Data Handling & Privacy Policy
How we protect your data and maintain privacy standards
Last updated: February 15, 2025
Our Data Philosophy
At MambaPanel, we built our tool on a firm commitment to privacy and minimal data collection. Our approach goes beyond mere compliance—we aim to set new standards for responsible data handling in facial recognition.
Our core principles:
- No Biometric Storage: We don't keep databases of facial vectors, biometric data, or persistent face templates.
- Links Only: We store links to online photos, never the photos themselves.
- Memory-Only Processing: Face recognition happens in memory during searches, with no retention afterward.
- Auto-Updates: When content disappears from source websites, corresponding links are automatically removed.
What We Store & Don't Store
What We NEVER Store:
- Facial Vectors/Biometric Templates: We maintain no database of facial vectors, biometric data, or persistent templates that could identify individuals.
- Uploaded Photos: Photos you upload for searching get processed in memory and deleted right after. We never keep them on our servers.
- Feature Measurements: We don't keep facial measurements, features, or biometric identifiers that could link to a person.
- Sensitive Personal Data: We don't collect or store racial/ethnic data, political views, religious beliefs, genetic information, or health data.
What We DO Store:
- Public Image Links: We store URLs to publicly accessible images. Just text links, not the images.
- Temporary Search History: Limited search history stays in your dashboard temporarily but gets purged during maintenance.
- Account Information: Basic account details like username, email, and account type for login and service delivery.
- Usage Stats: Anonymous, combined data about system performance and usage patterns to improve service.
Important Note: Our technology differs fundamentally from surveillance systems. We don't maintain a central facial recognition database that could identify people across searches. Each search runs independently without creating lasting biometric identifiers.
GDPR & Legal Compliance
As a New Zealand-based tool, we respect global privacy standards and implement technical and organizational measures to ensure compliance with applicable laws.
Our Compliance Approach:
- Lawful Processing Basis: All data processing follows valid legal grounds.
- Data Minimization: We collect and process only what's necessary to provide our services.
- Purpose Limitation: Personal data gets processed only for specific, explicit, legitimate purposes.
- Privacy by Design: Privacy considerations are built into all systems from the ground up.
- Special Category Data: We don't process special category data.
- Automated Decisions: Our service doesn't make automated decisions with legal or similarly significant effects.
Lawful Basis for Processing
Our processing activities mainly rely on these lawful bases:
- Contractual Necessity: Processing needed to fulfill our contract with you for the face recognition search tool.
- Legitimate Interests: Processing needed for our legitimate interests in running and improving our tool, unless overridden by your rights and freedoms.
- Consent: Where needed, we get clear, specific consent for certain processing activities.
Your Data Rights
Under various privacy laws, you have several rights regarding your personal data. We honor these rights and make it easy for you to exercise them.
- Right to Access: You can ask if we process your personal data and gain access to that data.
- Right to Correction: You can ask us to fix wrong personal data or complete incomplete data.
- Right to Erasure: You can ask us to delete your personal data under certain circumstances.
- Right to Restrict Processing: You can ask us to limit the processing of your personal data in certain cases.
- Right to Data Portability: You can ask to receive your personal data in a usable format that can be transferred.
- Right to Object: You can object to our processing based on legitimate interests.
- Rights on Automated Decisions: You have rights related to automated decision making, including profiling.
How to Exercise Your Rights: You can exercise any of these rights by:
We'll respond to all valid requests within one month. For complex cases, we might need up to two more months, but we'll let you know about any such extension.
Security Measures
We use strong security measures to protect your data from unauthorized access, change, disclosure, or destruction. Our security setup includes:
- Transport Security: All data sent to and from our servers is encrypted using TLS protocols.
- Access Controls: Strict role-based access limits data access to authorized staff only.
- Server Security: Hardened server setups with regular security updates and patches.
- Regular Audits: Regular security audits and vulnerability checks by independent security pros.
- Intrusion Detection: Advanced monitoring to spot and respond to potential security threats.
- Log Management: Full logging of system activities with secure storage and regular review.
- Data Encryption: Sensitive data gets encrypted at rest using strong encryption.
- Incident Response Plan: Written procedures for handling security incidents, including notifications where legally required.
Security Commitment: While we use strong security measures, no digital system can guarantee total security. We keep evaluating and improving our security to tackle new threats.
Data Retention Policies
We keep different types of data for different periods, always sticking to the minimal data principle:
- Uploaded Search Photos: Not kept at all. Processed in memory and deleted right after search ends.
- Face Vectors/Biometric Data: Not stored in any database. Created temporarily in memory during search and deleted right after.
- Search History: Kept in your dashboard for up to 30 days, then automatically deleted during maintenance.
- Account Information: Kept as long as your account is active, and for up to 12 months after closure (for legal and account recovery).
- Public Image Links: Kept until they no longer exist at the source URL or until a removal request is processed.
- Logs and System Data: Kept for up to 90 days for security, troubleshooting, and service improvement.
Automatic Deletion: Our systems automatically delete data when retention periods end. This runs continuously without needing manual work.
Data Removal Process
We offer multiple easy ways for you to remove your data from our system:
For Your Account Data:
- Dashboard Controls: You can delete individual searches or your entire search history through your dashboard anytime.
