Privacy Policy

Perfect Passport LLC Effective Date: May 25, 2026 Last Updated: May 25, 2026

Perfect Passport LLC ("Perfect Passport," "we," "us," or "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have. It applies to perfectpassport.com, our iOS and Android applications, and any related services (collectively, the "Service").

If you are located in California, Virginia, the European Economic Area ("EEA"), the United Kingdom, or another jurisdiction with specific privacy rights, please see the region-specific sections in Section 11.

Because our Service processes photographs of your face for ID validation, we also collect biometric information. Section 3 of this Policy is specifically about biometric information and your rights regarding it. Please read it carefully.

1. Information We Collect

1.1 Information You Provide

Photographs. When you use the Service, you upload one or more photographs of yourself (or a person you are authorized to act on behalf of). This includes the source image and any processed outputs.
Order and Contact Information. When you place an order, we collect your email address ("Order Email"), shipping address (for physical prints), and the country and document type for your photo.
Payment Information. We use Stripe to process payments. Stripe collects your payment card number, billing address, and related details directly. We do not see or store your full card number; we receive only a transaction confirmation and limited tokenized details (such as the last four digits of your card and card brand) from Stripe.
Communications. If you contact us by email, we receive your message and any information you choose to provide.

1.2 Information Collected Automatically

When you use the Service, we and our third-party providers automatically collect:

Device and Technical Information — IP address, device type, operating system, browser type and version, app version, device identifiers, language settings, and time zone.
Usage Information — pages and screens viewed, features used, referring URLs, timestamps, clicks, and other interaction data.
Cookies and Similar Technologies — we and our analytics and advertising providers use cookies, SDKs, pixels, and similar technologies to recognize your device and collect usage information. See Section 7.

1.3 Information from Third Parties

Advertising Attribution. We receive limited attribution and conversion data from advertising platforms (Meta, Google, Apple) to measure the effectiveness of our advertising — for example, whether you came to the Service after clicking one of our ads.

2. Photographs

Photographs you upload are used solely to provide the Service to you:

to detect and measure facial features so we can size, center, edit, and validate your photo against the rules of the issuing authority;
to generate the processed digital file you preview, download, or order as a physical print;
to produce and ship physical prints if you place a print order; and
to enable you to look up, reprint, or delete your photo through the Service.

We do not use your photographs for advertising, marketing, training machine learning models, or any purpose other than providing the Service to you and complying with law. We do not sell your photographs. We do not share your photographs with third parties except as described in Section 6.

3. Biometric Information

This Section is provided to comply with the Illinois Biometric Information Privacy Act ("BIPA"), the Texas Capture or Use of Biometric Identifier Act ("CUBI"), Washington's biometric and consumer health privacy laws, and similar laws.

3.1 What We Collect

When you upload a photograph to the Service, our software detects and measures facial features in the image — including the position and dimensions of your eyes, the position of your head, and the proportions and outline of your face — in order to determine whether the photograph complies with the size, framing, and composition requirements of the issuing authority you have selected. The data derived from this process constitutes a "biometric identifier" or "biometric information" under BIPA and similar laws.

3.2 Purpose

We collect, capture, and use biometric information for the sole purpose of validating and editing your photograph to meet the requirements of the issuing authority you select and producing the digital or physical photograph you order. We do not use biometric information for identification, authentication, surveillance, or any other purpose.

We do not collect biometric information without your consent. Before you upload a photograph, the Service presents a notice and requests your written (electronic) consent confirming that you have read this Section and authorize us to collect, capture, and use biometric information for the purpose described above. If you do not provide consent, you cannot use the Service.

3.4 Retention Schedule and Destruction

We retain biometric information only as long as needed to provide the Service:

You may delete your photograph and the associated biometric information at any time from within the app or by emailing legal@perfectpassport.com.
Photographs and associated biometric information that are not associated with a completed purchase are permanently deleted 30 days after upload.
Photographs and associated biometric information that are associated with a completed purchase are retained to enable reprints and order support, and are permanently deleted (a) upon your request or (b) within one year after the date of the related purchase, whichever is earlier.
Biometric information stored in routine system backups is purged on our backup rotation cycle, which does not exceed 90 days after deletion from active systems.

