FaceMRI Privacy: Jan 2024

How the FaceMRI Windows and Mac applications handle privacy

Why Isn't FaceMRI on the Windows Store or Apple App Store?

FaceMRI is hosted on BackBlaze's fast and secure servers to ensure a quick and safe download experience. While both Windows and Apple stores require an ID to download applications, which tracks your downloads and account activity, FaceMRI prioritizes your privacy. We believe you shouldn't need an AppleID or WindowsID to access our software, avoiding unnecessary tracking from PC to PC.

Is FaceMRI Safe Without the Windows or Apple App Store?
Absolutely. The FaceMRI application for Mac undergoes a thorough review process by Apple. They scan and run the application to ensure it is secure, providing us with an installation certification that allows us to distribute it safely outside the App Store. Similarly, for Windows, we submit our app to Microsoft for scanning and certification, ensuring its safety.

This process ensures that the FaceMRI application is safe to use while giving you the freedom to download it without requiring an AppleID or WindowsID. Many well-known applications, such as Atom, Android Studio, Visual Studio, Spring Boot, Gimp, and GitHub Desktop, follow this approach, making it a common and trusted practice.

What Data is NOT Collected by FaceMRI

When you, the user explicitially installs the FaceMRI software onto your local computer no data is scanned or created or collected.
Nothing happens until the user 1. inputs data explicitly into the FaceMRI Application or 2. Gives the software application a command to search the Internet for People.
FaceMRI will scan the data you explicitly tell it to, and extract faces. The frames the facs are in are stored in the FaceMRI desktop application, and the embeddings of the Face.
This information is stored in the ../FaceMRI/ directory on the users machine where they installed FaceMRI software application.
None of that infomation 1.) images or 2) face embeddings are NOT sent to FaceMRI unless explicitly sent from the User to FaceMRI.
none of that information/data goes to a 3rd party either.
The FaceMRI software can be used Offline because no Information is sent from the software to FaceMRI or a 3rd party.
FaceMRI Software for Mac and Windows COLLECTS NO PII or Face Data period.
You own the data you process using FaceMRI desktop software.

What Data does FaceMRI Collect ?

We collect automatically, analytics data on the performance of the FaceMRI application, like crashes and crash reports.
We also collect information about what features are used the most or what features give the most crashes.
This data is anonymously sent to FaceMRI and is used to make features more robust but also fix bugs.
NO PII data, no faces, no images, no face embeddings, none of that is collected by FaceMRI.

GDPR Compliant

1. Definition of Personal Data

The GDPR defines personal data as any information related to an identified or identifiable natural person. This includes a wide range of information from names and email addresses to health information.

2. Principles Relating to Processing of Personal Data

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

3. Rights of the Data Subject

GDPR establishes several rights for EU citizens, including access to data, rectification, erasure (‘right to be forgotten’), and more.
FaceMRI Desktop Software Application, stores all the data locally on the device that the FaceMRI software application was installed. FaceMRI doesn't move the data from the users device. All of the users data is stored in the local folder of the installation machine at ../FaceMRI/

4. Consent

Consent must be freely given, specific, informed, and unambiguous. Consent withdrawal must be as easy as giving it.
There are sections or functions in the FaceMRI Desktop application, where come picture data can be sent to the Remote FaceMRI servers, all of these functions are being explicit user agreement mechanisms and all data that might flow out of FaceMRI into the Web is behind another set of User Agreements and Confirm Screens.

5. Data Protection by Design and by Default

Requires integration of data protection measures into processing activities from the outset and default settings that ensure maximum privacy.
FaceMRI by default can be used offline, so that no user information is is sent to any servers of other parties.
All user data is stored in the users local folder of '../FaceMRI/'

The Windows Application is scanned by the Windows Security Center before each release, this looks for security issues and virus that might be present in the application.
All errors are fixed and corrected before releasing the application.

The MAC application and is scanned, provision and signed by the Apple App Store Security Process.
All major issues are fixed before the software is released.

FaceMRI can search USB Keys, Harddrives etc for Faces. This is a feature that is activated , used and confirmed by the user before that scanning feature is started.
It will scan the removeable drive ( all files) and extract faces from them, partial copies of the files may also be made and stored on the installation machine where FaceMRI was installed.
None of that extraced data is sent to the web or third parties.

6. Data Breaches

Requires data controllers to notify of a personal data breach within 72 hours unless it is unlikely to result in a risk to the rights and freedoms of natural persons.
We are always adding extra privacy features with each release, some user may create an account with us, if there is a data break we will email you at that address.
So far there have been no data breaches that we are aware of.

7. Data Protection Officer (DPO)

Organizations must appoint a DPO if they process large amounts of sensitive data or monitor data subjects on a large scale.
FaceMRI at present doesn't handle large ammounts of data, since we don't handle user data.

8. Cross-Border Data Transfers

Transfers of personal data outside the EU are subject to strict conditions to ensure protection levels are not undermined.
All data is stored on the user local installation machine and nothing is transfered out of the machine via the FaceMRI software to the Internet or otherwise.
Unless specified explicitly by the user.

9. Record of Processing Activities

Organizations are required to keep detailed records of their data processing activities, including purposes of processing, data sharing, and retention.
FaceMRI in Europe doesn't process or collect any data, all ours servers are based in the US.

10. Penalties

Non-compliance can result in fines up to €20 million or 4% of the annual worldwide turnover, whichever is higher.

Biometric Data Rules in the US

In the United States, biometric data refers to unique physical characteristics or behavioral traits used for automated recognition of individuals. Examples include fingerprints, facial recognition data, iris or retina patterns, voiceprints, and DNA profiles, among others.

FaceMRI collects and stores facial recognition data on the users local installation machine in the form of 1. pictures and 2. vector embedding data

There is no comprehensive federal law specifically regulating the collection and use of biometric information in the U.S. Instead, several states have enacted their own laws governing biometric privacy. Key examples include:

Notable State Laws

  • Illinois Biometric Information Privacy Act (BIPA): Requires informed consent before collecting or disclosing individuals' biometric information and mandates a publicly available policy for the retention and destruction of biometric data.

    Any user who uses and installed FaceMRI software application can delete ALL OF THEIR DATA from the local installation machine by 1. pressing delete on any projects that created or 2. deleting the entire folder of ../FaceMRI/ in their OS home directory. NO DATA send to a 3rd party or the Internet unless explicitly requested by the user of the FaceMRI software.


  • Texas Capture or Use of Biometric Identifier Act: Prohibits capturing biometric identifiers for a commercial purpose without individual consent and sets requirements for the destruction of biometric identifiers.

    FaceMRI do not commercially or non commercialy use data you input into the FaceMRI desktop software. and we are NOT aware of what data the user inputs or uses.

  • Washington’s Biometric Identifiers Act: Requires consent before enrolling or storing biometric identifiers for a commercial purpose and emphasizes transparency in the use and sharing of biometric data.


    • Any user who uses and installed FaceMRI software application can delete ALL OF THEIR DATA from the local installation machine by 1. pressing delete on any projects that created or 2. deleting the entire folder of ../FaceMRI/ in their OS home directory. NO DATA send to a 3rd party or the Internet unless explicitly requested by the user of the FaceMRI software.



  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): Include biometric information within the definition of personal information, providing consumers with rights regarding their data.

    Any user who uses and installed FaceMRI software application can delete ALL OF THEIR DATA from the local installation machine by 1. pressing delete on any projects that created or 2. deleting the entire folder of ../FaceMRI/ in their OS home directory. NO DATA send to a 3rd party or the Internet unless explicitly requested by the user of the FaceMRI software.

Top