Privacy Policy

Runface processes personal data carefully and conservatively. This policy explains what we collect, why, how long we keep it, and how to exercise your rights under the Malaysian Personal Data Protection Act 2010 (PDPA).

1. What we collect

1.1 Personal data you give us

• Email address — required to send your download links. Stored with your order.
• Account name & password — only if you create an account. Passwords are stored hashed.
• Selfie image (transient) — only if you use selfie search. See § 2 below.
• Bib number (search input) — recorded with each search, not tied to your identity.

1.2 Data we collect automatically

• IP address — used for rate-limiting (preventing abuse) and operational logs.
• Session identifier — to keep your cart and search results across page loads.
• Search analytics — anonymised query type (bib or selfie), result count, error class. We use Plausible Analytics (self-hosted, no cookies, no IP storage by default).

1.3 Photo content

Photos uploaded by photographers may contain your face and other people. We derive a numeric face "embedding" (a 128-dimensional vector) from each detected face so we can match a selfie search to photos. These embeddings are derived data but we treat them as personal data subject to the same retention rules as the photo itself.

2. Selfies (special handling)

When you upload a selfie to find your photos:

• The selfie is stored on our private server (not on public storage).
• It is used only to compute a one-time face embedding for matching against the event.
• It is auto-deleted within 24 hours via a scheduled job.
• It is never shared, sold, or used to train any model.

3. How long we keep your data

Data	Retention
Selfie images	24 hours
Unsold event photos & their face embeddings	90 days (or per-event setting)
Paid-order photos & their embeddings	7 years (financial/legal records)
Search queries (bib digits, selfie path)	90 days
Orders & payment audit records	7 years

4. Who we share data with

• Payment gateways (Chip, Stripe, PayPal) — to process your payment. They receive your email and order details. Their privacy policies apply.
• Cloudflare R2 (object storage) — photos are stored on R2 in the Singapore region. Cloudflare cannot access the content.
• Email sender (Resend) — to deliver download links and notifications.
• We do not sell, rent, or share personal data with any other party.

5. Where data is stored

All servers are in the Singapore region. Backups are stored in the same region. This keeps your data in ASEAN.

6. Your rights under PDPA

You have the right to:

• Access — request a copy of personal data we hold about you.
• Correct — ask us to fix inaccurate or incomplete data.
• Delete — ask us to delete your face-derived data and search history. Note that photos and embeddings tied to paid orders are retained for 7 years for financial/legal records, which is an exception we are required to apply.
• Withdraw consent — for selfie search, simply do not upload a selfie. Your search will not run.

To exercise these rights, email privacy@runface.local. We respond within 14 days.

7. Cookies

We use only essential cookies — a session cookie to keep your cart and authentication. We do not use advertising cookies or third-party trackers.

8. Children

The platform is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have, please email us and we will delete it.

9. Changes

Material changes to this policy are announced on the platform homepage at least 14 days before taking effect.

10. Contact

Privacy questions: privacy@runface.local
All other questions: support@runface.local