your IP address or create a persistent user profile across the web.
  • Aggregate Only: We see data like "100 visitors viewed the Articles page." We cannot see "John Doe viewed the Articles page."

4. Third-Party Sharing

Since we do not collect any personal information, we have nothing to share, sell, or trade.

  • We do not sell data to advertisers.
  • We do not share data with insurance companies.
  • We do not share data with law enforcement agencies (because we don't have any).

5. Cookie Policy

SymmetryCheck is a cookie-free zone for the most part.

Functional Cookies: We do not verify accounts or have a login system, so we do not need authentication cookies.

Tracking Cookies: As mentioned, our analytics are cookie-less.

Local Storage: We may use your browser's "Local Storage" to save simple preference settings (like "Dark Mode" if implemented in the future). This data stays on your device and is never sent to us.

6. Children's Privacy

Our tools are general audience educational resources. However, protecting the privacy of children online is paramount.

Because of our architecture, we do not knowingly collect personal information from children under 13 (or any age), complying with the Children's Online Privacy Protection Act (COPPA). Parents can confidently allow their children to explore facial biology using our tools, knowing that no digital footprint of their child's face is being created on our servers.

7. Your Rights (GDPR, CCPA, & Global Privacy Laws)

While we are a small educational project, we align with the gold standard of global privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Right to Access: You can see all the data we have on you (which is nothing) by simply looking at your screen.

Right to Erasure ("Right to be Forgotten"): You do not need to ask us to delete your data. Simply closing the browser tab erases your session data instantly and permanently.

Right to Non-Discrimination: We do not offer financial incentives for data collection, nor do we deny service to users who employ privacy-blocking tools.

8. Security Measures

Even though we don't hold data, we secure the delivery of our code:

  • HTTPS Encryption: All traffic between your browser and our content delivery network (CDN) is encrypted using industry-standard TLS (Transport Layer Security). This prevents "Man-in-the-Middle" attacks where a bad actor might try to inject malicious code into the site.
  • Content Security Policy (CSP): We implement strict CSP headers to prevent Cross-Site Scripting (XSS) attacks, ensuring that only our valid, safe code runs in your browser.
  • Open Source Integrity: We use standard, audited open-source libraries for our UI and logic, keeping dependencies updated to patch any potential security vulnerabilities.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our technology or legal requirements. Since we do not collect email addresses, we cannot notify users individually of changes. We encourage you to review this page periodically. The "Last Updated" date at the top of the policy will indicate when the latest revisions were made.

However, our core promise will never change: We will never convert this tool into a data-harvesting platform.

Explore Our 10 Free AI Face Tools

Face Asymmetry Test Face Shape Detector Golden Ratio Calculator Age Guesser Eye Shape Analyzer Lip Shapes Analyzer Nose Shapes Analyzer Style Advice tool Virtual Makeup Face Dimensions Test Face Inverter