// Trust & Security Report
FaceApp Technology Limited
Consumer photo and face editing application with AI-powered filters and retouching tools. Flagship product: FaceApp mobile app available on iOS and Android. No enterprise or team-tier variants.
Certifications held
0
Maturity
Startup
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: faceapp.comNo mention of SOC 2 on vendor's public website, privacy policy, or terms of service.
source: faceapp.comNo mention of SOC 2 on vendor's public website, privacy policy, or terms of service.
source: faceapp.comNo mention of ISO 27001 or formal security management system certification on vendor's public website.
source: faceapp.comPrivacy policy claims compliance with GDPR mechanisms: 'Standard Contractual Clauses for cross-border transfers' and 'appointed a Data Protection Officer and a UK representative (VeraSafe)'. However, no formal GDPR certification audit or verification is documented. GDPR is a regulation (not a cert), and the vendor claims compliance measures but provides no third-party audit evidence.
source: faceapp.comNot applicable. FaceApp is a consumer photo editing app with no healthcare-related features or data collection. No mention of HIPAA in terms or privacy documentation.
source: faceapp.comNo mention of ISO 27017. While FaceApp processes data on Google Cloud Platform and Amazon Web Services, the vendor does not claim compliance with cloud-specific security standards.
source: faceapp.comNo mention of PCI DSS. FaceApp handles subscription billing but does not claim PCI compliance on public documentation.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Google Cloud Platform and Amazon Web Services (no specific regional specification provided; international transfers mentioned with Standard Contractual Clauses)
Privacy policy explicitly states: 'We do not use photographs or videos you provide when you use the Apps for any reason other than to provide you with the editing functionality.' No indication of using customer photos for AI model training or improvement.
// Security controls
Encryption in Transit
Photographs and videos temporarily cached on cloud servers during editing; encrypted using key stored locally on user's mobile device
faceapp.comEncryption at Rest
Encryption key resides on user's device; vendor states 'we cannot disclose such content' because key is not stored server-side
faceapp.comData Retention
Photos and videos automatically deleted within 24-48 hours after last edit. Users can request immediate removal via app settings.
faceapp.comCloud Infrastructure
Cloud processing uses Google Cloud Platform and Amazon Web Services; no specific regional details or SLA commitments documented
faceapp.comGeneral Security Posture
Vendor claims they 'use commercially reasonable security practices to help keep the information collected through our services secure' but explicitly disclaims: 'we cannot guarantee the security of any information you provide.'
faceapp.comThird-Party Security Audits
No mention of penetration testing, security audits, or third-party verification on public documentation
faceapp.comData Protection Officer
Data Protection Officer appointed and contact information available; UK GDPR representative designated (VeraSafe)
faceapp.com// Products & data scope
data: Facial photos and metadata; temporary processing only (24-48 hour retention)
1 billion+ downloads. Available on iOS and Android. Offers free tier with ads and optional FaceApp Pro subscription. Single-product vendor; no enterprise variants.
// What to watch
- No trust center or dedicated security documentation page (404 on /security URL)
- No formal compliance certifications despite 1B+ user base; claims GDPR compliance mechanisms (DPO, SCC) but no audit evidence
- Privacy policy uses broad language: 'license to use, reproduce...modify, adapt, create derivative works from' user content; though restricted to providing editing services
- No third-party security audits, penetration testing results, or SOC 2/ISO certifications documented
- Data processing on third-party cloud providers (GCP, AWS) but no transparency into those providers' compliance posture in FaceApp's documentation
- International data transfers claimed but no specific regional details or SLA commitments documented
- Explicit disclaimer: 'we cannot guarantee the security of any information you provide' is unusually strong liability waiver for a vendor with massive consumer user base
// At a glance
Pricing model
Freemium with optional subscription (FaceApp Pro)
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on FaceApp Technology Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
faceapp.com