These retention periods may be extended only as required to comply with a valid court order, subpoena, or warrant, or as otherwise required by law.

3.5 No Sale, Lease, Trade, or Disclosure

We do not sell, lease, trade, or otherwise profit from your biometric information. We do not disclose your biometric information to any third party except:

with your consent;
to complete a financial transaction you have authorized and requested;
as required by a valid warrant, subpoena, or court order; or
as otherwise required by law.

3.6 Security

We protect biometric information using the same or more protective standards we use for other confidential and sensitive information in our possession. See Section 9.

4. How We Use Information

We use the information described above to:

provide, operate, maintain, and improve the Service;
process and fulfill your orders (including digital delivery and physical shipping);
communicate with you about your orders and customer support requests;
detect, prevent, and respond to fraud, abuse, and security incidents;
measure the effectiveness of our advertising and understand how users find and use the Service;
comply with legal obligations and enforce our Terms of Service.

We do not send marketing or promotional emails. All emails we send are transactional in nature (order confirmations, shipping notifications, customer support replies, and similar service communications).

5. Legal Bases for Processing (EEA, UK, and Switzerland)

If you are in the EEA, the UK, or Switzerland, our legal bases for processing your personal information are:

Performance of a contract — to provide the Service you have requested.
Consent — to collect and process biometric information, and to set non-essential cookies and similar technologies. You may withdraw consent at any time.
Legitimate interests — to operate, improve, and secure the Service; to prevent fraud; and to measure advertising effectiveness, where our interests are not overridden by your rights.
Legal obligations — to comply with applicable law.

We share personal information only as described below. We do not share or sell your photographs or biometric information for advertising, marketing, or any other purpose.

Service Providers (Infrastructure). We use Fly.io to host our backend and Vercel to host our frontend. These providers process personal information on our behalf under contractual confidentiality obligations.
Payment Processor. Stripe processes payments. Stripe's processing of your information is governed by Stripe's privacy policy.
Analytics Provider. We use Google Analytics to understand how visitors use the Service. Google may set cookies and collect device and usage information. You can opt out of Google Analytics using the Google Analytics Opt-Out Browser Add-on.
Advertising Partners. We use the Meta Pixel (Meta Platforms), Google Ads conversion tracking, and Apple Search Ads attribution to measure our advertising and serve relevant ads. These tools may receive limited device, usage, and conversion information. This activity may constitute "sharing" of personal information for "cross-context behavioral advertising" under California law. See Section 7 and Section 11 for opt-out mechanisms.
Legal and Safety. We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Perfect Passport, our users, or others.
Business Transfers. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to standard confidentiality protections.

7. Cookies and Similar Technologies

We and our providers use cookies, SDKs, pixels, web beacons, and similar technologies to operate the Service, remember preferences, measure usage, and measure and optimize advertising. The categories we use include:

Strictly Necessary — required for the Service to function (e.g., session management, fraud prevention).
Analytics — Google Analytics, to understand usage patterns.
Advertising — Meta Pixel, Google Ads, Apple Search Ads, to measure and target advertising.

You can control cookies through your browser settings and, where presented, through our in-Service cookie controls. Blocking strictly necessary cookies may break parts of the Service.

We honor Global Privacy Control ("GPC") signals as an opt-out of "sale" and "sharing" of personal information for residents of states whose laws require it.

8. Data Retention

We retain personal information only as long as needed for the purposes described in this Policy. Specifically:

Photographs and biometric information — as described in Sections 2 and 3.4.
Order records — retained for as long as needed for tax, accounting, fraud prevention, and reprint support, generally up to seven (7) years for transactional records as required by law.
Email communications — retained for as long as needed to respond and for a reasonable follow-up period.
Device and usage information — retained in aggregated or de-identified form for analytics purposes, and in identifiable form for a shorter period sufficient for security, debugging, and abuse prevention.

When personal information is no longer needed, we delete or de-identify it.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, access controls, and infrastructure provided by reputable cloud hosts. No system is perfectly secure, however, and we cannot guarantee the absolute security of your information. If you believe your account or information has been compromised, please contact us at legal@perfectpassport.com.

