Skip to content
FoodPhoto.aifoodphoto.ai

Your Data, Protected

We take security seriously. From encryption to access controls, every layer of FoodPhoto.ai is designed to keep your data safe and your photos private.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your photos and personal information are protected at every stage.

Photo Privacy

We do not use your photos to train our own models. Images are processed solely to deliver your requested enhancements, and processed images can be deleted on request.

Data Retention

Processed photos are stored for 90 days to allow downloads and re-processing. You can delete your photos at any time from your dashboard.

GDPR Data Rights

We honor GDPR data-subject requests for EU/UK users, including access, portability, and erasure. An EU data processing agreement is available on request.

Infrastructure Security

Our infrastructure runs behind Cloudflare for DDoS protection and WAF. Each service runs as an isolated system process with least-privilege access and a minimal attack surface.

Access Controls

Strict role-based access controls ensure that only authorized personnel can access production systems. All access is logged and audited.

We Don't Train Our Models on Your Photos

We process your images solely to deliver the enhancements you request, and processed images can be deleted on request.

We process your photos only to deliver the enhancements you request. We do not use your photos to train our own models, and processed images can be deleted on request. Your original images and outputs are stored securely and used only to serve you.

Security at a Glance

TLS 1.3 Encrypted
AES-256 at Rest
GDPR Data Rights
Not Used to Train Our Models
Isolated Processing
Role-Based Access

How We Handle Your Photos

  1. Upload: Your photo is encrypted in transit via TLS 1.3 and stored in an encrypted bucket
  2. Processing: The image is sent to our AI pipeline in an isolated environment. No human views your photos during processing
  3. Delivery: Enhanced images are made available for download in your secure dashboard
  4. Retention: Photos are retained for 90 days, then permanently deleted. You can manually delete at any time

Infrastructure Details

  • Cloudflare: All traffic passes through Cloudflare for DDoS mitigation, bot protection, and web application firewall (WAF)
  • Process isolation: Each service runs as its own isolated system process under a non-privileged account, following the principle of least privilege
  • Database: PostgreSQL with encrypted connections and regular automated backups
  • Secrets management: Credentials and API keys are stored in environment variables, never in source code
  • Monitoring: Real-time alerting for anomalous traffic patterns and unauthorized access attempts

Compliance

  • GDPR: We honor data-subject requests (access, portability, right to erasure) for EU/UK users. An EU data processing agreement is available on request.
  • CCPA/CPRA: California residents can request access to or deletion of personal information
  • DPA: We offer a Data Processing Agreement for enterprise customers

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected]. We appreciate your help in keeping FoodPhoto.ai secure and will respond within 48 hours.

Questions?

For security-related inquiries:

Related Pages