Last Updated: May 1, 2026 · Effective: May 1, 2026
Summary: FaceHeatMap does not sell your data. We collect minimal technical data needed to operate the service. We do not require account registration. You have full rights to access, correct, or delete any data we hold about you.
FaceHeatMap ("we," "us," "our") is operated by VPDLNY (Vulnerable Persons Defense League of New York), a collective of technologists and artists dedicated to transparency and civil liberties. Our primary contact for privacy matters is: contact@faceheatmap.app
When you visit FaceHeatMap, our web server (Cloudflare Workers) automatically logs:
This data is processed by Cloudflare under their standard infrastructure logging. We do not have persistent access to this data beyond error reports.
When you agree to our Terms of Service, we store a consent record in your browser's localStorage. This record contains: timestamp of consent, and a truncated User-Agent string. This data stays on your device and is not transmitted to our servers.
If a JavaScript error occurs in your browser while using the app, an automated error report may be sent to our /api/error endpoint. This report contains: the error message, the URL where it occurred, and a truncated User-Agent string. No personally identifiable information is included.
If you voluntarily submit our contact form, we collect: your name, email address, subject, and message. This data is stored in our secure database and used only to respond to your inquiry. We do not use contact form data for marketing.
Technical log data is used solely for: debugging errors, preventing abuse and DDoS attacks, and understanding aggregate usage patterns. Contact form data is used solely to respond to your message.
Our site is hosted on Cloudflare Workers and Cloudflare D1. Cloudflare processes request metadata as part of infrastructure operations. Cloudflare's privacy policy governs their data handling: cloudflare.com/privacypolicy
The surveillance data displayed on FaceHeatMap comes from public sources (EFF, USASpending.gov, MuckRock, ACLU, NewsAPI). We link to these sources but do not control their privacy practices.
We have no advertising partners and do not share data with ad networks, data brokers, or marketing platforms.
We may disclose information if required by valid legal process (court order, subpoena) after consultation with legal counsel. We will notify affected users when legally permitted to do so.
Depending on your jurisdiction, you may have the following rights:
To exercise any right, contact us at contact@faceheatmap.app. We will respond within 30 days (or 45 days where permitted by law).
We implement reasonable technical security measures including: HTTPS/TLS encryption for all data in transit, Cloudflare DDoS protection and WAF, no storage of sensitive personal data, regular security reviews. However, no internet transmission is 100% secure. We cannot guarantee absolute security.
FaceHeatMap is not directed at children under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a minor, contact us immediately at contact@faceheatmap.app.
FaceHeatMap is operated in the United States. If you access our service from outside the US, your data may be processed in the US. By using our service, you consent to this transfer. We process data in accordance with applicable law.
We may update this Privacy Policy. Material changes will be indicated by updating the "Last Updated" date at the top of this page. Continued use of FaceHeatMap after changes constitutes acceptance of the updated policy.
For privacy-related requests, data deletion, or questions about this policy:
Email: contact@faceheatmap.app
Subject line: "Privacy Request" or "Data Deletion Request"
Response time: 30 days or less. For urgent matters, include "URGENT" in your subject line.