Last updated: 10 June 2026 · Effective: 10 June 2026
This Privacy Policy explains how Eagle Vision, a product of
Golden Developer Technology Systems ("Eagle Vision", "we", "us", or "our"),
collects, uses, shares, and protects information in connection with our face recognition API,
website at facerecognitionapi.com, dashboard, and
related services (together, the "Services").
In short: We process the account details you give us and the images and
biometric templates handled through the API to provide the Services. When you use the API to
process other people's faces, you are the controller of that data and we act as your
processor. We use TLS 1.3 encryption, scoped tokens, and audit logs, and we never sell
personal data. You can delete enrolled faces at any time through the API or your dashboard.
1. Who we are & scope
Eagle Vision provides a face recognition REST API that lets developers and organisations enroll
and recognise faces in images. This policy applies to personal data we process through our
website, dashboard, account system, billing, and API.
It does not apply to third-party websites, products, or services that may link
to or integrate with the Services. Those are governed by their own privacy policies.
2. Our role: controller and processor
Because we operate a developer API, our role depends on the data in question:
We are the controller of the data relating to your account —
for example your name, email address, login credentials, billing records, and how you use
the dashboard and API.
We are a processor for the images and biometric data you submit through
the API to enroll or recognise other people. In that case you (our
customer) are the controller. You are responsible for having a lawful basis and any required
consent to collect and process those individuals' biometric data, and for honouring their
rights. We process that data only to provide the Services and on your instructions.
3. Information we collect
Account & contact data. Name, email address, and a securely hashed password when you register, and email-verification status.
Billing data. Plan, credit balance, and transaction records. Card payments are processed by our payment provider (Stripe); we do not store full card numbers on our servers.
Images & biometric data. The photos you upload or send to the API, and the numerical face templates ("embeddings") derived from them, together with any labels or metadata you attach (such as a person name or your own identifier).
Usage, device & log data. IP address, browser and device information, request timestamps, API endpoints used, and security/audit logs of actions taken in your account.
Cookies & analytics. Essential cookies needed to run the site and analytics data (see Cookies & analytics).
Support communications. Messages, support tickets, and their contents when you contact us.
4. How we use information
Provide, operate, and maintain the Services, including enrolling and recognising faces on your instruction.
Authenticate you, provision and manage scoped API tokens, and secure your account.
Process payments, manage credits, and send transactional emails (verification, receipts, service notices).
Monitor, prevent, and investigate fraud, abuse, and security incidents, and enforce our terms.
Provide customer support and respond to your requests.
Maintain audit logs and meet legal, accounting, and compliance obligations.
Understand and improve the performance and reliability of the Services.
5. Legal bases for processing (GDPR/UK GDPR)
Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:
Performance of a contract — to provide the Services you sign up for.
Legitimate interests — to secure, maintain, and improve the Services and prevent abuse, balanced against your rights.
Consent — where required, including for processing biometric (special category) data and for non-essential analytics. Consent can be withdrawn at any time.
Legal obligation — to comply with applicable laws, tax, and accounting requirements.
For biometric data submitted through the API, the lawful basis and any required consent from the
individuals concerned are the responsibility of the customer acting as controller (see
Section 2).
6. Biometric & face data
Face templates derived from images are biometric data and, in many jurisdictions, a special
category of personal data subject to stricter protection. We handle it accordingly:
We process face images and templates only to provide the recognition Services and on the customer's instructions — never to build advertising profiles, and we do not sell it.
Data is encrypted in transit (TLS 1.3) and access is restricted and logged.
You can delete any enrolled face at any time via the API or your dashboard. Deletion removes the associated template and stored image from active systems.
Customers using the API are responsible for obtaining any notices and consents their own laws require (for example BIPA in Illinois, or GDPR Article 9) before submitting other people's biometric data.
7. How we share information
We do not sell personal data. We share it only as needed to run the Services:
Service providers (sub-processors) who process data on our behalf under contract, including:
Stripe — payment processing.
Amazon Web Services — transactional email delivery and supporting infrastructure.
Google Analytics — website usage analytics.
Legal & safety — where required by law, legal process, or to protect the rights, property, or safety of Eagle Vision, our users, or the public.
Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.
8. International data transfers
We operate across the Middle East, Africa, and Europe (including Italy), and our service providers
may process data in other countries. Where personal data is transferred across borders, we put in
place appropriate safeguards, such as Standard Contractual Clauses, to protect it consistently with
this policy and applicable law.
9. Data retention
Account data is kept while your account is active and for as long as needed to provide the Services and meet legal, tax, and accounting obligations.
Images & biometric templates are retained until you delete them or close your account, after which they are removed from active systems. Backups are purged on a rolling cycle.
Logs & audit records are retained for a limited period for security and compliance, then deleted or anonymised.
10. Security
We use technical and organisational measures designed to protect personal data, including
TLS 1.3 encryption in transit, hashed credentials, scoped and revocable API tokens,
role-based access controls, and audit logging. No method of transmission or storage is completely
secure, but we work to protect your data and to respond promptly to any incident.
11. Your privacy rights
Depending on where you live, you may have the right to:
Access the personal data we hold about you;
Correct inaccurate or incomplete data;
Delete your data ("right to be forgotten");
Restrict or object to certain processing;
Receive your data in a portable format;
Withdraw consent where processing is based on consent; and
Lodge a complaint with your local data protection authority.
To exercise these rights, contact us using the details below. If your data was submitted to the
API by one of our customers (who acts as the controller), please direct your request to that
organisation; we will assist them as their processor. We do not sell personal information.
12. Cookies & analytics
We use strictly necessary cookies to operate the site (for example to keep you signed in) and
Google Analytics to understand how the site is used so we can improve it. You can control cookies
through your browser settings; blocking essential cookies may affect how the Services work.
13. Children's privacy
The Services are intended for businesses and developers and are not directed to children. We do
not knowingly collect personal data from children under 16. If you believe a child has provided
us personal data, please contact us and we will take appropriate steps to delete it.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated"
date above and, for material changes, take reasonable steps to notify you. Your continued use of
the Services after an update means you accept the revised policy.