Halo EYEQ Privacy Policy

Last Updated: February 6, 2026

This Privacy Policy defines how we handle personal information collected from users of Halo EYEQ (hereinafter referred to as “the Service”).

1. Personal Information We Collect

The Service collects and uses the following information depending on the user’s role.

Information Collected from All Users

  • Usage History: Operation logs such as service browsing, searches, photo data downloads, and inquiries.
  • Device Information: Information about the accessing device, IP address, client identifier (stored as an encrypted cookie), etc.
  • Account Information: Basic information such as name and email address provided through external authentication providers (e.g., Google).

Information Collected from Contributors (Photo Uploaders)

  • Photo Metadata: EXIF information contained in uploaded photos (shooting date/time, location information, etc.). *Note: Metadata is automatically removed (stripped) from distributed images after being saved to the database.
  • Consent Information: Consent status for terms of service obtained before image upload.

Information Collected from Viewers (Subjects in Photos)

  • Facial Image Data: Encrypted facial image data is stored on the server for photo search and identity verification (see Section 3 for details). Facial images are protected using strong encryption, and the decryption key is stored only in your browser. The server does not retain the decryption key, making it impossible for the server alone to decrypt the data.
  • Facial Identification ID: A random ID issued through facial recognition processing. It is not linked to personally identifiable information and is used solely for photo matching purposes.
  • Liveness Detection Data: Biometric information obtained from camera footage is temporarily used in the Active Liveness Detection (anti-spoofing) process. This data is used only for anti-spoofing determination and is discarded from the server after the determination is complete.

2. Purpose of Use of Personal Information

Collected personal information is used for the following purposes:

  • Identity Verification and Authentication: For user identity verification (Liveness Detection) during viewing and account authentication during service login.
  • Photo Search and Viewing: To search for photos in which you are the subject and enable only you to view and download them.
  • Service Provision, Maintenance, and Improvement: For AI agent guidance, stable system operation, and user experience improvement.
  • Fraud Prevention: For monitoring and responding to terms of service violations, spoofing, unauthorized access, etc. Upload limits and rate limiting are implemented to prevent misuse.
  • Customer Support: For user support and communication.

3. Management and Protection of Personal Information

We prioritize the protection of your privacy and implement the following strict security measures:

Encryption and Protection of Facial Image Data

  • Encryption Method: Facial image data is encrypted using authenticated encryption (AES-256-GCM) and stored on the server.
  • Separation of Decryption Keys: The decryption key is returned and stored only in your browser after the encryption process, and is immediately discarded on the server side. This ensures that even if data on the server were to be leaked, it would be impossible for third parties to decrypt the facial images.
  • Separation of Facial Identification ID: The Facial Identification ID issued through facial recognition processing is a random ID rather than the facial features themselves, and is managed separately from personally identifiable information.

Deletion of Metadata

After extracting and saving EXIF meta-information such as shooting date/time and location information from uploaded photos to the database, the meta-information is completely removed (stripped) from the image files for viewing and downloading.

Image Protection

  • Watermark: A watermark is embedded in distributed images for copyright protection.
  • Access Control: Access to all image content is managed by time-limited signed URLs to prevent access by unauthorized third parties. Signed URLs have short expiration periods.
  • Upload Limits: Upload limits are set per guest user and logged-in user, with daily and hourly rate limits implemented.

Temporary Data Management

Temporary data such as search results is retained on the server only for a short period and is automatically purged after expiration. Your browser may also temporarily cache data for display optimization, which is automatically refreshed after a set period.

4. Retention Period and Deletion of Personal Information

  • Photo Data: Original photos uploaded in relation to an event and generated related image data are automatically and completely deleted from the system 30 days after the event ends.

  • Temporary Files: Temporary files generated during upload processing are automatically cleaned up after the designated retention period.

  • Audit Logs: Access logs, operation history, download history, etc. are retained for 90 days for fraud prevention and security auditing purposes.

  • Deletion Requests: You may request deletion of photos in which you are the subject through the service’s functionality. You may delete your own biometric information (encrypted facial images and Facial Identification ID) at any time, and upon deletion, all related data including data held by external services is automatically deleted.

5. Provision of Information to Third Parties

We will not provide personal information to third parties except when required by law or with your explicit consent.

6. Inquiries

For questions about this Privacy Policy or inquiries regarding the handling of personal information, please contact us here.

Halo EYEQ Operations Office