Privacy Policy & Technical Architecture

1. How IDPhotoSnap is built (technical architecture)

IDPhotoSnap is a static front-end web application. There is no backend service that receives, processes, or stores user photos. When you use the tool, every step runs as JavaScript and WebAssembly inside your browser tab:

• Background removal uses the @imgly/background-removal library (v1.7), which runs the BRIA RMBG-1.4 neural network as a WebAssembly / ONNX model directly in your browser, accelerated by WebGPU when your device supports it.
• Face detection and segmentationuse Google's MediaPipe models (face_detection and selfie_segmentation), which also run as WebAssembly in the browser to position and crop your head correctly.
• Resizing, cropping, and background fill use the standard HTML Canvas API. PDF export uses the jsPDF library. Both run in the browser.
• Your photo is held only as an in-memory object in the browser tab (a Blob and a temporary blob: object URL). It is not written to disk by us and is not part of any network request.

The one-time exception is the AI model files themselves. The first time you remove a background, your browser downloadsthe model code and weights (roughly 150 MB for the high-fidelity model) from a public CDN. That is a download into your browser — the opposite direction from an upload. Your photo is never attached to that request, or to any other request.

2. Is processing fully local? Yes.

Every pixel of your photo is processed on your own device. Nothing about the image — not the file, not a thumbnail, not a compressed copy, not a derived feature vector — leaves your browser.

The clearest proof: once the tool has finished loading, you can disconnect your internet and the photo tool still works completely. Background removal, face cropping, resizing, and download all run offline, because they were always running on your device — not on ours.

3. Are there temporary server-side uploads? No.

There is no staging server, no temporary upload bucket, and no processing backend. IDPhotoSnap's only server-side endpoint is /api/specs, which returns passport and visa photo specification data (sizes, background colours, rules) as machine-readable JSON. It never receives an image. There is no code path anywhere in the application that sends your photo to a server, not even briefly.

4. Retention policy for your photos

Nothing is retained, because nothing is received. Your photo lives only in your browser's memory (RAM) for as long as the tab is open. When you close or reload the tab, it is gone permanently.

There is no copy of your photo on a server, in a database, in cloud storage, in a backup, or in a log file. There is nothing for us to delete on request, nothing that can be breached, nothing that can be handed over, and nothing that can be sold — because the data simply never exists outside your device.

5. Analytics, advertising, and fingerprinting

We are specific about this so it can be independently checked:

• Google Analytics 4 (measurement ID G-5EB80XQFS3) collects anonymous, aggregate usage statistics: pages viewed, time on page, approximate country/city-level location, device type, browser, and referring website. It never receives your photo or any data derived from it.
• Yandex Metrika (counter ID 109477977) is installed for Russian-language audience analytics. It collects the same kind of anonymous, aggregate pageview, region, device and referrer statistics as Google Analytics. It never receives your photo. Session replay (Webvisor) and click-map collection are deliberately disabled.
• No device fingerprinting, no canvas fingerprinting, no session recording, no mouse-movement or keystroke tracking, and no cross-site behavioural profiling are used.
• Advertising: IDPhotoSnap does not currently display any advertising — there are no ad networks running on the site and no advertising cookies are set. If advertising is added in the future, it will be disclosed here; any ad systems would still never receive your photo.
• A service worker (/sw.js) caches static site files so pages load fast and work offline. It caches the app's own code and assets — never your photos.

6. How to verify all of this yourself

You do not have to take our word for it. Anyone can confirm these claims in a few minutes:

• Watch the network.Open your browser's developer tools (F12), go to the Network tab, then upload a photo and make it. You will see the model files download once, and you will see analytics pings — but you will see no request that carries your image out of the browser.
• Go offline. Load the tool, then turn off your Wi-Fi or network. Upload and process a photo. It still works — proof the processing runs on your device.
• Inspect the code. The front-end JavaScript is served to your browser and can be read in the developer tools Sources panel. The passport specification dataset is also published openly.

7. Information we collect

We do not collect personal information such as your name, email address, or photos. The only data collected is the anonymous, aggregate Google Analytics 4 and Yandex Metrika data described in section 5. Neither tool can be used to identify an individual user.

8. Cookies

We use cookies only for the anonymous Google Analytics 4 and Yandex Metrika statistics described in section 5. No advertising cookies are set, because the site currently shows no ads. We do not use cookies to track individual users or to store personal information.

9. Third-party links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.

10. Children's privacy

This service is not directed to children under 13. We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

12. Contact

If you have questions about this Privacy Policy or our architecture, you can contact us at: elena@idphotosnap.com

Privacy FAQ