Trust Center
Transparency about how we protect children's data at every step.
Our commitment
Pro Photo Systems was built from the ground up with children's privacy as the top priority. We believe that parents should have full control over their child's photos and data, and that organizations should be able to modernize photo day without compromising on safety.
How face matching works
When a parent uploads a reference photo, our system generates a one-way mathematical embedding — a string of numbers that represents facial geometry. This embedding cannot be reverse-engineered into an image. We compare embeddings (never raw photos) to match children with their pictures.
Embeddings are stored in an isolated, encrypted database and are automatically deleted when the season ends. No face data is ever shared with third parties.
Parental consent flow
Before any face matching is performed, we require verifiable parental consent. Parents must create an account, verify their email, and explicitly opt in to face matching for each child. Consent can be withdrawn at any time, and photos can still be delivered via manual access codes.
Data retention
| Data type | Retention |
|---|---|
| Face embeddings | Deleted at season close |
| Photo galleries | Organization setting (default 12 months) |
| Account data | Until account deletion + 30 days |
| Payment records | 7 years (legal requirement) |
Compliance
COPPA
Children's Online Privacy Protection Act compliant.
FERPA
Family Educational Rights and Privacy Act compliant.
SOC 2 Type II
Independently audited security and availability controls.
Data Processing Agreement
Need a signed DPA for your organization? Download our standard agreement or contact us for a custom version.
Questions?
Reach our trust and security team at trust@prophotosystems.com or visit our contact page.