Data Handling & Privacy Policy

Our Data Philosophy

MambaPanel is built on a foundation of privacy by design and data minimization. We believe that powerful facial recognition technology and strict privacy protection can coexist. Our approach goes beyond regulatory requirements to set new standards for responsible biometric processing.

Core Principles

No permanent biometric storage • Memory-only processing • Automatic data deletion • Links not images • Privacy by design • Full transparency

Unlike traditional facial recognition systems that build permanent databases of facial identifiers, our technology operates fundamentally differently. We process faces temporarily in memory during searches without creating lasting biometric profiles that could be used for ongoing surveillance or identification.

Key Innovation: Our system separates the search functionality from permanent storage, allowing powerful face recognition while maintaining user privacy and avoiding the creation of invasive biometric databases.

Data Storage Policy

Understanding exactly what data we handle is crucial for your privacy. Here's our complete breakdown:

What We NEVER Store

Facial Vectors/Biometric Templates: No permanent mathematical representations of faces that could identify individuals
Uploaded Photos: Images you search with are processed in memory only and immediately deleted
Facial Feature Measurements: No geometric data, landmarks, or biometric identifiers are retained
Sensitive Personal Data: No racial, ethnic, religious, political, health, or genetic information
Search Target Images: We never store copies of the actual images found in search results

What We DO Store

Public Image URLs: Text links to publicly accessible images across the internet (not the images themselves)
Account Information: Username, email, account type, and subscription details for service delivery
Temporary Search History: Limited search logs in your dashboard (normally purged after 30 days)
System Logs: Anonymous technical data for service improvement and security monitoring
Payment Information: Billing data processed through secure third-party payment processors

Critical Distinction

Our technology fundamentally differs from surveillance systems. We index public content like a search engine but never create persistent biometric profiles. Each search operates independently without building permanent facial identification databases.

GDPR & Legal Compliance

As a global service, we implement comprehensive privacy protections that meet or exceed international standards including GDPR, CCPA, and other applicable privacy regulations.

Legal Framework

Lawful Processing Basis: All data processing follows valid legal grounds under applicable privacy laws
Data Minimization: We collect and process only data necessary for service delivery
Purpose Limitation: Personal data is processed only for specific, explicit, legitimate purposes
Privacy by Design: Privacy considerations are built into all systems from development
Special Category Protections: Enhanced safeguards for any processing that could impact privacy rights

Legal Basis for Processing:

Contractual Necessity: Processing required to provide our facial recognition search service
Legitimate Interests: Processing for service operation and improvement, balanced against user rights
Consent: Where required, we obtain clear, specific consent for certain processing activities
Public Interest: Indexing publicly available information for search functionality

Biometric Data Compliance

In jurisdictions with specific biometric privacy laws (like BIPA), our service avoids practices that would trigger these regulations by not collecting, storing, or maintaining persistent biometric identifiers or templates.

Your Data Rights

You have comprehensive rights regarding your personal data. We make it easy to exercise these rights through both automated tools and direct contact.

Right to Access

View all personal data we process about you, including data sources and processing purposes.

Right to Correction

Request correction of inaccurate personal data and completion of incomplete information.

Right to Erasure

Request deletion of your personal data under specific circumstances and legal grounds.

Right to Restrict

Limit the processing of your personal data in certain situations while maintaining minimal records.

Right to Portability

Receive your personal data in a structured, machine-readable format for transfer to other services.

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Security Measures

We implement comprehensive technical and organizational security measures to protect your data throughout its lifecycle in our systems.

Technical Safeguards

Transport Security: All data transmission protected by TLS 1.3 encryption with perfect forward secrecy
Data Encryption: Sensitive data encrypted at rest using AES-256 encryption standards
Access Controls: Multi-factor authentication and role-based access limiting data access to authorized personnel
Network Security: Firewalls, intrusion detection, and network segmentation protecting all systems
Monitoring Systems: 24/7 security monitoring with automated threat detection and response

Organizational Security:

Staff Training: Regular privacy and security training for all personnel with data access
Confidentiality Agreements: Legal obligations for all staff regarding data protection
Regular Audits: Independent security assessments and vulnerability testing
Incident Response: Documented procedures for security incident handling and notification
Continuous Improvement: Regular review and enhancement of security measures

Security Commitment

While we implement industry-leading security measures, no system can guarantee absolute security. We continuously evaluate and improve our security posture to address emerging threats and maintain the highest protection standards.

Data Removal Process

We provide multiple convenient methods for data removal, from account-level controls to comprehensive face removal from our entire system.

Account Data

Delete search history, modify personal information, or close your account entirely through dashboard controls.

Face Removal

Request removal of your face from our searchable database using our dedicated removal tool.

Automatic Cleanup

Automated systems continuously remove outdated data and clean up broken links to maintain data accuracy.

Face Removal Process:

Visit mambapanel.com/removeface
Complete the removal request form with accurate information
Upload verification photo (two fingers to chin pose)
Our system reviews and processes the request within 5-10 business days
Receive confirmation once removal is complete

Removal Commitment

We honor all legitimate removal requests promptly and completely. Face removal is permanent and affects our entire system. There are no fees for data removal, and we make the process as straightforward as possible.

Data Retention Periods:

Search History: Automatically deleted after 30 days
Account Data: Retained while account is active, deleted instantly after closure
System Logs: Retained for 20-120 days for security and troubleshooting
Public Links: Removed when search no longer exists

Contact and Support

For privacy-related questions, data requests, or concerns about our data handling practices:

Privacy Inquiries

General questions about data handling, privacy policies, and GDPR compliance

[email protected]

Face Removal

Request removal of your face from our searchable database

Remove My Face

Data Requests

Access, correction, or deletion of your personal data

Submit Request

Response Commitment

We respond to privacy inquiries within 1-3 business days and formal data rights requests within 30 days as required by applicable privacy laws.