Skip to content
FoodPhoto.ai

Your Data, Protected

We take security seriously. From encryption to access controls, every layer of FoodPhoto.ai is designed to keep your data safe and your photos private.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your photos and personal information are protected at every stage.

Photo Privacy

Your photos are never used to train our AI models. Images are processed solely to deliver your requested enhancements and are never shared with third parties.

Data Retention

Processed photos are stored for 90 days to allow downloads and re-processing. You can delete your photos at any time from your dashboard.

GDPR Compliance

We comply with the General Data Protection Regulation (GDPR) and provide EU residents with full data access, portability, and deletion rights.

Infrastructure Security

Our infrastructure runs behind Cloudflare for DDoS protection and WAF. Each service runs in isolated Docker containers with minimal attack surface.

Access Controls

Strict role-based access controls ensure that only authorized personnel can access production systems. All access is logged and audited.

Your Photos Are Never Used to Train AI

We process your images solely to deliver the enhancements you request. Period.

We process your photos only to deliver the enhancements you request. Once processing is complete, your original images and outputs are stored securely and never used for model training, benchmarking, or any purpose other than serving you.

Security at a Glance

TLS 1.3 Encrypted
AES-256 at Rest
GDPR Compliant
No AI Training on Your Photos
SOC 2 Aligned
Role-Based Access

How We Handle Your Photos

  1. Upload: Your photo is encrypted in transit via TLS 1.3 and stored in an encrypted bucket
  2. Processing: The image is sent to our AI pipeline in an isolated environment. No human views your photos during processing
  3. Delivery: Enhanced images are made available for download in your secure dashboard
  4. Retention: Photos are retained for 90 days, then permanently deleted. You can manually delete at any time

Infrastructure Details

  • Cloudflare: All traffic passes through Cloudflare for DDoS mitigation, bot protection, and web application firewall (WAF)
  • Docker isolation: Each service runs in its own container with the principle of least privilege
  • Database: PostgreSQL with encrypted connections and regular automated backups
  • Secrets management: Credentials and API keys are stored in environment variables, never in source code
  • Monitoring: Real-time alerting for anomalous traffic patterns and unauthorized access attempts

Compliance

  • GDPR: Full compliance including data portability, right to erasure, and lawful basis documentation
  • CCPA/CPRA: California residents can request access to or deletion of personal information
  • DPA: We offer a Data Processing Agreement for enterprise customers

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected]. We appreciate your help in keeping FoodPhoto.ai secure and will respond within 48 hours.

Questions?

For security-related inquiries:

Related Pages

Security | FoodPhoto.ai - Your Data, Protected