At Perfectme, we are committed to ensuring the security and integrity of our users' data. Our security practices are designed to protect user information from unauthorized access, use, alteration, or disclosure. This policy outlines the measures we implement to safeguard our application, infrastructure, and customer data.
1. Infrastructure Security
Cloud Hosting: All services are hosted on secure cloud platforms, primarily Amazon Web Services (AWS), which provides robust physical and environmental controls. Additionally, we use Paddle for secure payment processing and AWS infrastructure for hosting data and backups.
Data Storage: Input photos uploaded by users are not stored permanently. These photos are deleted from the API immediately after processing. Output photos generated by the API are temporarily stored on AWS servers for a maximum of 24 hours and are then permanently deleted. No sensitive data is retained unnecessarily, and any temporarily stored data is encrypted in transit and at rest.
Disaster Recovery: Regular backups are maintained for all critical data. Backup recovery procedures are tested periodically to ensure resilience in case of data loss or corruption.
2. Application Security
Authentication and Authorization: Two-factor authentication (2FA) and strong password policies are enforced for administrative access to our systems, including AWS, GitHub, and Paddle. User accounts on Perfectme require strong passwords, and user sessions are protected by encryption and secure cookie management.
Content Moderation and Filters: We employ automated NSFW content detection and age verification algorithms within our in-house API to prevent inappropriate or underage content from being uploaded or processed. We are in the process of implementing celebrity face detection to ensure unauthorized or non-consensual use of public figure images is prohibited.
Regular Updates: Security patches and updates are deployed regularly using automated build processes. This ensures quick and safe rollout of new features, security fixes, and improvements.
3. Data Protection and Privacy
Data Minimization: We only collect and process the minimum amount of data necessary to deliver our services. Input and output photos are handled securely and are never shared with third parties for purposes other than providing the service.
Encryption: All data transmitted between users and Perfectme is encrypted using SSL/TLS protocols. Data at rest is encrypted using AWS's storage encryption standards.
Paddle Payment System: All payment transactions are securely handled through Paddle, a PCI DSS-compliant service. We do not store any credit card details on our servers.
Access Control: Access to customer data is strictly limited to authorized personnel on a need-to-know basis. Employee access is regularly audited and logged for compliance.
4. Incident Response
Incident Detection and Escalation: A formal incident response process is in place to identify, escalate, and address security events. If a security breach affecting user data occurs, our team is mobilized to contain and resolve the issue promptly.
Customer Notification: Affected customers will be notified in writing if their data is involved in a verified security breach. Post-incident reviews are conducted to identify root causes and prevent future occurrences.
5. Compliance
Regulations and Standards: Perfectme complies with applicable privacy and security regulations, including GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). Our practices align with industry standards for data protection and security.
Third-Party Services: Trusted third-party providers, such as AWS and Paddle, are used to deliver specific functionalities. These providers are carefully selected and comply with strict security standards. Perfectme conducts regular reviews of its third-party services to ensure ongoing compliance and security.
6. User Responsibilities
Users must ensure that the photos they upload comply with our Terms and Conditions and Privacy Policy, including restrictions on NSFW content, unauthorized use of celebrity or public figure images, and underage content. Users are responsible for maintaining the confidentiality of their account credentials and notifying Perfectme of any unauthorized access.
7. Updates to This Policy
Perfectme reserves the right to update this security policy as our services evolve. Users will be notified of any significant changes through appropriate channels. Continued use of our services constitutes acceptance of any updated terms.
If you have any questions about this policy, please contact us at support@42dijital.com.
Perfectme Team