10. International Data Transfers

We are based in the United States, and we process personal information in the United States. If you access the Service from outside the United States, your information will be transferred to, stored in, and processed in the United States. Where required for transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

11. Your Privacy Rights

You have rights regarding your personal information. We do not discriminate against you for exercising these rights.

To exercise any right described below, email us at legal@perfectpassport.com from the email address associated with your order, with the subject line "Privacy Request." We will verify your request using the information associated with your order and respond within the time required by applicable law.

11.1 All Users

Regardless of where you live, you may:

Delete your photo at any time from within the app or by emailing us.
Withdraw biometric consent by deleting your photo, which also deletes the associated biometric information. After withdrawal, you cannot continue using the Service unless you provide consent again.

11.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

Know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties to whom we disclose it;
Delete personal information we have collected from you, subject to certain exceptions;
Correct inaccurate personal information;
Opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising; and
Limit the use and disclosure of sensitive personal information (which includes biometric information).

Categories of personal information collected in the last 12 months: identifiers (e.g., email, IP address); commercial information (order history); internet or network activity (usage data); geolocation (approximate, derived from IP); visual information (photographs); biometric information (facial measurements); inferences (derived from any of the above for analytics).

Sources: you; your device; advertising platforms (attribution data).

Business purposes: providing the Service; processing payments; fulfilling orders; security and fraud prevention; analytics; advertising measurement.

Categories of third parties to whom personal information is disclosed: infrastructure providers; payment processors; analytics providers; advertising platforms; legal and governmental authorities when required.

Sale or sharing. We do not sell personal information for money. We do "share" limited identifiers and usage information with advertising platforms (Meta, Google, Apple) for cross-context behavioral advertising, which California law treats as "sharing." We do not "share" photographs or biometric information.

To opt out of sharing, email us with the subject "Do Not Sell or Share My Personal Information" or send a GPC signal from a supported browser.

To limit use of sensitive personal information (biometric information), email us with the subject "Limit Use of Sensitive Personal Information." Note that the Service cannot function without processing your biometric information; choosing to limit use is functionally equivalent to choosing not to use the Service.

You may also designate an authorized agent to make a request on your behalf, subject to verification.

11.3 Virginia Residents (VCDPA)

If you are a Virginia resident, you have the right to:

Access the personal data we process about you;
Correct inaccuracies in your personal data;
Delete personal data;
Portability — obtain a copy of your personal data in a portable format; and
Opt out of (i) targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions producing legal or similarly significant effects.

We do not sell personal data for money and do not engage in profiling that produces legal or significant effects. We do engage in targeted advertising as described above; you may opt out by emailing us or sending a GPC signal.

Appeals. If we decline to act on your request, you may appeal by replying to our response. If your appeal is denied, you may contact the Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform.

11.4 Other U.S. States

Residents of Colorado, Connecticut, Utah, Oregon, Texas, Montana, Indiana, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, Minnesota, Maryland, and other states with comprehensive privacy laws have rights similar to those above. To exercise your rights, contact us at legal@perfectpassport.com.

Residents of Illinois, Texas, and Washington — please also see Section 3 regarding biometric information.

If you are in the EEA, UK, or Switzerland, you have the right to:

access your personal data;
rectify inaccurate data;
erase ("right to be forgotten") your data;
restrict processing;
object to processing based on legitimate interests;
portability of your data;
withdraw consent at any time, where processing is based on consent; and
lodge a complaint with your local data protection authority.

The data controller is Perfect Passport LLC. Contact: legal@perfectpassport.com.

12. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided us with personal information, please contact us at legal@perfectpassport.com and we will take steps to delete it. Where you order a photograph for a minor, you must be the parent or legal guardian (or otherwise authorized) and you provide all consents on behalf of the minor, including biometric consent.

13. Third-Party Links and Services

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide reasonable notice by updating the "Last Updated" date above and, where appropriate, by email or in-app notice. Your continued use of the Service after the effective date of the revised Policy constitutes your acceptance of it.

15. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you would like to exercise your rights, contact us at:

Perfect Passport LLC Email: legal@perfectpassport.com Website: https://www.perfectpassport.com

By using Perfect Passport, you acknowledge that you have read and understood this Privacy Policy.