- Email Request: You can email [email protected] with a deletion request.
For Face Removal:
- Removal Tool: We have a dedicated tool at mambapanel.com/removeface for removing your face from our system.
- Results: Once processed, your face won't appear in any search results across our platform.
- Verification: The removal process needs simple verification to ensure the request is legitimate.
Commitment to Removal: We honor all valid removal requests promptly and fully. There's no fee for data removal, and we make the process as simple as possible.
Legal Basis for Processing
Our facial recognition tech operates within applicable laws, including New Zealand Privacy Act and other relevant privacy rules where our service is accessible.
Key Distinctions:
- Our service indexes publicly available info already accessible online.
- We don't create or keep a persistent biometric database of people.
- Our tech is designed for specific use cases with clear limits and safeguards.
- We implement strict data minimization that goes beyond regulatory requirements.
Compliance with Biometric Privacy Laws:
In places with specific biometric privacy laws (like BIPA in Illinois, USA), we've structured our service to avoid practices that would trigger these rules:
- No Biometric Collection: We don't "collect" or "capture" biometric identifiers legally speaking, as we don't keep facial geometry, templates, or vectors.
- No Biometric Database: We don't maintain a database of biometric info that could identify individuals.
- Memory-Only Processing: Our processing is temporary and limited to the specific search, with no persistence of biometric data.
Legal Note: Our service works as a search engine for public content, similar to text-based search engines. We index publicly accessible info and provide links to where it exists online, without creating or keeping biometric databases.
International Data Transfers:
As a New Zealand-based tool serving global users, we may transfer data across borders. For data transfers to non-NZ countries, we use appropriate safeguards:
- Standard Contractual Clauses: We use approved Standard Contractual Clauses where applicable.
- Extra Technical Safeguards: Beyond legal mechanisms, we use strong encryption and access controls for all data transfers.
User Responsibilities
By using our service, you acknowledge and agree to the following responsibilities:
IMPORTANT: Users are solely responsible for ensuring their use of our service complies with all applicable laws in their jurisdiction and the jurisdiction of any individuals whose faces they upload.
- Legal Compliance: You are responsible for ensuring that your use of our service complies with all applicable local, state, national, and international laws and regulations.
- Regional Restrictions: You must not upload faces of individuals from regions where facial recognition technology is restricted or regulated in ways that would make your search illegal. This includes certain jurisdictions with strict biometric privacy laws.
- Consent: Where required by law, you are responsible for obtaining appropriate consent from individuals before uploading their images for searching.
- Legitimate Purpose: You must only use our service for legitimate and lawful purposes.
- Age Verification: You must not knowingly upload images of minors under the age of 12.
By using our service, you represent and warrant that:
- You have verified that your search complies with all applicable laws.
- You are not uploading images from jurisdictions where such searches are restricted.
- You have obtained any necessary consents or have another legal basis for your search.
- You are using the service for legitimate purposes only.
Regional Restrictions
Our service has different availability and functionality depending on your location. Users must be aware of and comply with the following regional considerations:
NOTICE: Certain regions have specific regulations regarding facial recognition and biometric data processing. It is your responsibility to understand and comply with these regulations before using our service.
Important Regional Considerations:
- Jurisdictions with Strict Biometric Laws: Some regions have enacted specific laws governing biometric data and facial recognition (including but not limited to certain European countries, Illinois in the USA, and others). Our service may have limited functionality or be unavailable in these regions.
- User Verification: By using our service, you confirm that you are not uploading faces of individuals from regions where such processing would be prohibited or require additional consent mechanisms.
- Our Bonus Engine: This search engine is designed as an alternative database option and should only be used in compliance with all applicable regional laws.
Legal Disclaimer: We do not provide legal advice regarding the compliance of our service with the laws of specific jurisdictions. Users should consult with legal counsel before using our service for individuals from regions with strict biometric privacy laws.
Content Restrictions:
We have implemented technical measures to exclude certain categories of content from our system:
- Our AI is trained to automatically exclude results containing minors under 12 years old
- We regularly update our systems to comply with evolving legal requirements across different regions
- We may apply additional filtering based on regional requirements
Key Terminology
For clarity in this policy, we define key terms as they apply to our service:
Face Recognition
The process of identifying or verifying a person from a digital image by analyzing facial patterns. In our service, this happens temporarily during searches without creating lasting biometric identifiers.
Biometric Data
Personal data from specific technical processing relating to physical characteristics of a person, which allow unique identification. We don't store biometric data.
Face Vectors
Mathematical representations of facial features used in recognition systems. Our service creates these temporarily in memory during searches and deletes them right after.
Public Image Links
URLs pointing to images publicly accessible online. We store these links, not the images.
Transient Processing
Data processing that happens temporarily without long-term storage. All biometric processing in our system is transient.
Data Minimization
The practice of limiting data collection to what's directly relevant and necessary for a specified purpose. This is a core principle of our approach.
Contact Information
If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact us:
We aim to respond to all valid inquiries promptly, typically within 1-3 business days. For formal data rights requests, we'll respond within the timeframes required by law.