← Back

Privacy Policy

Effective date: 28 March 2026

1. Who we are

Koinic Studio is a sole trader business based in the United Kingdom. We operate the facial biometric analysis service at this website. When this policy says "we", "us", or "our", it means Koinic Studio.

Contact: koinicstudio@gmail.com

2. What data we collect

When you submit an order, we collect:

  • Photos of your face — one required, additional optional. These are used solely to run your analysis.
  • Your name and email address — to send your report and manage your order.
  • Age, sex, and ethnicity — to contextualise your biometric measurements against relevant population norms. Ethnicity is optional.
  • Payment information — handled entirely by Stripe. We never see or store your card details.

We do not collect any data beyond what you explicitly provide. We do not use cookies for advertising or tracking, and we do not run third-party analytics on this site.

3. Your photos are permanently deleted

We delete your uploaded photos immediately and permanently once your report has been delivered to you. This happens automatically as part of the delivery process — no manual action is required on your part.

After deletion, we have no copy of your photos anywhere — not in our database, not in backup storage, not in our email system. We cannot retrieve them, and we will not attempt to.

This is a core part of how the service works, not just a policy commitment.

4. Biometric data processing

Your photos are processed to extract facial biometric measurements — including proportions, angles, and structural ratios. This constitutes the processing of biometric data under UK GDPR.

The processing steps are:

  1. Your photo is analysed using facial landmark detection, which maps key structural points across your face.
  2. Biometric measurements are calculated from those landmarks.
  3. A written report is produced from those measurements.

Your biometric data is processed during analysis only and is not retained by any third-party processing provider.

Legal basis: We process your biometric data on the basis of your explicit consent, given when you submit your photos. You can withdraw consent at any time before your report is delivered by emailing koinicstudio@gmail.com.

5. How we use your data

We use your data only to:

  • Run your facial biometric analysis.
  • Generate and send your written report by email.
  • Process your payment via Stripe.
  • Respond to any queries you raise about your order.

We will never use your data for marketing, sell it to third parties, or share it with anyone other than the service providers listed below.

6. Where your data is stored

We use the following third-party services to operate the service:

Supabase

Stores your name, email, age, sex, and ethnicity — and your analysis report after it has been generated. Photo URLs are temporarily stored here while your analysis is being processed, and are removed once delivery is complete.

Vercel

Hosts this website and temporarily stores your uploaded photos in Vercel Blob during analysis. Photos are deleted from Vercel Blob once your report is sent.

Stripe

Processes your payment. We never store your card details. Stripe is PCI-DSS compliant. See Stripe's privacy policy for details on how they handle your payment data.

Resend

Delivers your report by email. Your email address and report content pass through Resend's systems for delivery purposes only.

7. How long we keep your data

DataRetention period
Your photosDeleted immediately on report delivery
Your reportRetained for up to 90 days, then deleted
Name and emailRetained for up to 1 year for support purposes
Payment recordsRetained for 7 years (UK tax and accounting requirements)

8. Your rights under UK GDPR

You have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Erasure — request deletion of your personal data ("right to be forgotten").
  • Rectification — ask us to correct inaccurate data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing where we rely on legitimate interests.
  • Withdraw consent — withdraw consent for biometric processing at any time before your report is delivered.

To exercise any of these rights, email koinicstudio@gmail.com. We will respond within 30 days.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. International data transfers

Some of our service providers (including Supabase, Vercel, Stripe, and Resend) may process data outside the UK. Where this occurs, we rely on the providers' standard contractual clauses and their UK GDPR-compliant transfer mechanisms.

10. Changes to this policy

If we make material changes, we will update the effective date at the top of this page. For significant changes, we will notify you by email if we hold your address.

Questions?

Email us at koinicstudio@gmail.com. We are happy to explain anything in this policy in plain language.