Data Handling & Privacy Policy

How we protect your data and maintain privacy standards

Last updated: February 15, 2025

Our Data Philosophy

At MambaPanel, we built our tool on a firm commitment to privacy and minimal data collection. Our approach goes beyond mere compliance—we aim to set new standards for responsible data handling in facial recognition.

Our core principles:

  • No Biometric Storage: We don't keep databases of facial vectors, biometric data, or persistent face templates.
  • Links Only: We store links to online photos, never the photos themselves.
  • Memory-Only Processing: Face recognition happens in memory during searches, with no retention afterward.
  • Auto-Updates: When content disappears from source websites, corresponding links are automatically removed.

What We Store & Don't Store

What We NEVER Store:

What We DO Store:

Important Note: Our technology differs fundamentally from surveillance systems. We don't maintain a central facial recognition database that could identify people across searches. Each search runs independently without creating lasting biometric identifiers.

GDPR & Legal Compliance

As a New Zealand-based tool, we respect global privacy standards and implement technical and organizational measures to ensure compliance with applicable laws.

Our Compliance Approach:

  • Lawful Processing Basis: All data processing follows valid legal grounds.
  • Data Minimization: We collect and process only what's necessary to provide our services.
  • Purpose Limitation: Personal data gets processed only for specific, explicit, legitimate purposes.
  • Privacy by Design: Privacy considerations are built into all systems from the ground up.
  • Special Category Data: We don't process special category data.
  • Automated Decisions: Our service doesn't make automated decisions with legal or similarly significant effects.

Lawful Basis for Processing

Our processing activities mainly rely on these lawful bases:

  • Contractual Necessity: Processing needed to fulfill our contract with you for the face recognition search tool.
  • Legitimate Interests: Processing needed for our legitimate interests in running and improving our tool, unless overridden by your rights and freedoms.
  • Consent: Where needed, we get clear, specific consent for certain processing activities.

Your Data Rights

Under various privacy laws, you have several rights regarding your personal data. We honor these rights and make it easy for you to exercise them.

How to Exercise Your Rights: You can exercise any of these rights by:

We'll respond to all valid requests within one month. For complex cases, we might need up to two more months, but we'll let you know about any such extension.

Security Measures

We use strong security measures to protect your data from unauthorized access, change, disclosure, or destruction. Our security setup includes:

Security Commitment: While we use strong security measures, no digital system can guarantee total security. We keep evaluating and improving our security to tackle new threats.

Data Retention Policies

We keep different types of data for different periods, always sticking to the minimal data principle:

Automatic Deletion: Our systems automatically delete data when retention periods end. This runs continuously without needing manual work.

Data Removal Process

We offer multiple easy ways for you to remove your data from our system:

For Your Account Data:

For Face Removal:

Commitment to Removal: We honor all valid removal requests promptly and fully. There's no fee for data removal, and we make the process as simple as possible.

User Responsibilities

By using our service, you acknowledge and agree to the following responsibilities:

IMPORTANT: Users are solely responsible for ensuring their use of our service complies with all applicable laws in their jurisdiction and the jurisdiction of any individuals whose faces they upload.

By using our service, you represent and warrant that:

  • You have verified that your search complies with all applicable laws.
  • You are not uploading images from jurisdictions where such searches are restricted.
  • You have obtained any necessary consents or have another legal basis for your search.
  • You are using the service for legitimate purposes only.

Regional Restrictions

Our service has different availability and functionality depending on your location. Users must be aware of and comply with the following regional considerations:

NOTICE: Certain regions have specific regulations regarding facial recognition and biometric data processing. It is your responsibility to understand and comply with these regulations before using our service.

Important Regional Considerations:

Legal Disclaimer: We do not provide legal advice regarding the compliance of our service with the laws of specific jurisdictions. Users should consult with legal counsel before using our service for individuals from regions with strict biometric privacy laws.

Content Restrictions:

We have implemented technical measures to exclude certain categories of content from our system:

Key Terminology

For clarity in this policy, we define key terms as they apply to our service:

Face Recognition
The process of identifying or verifying a person from a digital image by analyzing facial patterns. In our service, this happens temporarily during searches without creating lasting biometric identifiers.
Biometric Data
Personal data from specific technical processing relating to physical characteristics of a person, which allow unique identification. We don't store biometric data.
Face Vectors
Mathematical representations of facial features used in recognition systems. Our service creates these temporarily in memory during searches and deletes them right after.
Public Image Links
URLs pointing to images publicly accessible online. We store these links, not the images.
Transient Processing
Data processing that happens temporarily without long-term storage. All biometric processing in our system is transient.
Data Minimization
The practice of limiting data collection to what's directly relevant and necessary for a specified purpose. This is a core principle of our approach.

Contact Information

If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact us:

We aim to respond to all valid inquiries promptly, typically within 1-3 business days. For formal data rights requests, we'll respond within the timeframes required by law.