Privacy Policy

Photoenroll.com (the “Service”) is operated by Unleavened LLC, a Delaware limited liability company with its principal place of business in New York (“we,” “us,” “our”). The Service uses facial recognition technology to help parents and guardians find photos of their children in galleries uploaded by camps, schools, photographers, and event hosts (each, a “Partner”).

For privacy questions, contact privacy@photoenroll.com or write to us at 138 Main Street, #1020, East Rockaway, NY 11518.

We collect only what we need to run the Service for you:

• Account data. Name, email address, optional phone number, and a password hash (for accounts using email/password). If you sign in with Google, we receive your Google account identifier and basic profile (name, email) per your Google permissions.
• Children information. The name and (optionally) date of birth of each child you enroll. Children do not have their own accounts and do not interact with the Service directly; all enrollment happens through your account.
• Reference photos. Photos you submit at enrollment so we can teach the matcher what an enrolled subject looks like.
• Face templates (biometric data). A mathematical representation (a 512-dimensional vector, also called an embedding) derived from your reference photos. The template is not a recognizable image and cannot be reversed into one.
• Enrollment gesture and consent recordings. A short video captured at enrollment showing the enrolling adult on camera and stating the consent phrase while a disclosure is visible on screen. This video serves three purposes: it sources reference frames, it documents identity, and it provides evidence of consent.
• Match records. When our pipeline detects an enrolled face in a Partner-uploaded photo, we store the photo reference, the matched subject, the similarity score, and the bounding box of the face within the image.
• Partner-uploaded photos. Photos uploaded by Partners to their galleries, processed by our matcher.
• Billing data. If you subscribe to Pro, our payment processor (Stripe) collects payment details on its own systems. We receive a customer identifier, subscription status, and the date your current period ends — we do not store your full card number.
• Operational metadata. IP address and user agent at consent and signup time (so the consent record is meaningful), request logs, error reports, and similar service telemetry.

• To run the matcher against Partner photo galleries you select.
• To send you notifications and digest emails when we find matches, per your settings.
• To document and retain the parental and biometric consent you give us, as required by BIPA, COPPA, and similar laws.
• To process payments for the Pro subscription via Stripe and to send transactional receipts and renewal notices.
• To prevent abuse, secure the Service, and respond to support requests.
• To comply with our legal obligations and respond to lawful requests.

We do not sell biometric information, and we do not use biometric data for advertising or third-party analytics. We do not sell personal information of children. We do not use face templates for any purpose other than matching against the Partner galleries you have opted into.

Partners (camps, schools, photographers, event hosts) never receive your reference photos, the consent video, or the face template. When the matcher identifies an enrolled subject in a photo a Partner uploaded, the Partner sees only that someone enrolled in Photoenroll has been matched in their gallery — they do not see the identity of that person unless you separately interact with them.

We share information only with the following categories of recipients:

• Service providers (sub-processors) that help us run the Service. As of the last-updated date these include: Amazon Web Services (cloud hosting, S3 storage, SES email); Stripe, Inc. (payment processing); and Google LLC (OAuth sign-in for accounts that choose it). Each sub-processor is bound by confidentiality and security obligations and may only use your data to provide its service to us.
• Additional recipients you designate. If you add a co-parent or grandparent as an additional email recipient in your account settings, we send them the match digests you authorize.
• Legal and safety. Government authorities, courts, or other parties when required by law, to enforce our Terms, or to protect the rights, property, or safety of users, the public, or us.
• Business transfers. If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will require any successor to honor this Privacy Policy or provide notice of material changes before applying them to your data.

We retain biometric data (face templates, reference photos, gesture-video frames not required as consent evidence) for the shorter of (a) the duration of your account or (b) three years from your last interaction with the Service. This matches the retention rules in the Illinois Biometric Information Privacy Act (BIPA) §15(a), which we apply to all users regardless of state.

The standalone consent recording and the consent-log entry documenting that consent was given are retained as evidence of consent for the longer of (a) three years from your last interaction or (b) the period required by applicable law, even after the biometric data they authorized is deleted.

Partner-uploaded photos are retained per the Partner's agreement with us and may be removed when a Partner ends its relationship with the Service.

We host biometric data and Partner photos in encrypted-at-rest cloud storage with access restricted to operational personnel. Reference photos, gesture videos, consent recordings, and Partner photos are not publicly accessible; URLs delivered to your browser are short-lived, signed URLs scoped to your session. Production access is limited and audited. No system is perfectly secure; we recommend you use a strong, unique password and keep your devices up to date.

You have the following rights with respect to your information:

• Access. Request a copy of the personal information we hold about you.
• Correction. Update your profile and your children's details from your account settings.
• Deletion. Delete your account and your enrolled children's biometric data at any time from the account settings page.
• Consent withdrawal. Withdraw biometric consent for yourself or any child you enrolled at any time; we will permanently delete the relevant templates and crops.
• Notification preferences. Disable match emails, add or remove additional recipients, and change other settings from your account.
• California, Colorado, Virginia, and other state-law rights. Where applicable state privacy law gives you additional rights (e.g., to know, to delete, to correct, to opt out of certain processing, and to non-discrimination for exercising rights), you may exercise them by contacting privacy@photoenroll.com.

To exercise these rights, use your account settings or email privacy@photoenroll.com. We may need to verify your identity before acting on certain requests, particularly those involving deletion or access.

Photoenroll knowingly collects and processes information about children under 13 only with the verifiable consent of a parent or legal guardian. Children do not have accounts and do not interact with the Service directly. See our Notice to Parents (COPPA + biometric data) for the disclosures, consent mechanism, and parental rights specific to children's data.

Photoenroll is operated from the United States and our service providers process data in the United States. If you access the Service from outside the United States, you understand that your information will be processed in the United States, which may have different data protection rules than your country.

We use a small number of cookies and similar technologies to keep you signed in, to remember your preferences, and to operate authentication and payment flows. We do not use third-party advertising cookies on the Service.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes we will notify registered users by email. Where applicable law requires renewed affirmative consent — including for changes to biometric processing — we will request it before applying the change.

Unleavened LLC, d/b/a Photoenroll.com
138 Main Street, #1020
East Rockaway, NY 11518
Email: privacy@photoenroll.com