Privacy Policy

This Privacy Policy explains how WhoDoYouLookLike (“we”, “our”, “us”) handles personal information. We are committed to protecting your privacy and operate in full compliance with the European Union’s General Data Protection Regulation (GDPR). The statements below describe the data we collect, why we process it, how long we keep it, and the choices you can make.

Scope of this policy

This policy applies to all interactions with the WhoDoYouLookLike upload experience, including the submission of photographs, any supplemental information captured during the upload flow, and subsequent administrative review. It covers data that you actively provide as well as certain signals automatically generated by your browser or device while using our service.

Categories of data we collect

When you use the upload page, we collect or derive the following categories of information:

• Photographic content. Images you submit (face, upper body, full body) and the binary data required to store them securely.
• Image metadata. Details such as filenames, file sizes, MIME types, and metadata extracted from the images (for example, camera information, resolution, derived color statistics, or autogenerated hashes such as SHA-256).
• User-supplied context. Optional signals you include, such as notes about your submission, animal labels, or other information you decide to share.
• Fingerprinting and telemetry data. Browser-provided attributes and device fingerprints (including user agent strings, canvas/WebGL fingerprints, screen dimensions, locale, languages, performance metrics, and network characteristics).
• Network metadata. IP addresses, approximate geolocation derived from IP or voluntary inputs, and timing information associated with each submission event.

How we use your information

We process this information solely to operate, improve, and secure the WhoDoYouLookLike service. Typical uses include:

• Generating prototype results and improving the accuracy, fairness, and resilience of our matching algorithms.
• Diagnosing performance issues, monitoring platform stability, optimizing responsiveness across devices, and improving usability.
• Detecting suspicious behavior, preventing abuse, and maintaining the integrity of our systems.
• Conducting privacy and security reviews to ensure that new features stay compliant with GDPR and related data protection frameworks.
• Aggregating or anonymizing data to understand feature adoption and evaluate how the service is functioning in different environments.

Legal basis for processing

Our use of personal data is guided by the GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, and integrity. The specific legal bases we rely on are:

• Consent: You voluntarily choose to upload photographs and provide associated metadata. You may withdraw this consent at any time by contacting us (see the “Questions” section below).
• Legitimate interests: We have a legitimate interest in maintaining, improving, and securing the WhoDoYouLookLike experience so we can deliver an accurate, stable, and safe service to all users.
• Compliance obligations: We may need to retain certain records to satisfy applicable legal requirements, resolve disputes, or enforce our agreements and policies.

Your GDPR rights

As a data subject under the GDPR, you have the right to:

• Request access to personal data we hold about you.
• Request correction of inaccurate or incomplete personal data.
• Request erasure of personal data (often called the “right to be forgotten”) in situations where continued processing is no longer necessary.
• Restrict or object to certain types of processing, including profiling or automated decision making.
• Request data portability, allowing you to obtain a copy of your personal data in a structured, commonly used, machine-readable format.
• Withdraw consent for processing at any time without affecting the lawfulness of processing carried out before the withdrawal.

We honor these rights within the timelines specified by the GDPR. Verification steps may be required to protect your data from unauthorized access.

Data retention and deletion

We retain user-provided data only for as long as necessary to achieve the purposes described in this policy or to satisfy legal requirements. When data ceases to be relevant, we delete it or apply irreversible anonymization. Retention periods may vary depending on factors such as pending support requests, ongoing investigations, or statutory obligations.

Security practices

We implement technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These safeguards include access controls, encryption-in-transit, environment hardening, periodic security reviews, and staff training on data protection responsibilities. While no system can be guaranteed to be 100% secure, we actively monitor and improve our defenses to align with industry best practices.

International data transfers

WhoDoYouLookLike operates from multiple regions and may host infrastructure in jurisdictions outside your home country. Whenever personal data leaves the European Economic Area, we ensure that an appropriate transfer mechanism is in place (for example, Standard Contractual Clauses or equivalent safeguards) to maintain GDPR-level protection.

Use for service improvement

As part of our legitimate interests and your continued use of the service, user-provided data — including photographs, metadata, and fingerprint signals — may be reviewed, analyzed, or aggregated to enhance the quality, accuracy, and reliability of the site. This includes experimenting with new matching heuristics, refining performance, or training systems that reduce bias. Any such use adheres strictly to GDPR requirements, and we avoid any public disclosure of identifiable personal data without explicit permission.

Third-party access

We do not sell personal data. Limited, role-based access may be granted to trusted service providers who help us operate the platform (for example, cloud hosting or analytics providers). These partners are bound by contractual obligations to handle information securely and in compliance with GDPR.

Children’s data

The service is not intended for use by individuals under the age of 16. If we learn that we have inadvertently collected personal data from someone under this age without verifiable parental consent, we will take steps to delete that information promptly.

Policy updates

We may revise this Privacy Policy to reflect changes to our practices, regulatory requirements, or product roadmap. Significant updates will be communicated through the service. Continued use after a revision indicates acknowledgment of the updated terms.

Questions

If you have questions about this Privacy Policy, your data rights, or our privacy practices, please use the in-app support channels or the contact instructions provided through the WhoDoYouLookLike interface.

By continuing to use WhoDoYouLookLike, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.