Privacy Policy
Last updated: 4 May 2026 · Effective immediately
At a glance
- We process your photo to produce a compliance-spec output for the issuing authority you selected. That's it.
- Successful deliveries are auto-deleted within 7 days. Orders flagged for human review or pending refund are kept up to 30 days. Absolute maximum retention is 90 days.
- We never sell your data. We never share it for marketing. We send no marketing emails.
- Your photo is processed by named third-party AI services (Google, AWS) operating outside Singapore. Section 7 below lists every sub-processor.
- You can request earlier deletion at any time by replying to your order email.
1. Who we are & what this policy covers
RapiFoto is operated by RAPIFOTO PTE. LTD. (UEN 202619769M), a private company limited by shares, incorporated and based in Singapore. For privacy questions, email support@rapifoto.com.
This policy covers https://rapifoto.com (and any of our other product domains), and any product surface served from it — including all locale-prefixed pages (/en-sg/*, /id-id/*, /ja-jp/*, etc.) and our API.
2. What data we collect
We collect three categories of data:
(a) Data you provide
- Your photo. The selfie or photo you upload. This is biometric data; see Section 3 for how we handle it.
- Your email address. Captured by Stripe at checkout and passed to us so we can deliver the finished photo. We never request your email outside checkout.
(b) Data collected automatically
- IP address. Used for rate limiting (to prevent abuse), Cloudflare Turnstile bot detection, and geographic locale detection.
- Browser and device basics. Browser version, operating system family, referrer URL — read by Vercel for standard request logs.
- Cookies. See Section 10.
(c) Data from third parties
- Stripe payment metadata. Stripe sends us your name, email, country, and a non-sensitive payment reference (card type, last 4 digits, transaction ID). We never receive your full card number.
3. Biometric & facial data
Your photo contains biometric information (your face). We treat it as sensitive personal data even where local law doesn't formally classify it as such.
We use it for one purpose only: producing a compliance-spec output for the issuing authority you selected. That involves checking the photo against the authority's rules, replacing the background with the required colour, and verifying the result hasn't altered your facial landmarks. Some of these steps run in your browser; some run on our servers; some involve trusted AI services listed in Section 7.
What we do not do with your face data:
- We do not use your photo to identify you, match it against any database, or build a face-recognition system.
- We do not train any AI model on your photo. Our AI sub-processors (Google, AWS) are contractually prohibited from using submitted data for model training.
- We do not retain your photo beyond the schedule in Section 5.
4. Why we process your data
Each piece of data has a specific purpose:
- Your photo — to produce your delivered output. Legal basis: performance of contract.
- Your email — to deliver your photo and handle support replies. Legal basis: performance of contract.
- IP address & rate-limit data — to prevent abuse and unfair use of our paid AI processing. Legal basis: legitimate interest.
- Cookies — see Section 10. Legal basis: consent for non-essential cookies; legitimate interest for strictly necessary ones.
- Stripe payment metadata — to confirm your order and meet our tax/audit obligations. Legal basis: performance of contract and legal obligation.
5. How long we keep your data
We follow a tiered auto-deletion schedule based on order state:
| Order state | Retention window |
|---|---|
| Successfully delivered | 7 days from delivery |
| Pending payment, refunded, or rejected | 30 days from order creation |
| Flagged for human review | 30 days from order creation |
| Absolute maximum (any state) | 90 days from order creation |
Deletion is performed by a daily cron job at 03:00 UTC and covers both database rows and stored photo files (originals and processed copies).
Email addresses follow the same schedule as the associated order. Stripe-side payment records are retained by Stripe per their own policy and applicable financial-record-keeping law; we have no control over Stripe's retention. Server-side request logs (URL, status, IP) are retained by our hosting provider per their standard log-retention policy.
6. We do not sell or share your data
We do not sell your personal data, ever. We do not share your data with advertisers, data brokers, or marketing platforms. We send no marketing emails.
The only third parties that receive your data are the sub-processors listed in Section 7, each of which is contracted to process data only for the specific service we use them for.
7. Sub-processors we use to operate the service
We use trusted third parties to operate parts of the service. Each sub-processor is contracted to process data only for the specific purpose listed below.
| Category | Purpose | Region |
|---|---|---|
| AI image processing | Compliance check, background replacement, output verification | US / global |
| Photo storage & database | Storing your photo + order until auto-deletion (Section 5) | Singapore |
| Hosting & CDN | Serving the website + API | Global edge / US |
| Payment processing | Card / wallet payments and customer-email capture at checkout | Varies by payment method |
| Transactional email delivery | Sending you your finished photo | US |
| Bot protection & rate limiting | Preventing abuse of paid AI processing | Global edge |
We'll update this list before adding a new sub-processor category that handles personal data.
