Privacy Policy

Last updated: January 1, 2026

1. Introduction

EuPass ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our biometric photo service. We comply fully with the General Data Protection Regulation (GDPR) and all applicable EU data protection laws.

2. Data We Collect

We collect the following categories of personal data:

  • Photographs: Images you upload for processing. These are temporarily stored during processing and automatically deleted within 24 hours.
  • Contact information: Email address provided during purchase for order delivery and communication.
  • Payment information: Payment details are processed by our secure third-party payment processor. We do not store credit card numbers or full payment details on our servers.
  • Usage data: Anonymous analytics data such as page views and browser type, collected to improve our service.

3. How We Use Your Data

Your personal data is used exclusively for the following purposes: (a) processing and generating your biometric photos; (b) delivering your photos via email and download links; (c) processing payments; (d) responding to support inquiries; (e) improving our service through anonymized analytics.

4. Photo Data Handling

We take special care with photograph data given its biometric nature:

  • All uploaded photographs and processed images are automatically deleted from our servers within 24 hours.
  • We do not extract, store, or retain any biometric templates or facial recognition data.
  • Photo processing is performed in memory and not persisted beyond what is needed for delivery.
  • All data transfers are encrypted using HTTPS/TLS.

5. Data Retention

Photographs: Deleted automatically within 24 hours of upload. Order records: Retained for up to 2 years for legal and accounting purposes, then anonymized. Contact form submissions: Retained for up to 1 year after resolution. Email addresses: Retained until you request deletion or unsubscribe.

6. Your Rights Under GDPR

As an EU data subject, you have the following rights:

  • Right of access: Request a copy of your personal data.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your personal data.
  • Right to restrict processing: Request limitation on how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies

We use essential cookies required for the proper functioning of our service (such as session management and payment processing). We use anonymous analytics cookies to understand how visitors interact with our website. No advertising or tracking cookies are used. You can manage cookie preferences through your browser settings.

8. Third-Party Services

We use the following third-party services, each of which has their own privacy policy and GDPR compliance measures: payment processing providers for secure transactions; email delivery services for order confirmations; cloud hosting providers within the EU for data storage and processing.

9. Contact

For any privacy-related questions or to exercise your data rights, please contact our Data Protection Officer at [email protected]. You also have the right to lodge a complaint with your local data protection supervisory authority.