8. International data transfers
Several sub-processors may operate outside your country. Your photo may be transferred to AI image-processing services located internationally; email delivery, payment processing, and hosting may also occur in vendor-defined regions abroad.
We rely on each vendor's contractual data-protection commitments — Standard Contractual Clauses (SCCs) where applicable, the EU-US Data Privacy Framework where the vendor is certified, and equivalent regional safeguards. By using this service, you consent to these cross-border transfers.
Japan-specific: Article 28 of the Act on the Protection of Personal Information (APPI) requires us to obtain your prior consent before transferring your personal data outside Japan. The consent banner shown to all users on /ja-jp/* pages and /en-jp/* pages discloses these transfers before any upload occurs.
9. Your rights
Depending on where you live, you have some or all of the following rights with respect to your personal data:
- Access — request a copy of the data we hold about you.
- Correction — ask us to fix incorrect or outdated data.
- Deletion — ask us to delete your data ahead of our scheduled retention.
- Restriction or objection — limit how we process your data, where applicable.
- Data portability — receive a copy of your data in a machine-readable format.
- Withdraw consent — for processing based on consent (e.g. cookies).
- Lodge a complaint — with your local data protection authority (regulator addresses below).
To exercise any right, email support@rapifoto.com. We respond within the statutory timeframe of your jurisdiction (typically 30 days), and usually much sooner.
Your local data protection authority
- Singapore: Personal Data Protection Commission (PDPC)
- Malaysia: Jabatan Perlindungan Data Peribadi (JPDP)
- Indonesia: Kementerian Komunikasi dan Digital (Komdigi / formerly KominfO)
- New Zealand: Office of the Privacy Commissioner (OPC)
- Australia: Office of the Australian Information Commissioner (OAIC)
- Philippines: National Privacy Commission (NPC)
- Vietnam: Ministry of Public Security (MPS) — A05 Cybersecurity Department
- Hong Kong SAR: Office of the Privacy Commissioner for Personal Data (PCPD)
- Japan: Personal Information Protection Commission (PPC)
10. Cookies & tracking
We use only cookies strictly necessary to operate the service:
- A locale cookie that remembers your language and country choice across sessions.
- Bot-protection cookies set by the invisible challenge our bot-protection provider runs on every upload.
- Payment-checkout cookies set on the payment-processor checkout page during payment, governed by that processor's policy.
We do not currently use analytics cookies, advertising cookies, or any tracking pixels. If we add analytics in the future, we'll update this section and (where required) prompt for explicit consent first.
11. Children
RapiFoto is not directed at children under 16. We do not knowingly collect personal data from anyone under 16 acting on their own.
Parents and legal guardians may use the service to produce compliance photos for their child (passport applications for minors are common). When you upload a photo of a minor, you confirm that you are the parent or legal guardian and consent on the minor's behalf to the processing described in this policy.
12. Security
We protect your data with transport encryption, scoped credentials, role-based access controls, automated retention enforcement, and abuse rate-limiting. Photos are stored in our Singapore region and access is restricted to the small set of operations needed to deliver your order.
No system is perfectly secure. If we ever discover a security incident affecting your data, we'll notify you without undue delay and report to the relevant data protection authority where required by law.
13. Non-affiliation
RapiFoto is an independent service. We are not affiliated with, endorsed by, or operated on behalf of: the Singapore Immigration & Checkpoints Authority (ICA), the Singapore Ministry of Manpower (MOM), Jabatan Imigresen Malaysia (JIM), Direktorat Jenderal Imigrasi (Indonesia), the New Zealand Department of Internal Affairs (DIA), the Australian Department of Home Affairs, the US Department of State, the Vietnamese Ministry of Public Security, the Hong Kong Immigration Department (ImmD), the Japanese Ministry of Foreign Affairs (MOFA), or any other government agency.
We produce photo files conformant with each authority's published specifications. The submission and approval of any application is between you and the relevant authority.
14. Changes to this policy
We'll update this policy when our data practices change materially — for example, adding a new sub-processor that handles personal data, changing retention windows, or expanding the rights we offer.
For material changes, we'll either email customers with orders in the last 90 days, or surface a banner on the site for at least 30 days, before the change takes effect. The "Last updated" date at the top of this page always reflects the most recent revision.
15. Contact
For privacy questions, data-rights requests, or to report a concern, email support@rapifoto.com.