Effective 2026-05-27

Privacy policy

Short version: we collect the minimum we need to sell you race photos, we don’t sell your data to anyone, and selfies you upload to find your photos are not kept.

What we collect

We collect three categories of data, and only when you give it to us:

  • Search inputs. A bib number you type or a selfie you upload. Bib numbers are stored alongside your purchase so we can re-deliver photos later. Selfies are used only to run a one-time face match against the event’s photos and are deleted within 24 hours of that match.
  • Purchase + account data. If you buy photos or create an account, we keep your email, the event and photos you bought, the amount you paid, and the date of purchase. This lets you re-download and gives you a receipt.
  • Basic technical data. Standard server logs (IP address, browser, page URL, timestamps) for security and to debug issues. We keep these for 30 days.

What we do NOT collect

  • We don’t store your credit card number — that goes straight to Stripe or PayPal.
  • We don’t run third-party advertising or marketing trackers.
  • We don’t train AI models on your selfie or your photos.
  • We don’t sell or rent your data to anyone.

Who we share data with

We share data with a small set of service providers, only as needed:

  • Stripe / PayPal — process payments. They receive the purchase amount, your email, and standard payment metadata.
  • Google — if you choose to sign in with Google, we receive your name, email, and profile picture from Google.
  • Our hosting provider (Vercel) — hosts the site; receives standard server logs.

That’s it. No data brokers, no ad networks.

Cookies

We use a small number of strictly-necessary cookies and browser-storage entries to remember your cart and let you sign in. We do not set tracking or advertising cookies.

Face data

When you upload a selfie to find your photos, the image is processed to extract a face embedding (a numerical fingerprint of facial features) that we compare against the embeddings of faces in the event photos. The original selfie is deleted within 24 hours. The embedding itself is deleted with it. We do not link your face embedding to your name or email unless you also buy photos in the same session.

Your rights

  • Access. Email hello@mikian.photos and we’ll send you a copy of the data we have on you.
  • Deletion. Same email — we’ll delete your account and all associated data within 30 days. (We may keep a minimal record of past transactions for tax and accounting purposes, as required by law.)
  • Takedown. If a photo you appear in shouldn’t be public, email us and we’ll remove it from public view within a few business days.

Children

The service is not directed at children under 13. We don’t knowingly collect personal data from anyone under 13. If you believe we have, email us and we’ll delete it.

Security

Data is encrypted in transit (HTTPS) and at rest on our hosting provider. Payments are handled by Stripe / PayPal under their own PCI-compliant infrastructure. No system is 100% secure; if we ever have a breach that affects your data, we’ll notify you by email within 72 hours of discovering it.

International users

We operate from the United States. If you use the service from elsewhere, your data will be transferred to and processed in the US. EU/UK users have the additional rights described under GDPR; reach us at hello@mikian.photos to exercise them.

Changes

We’ll update the effective date at the top of this page when we change anything, and notify account holders by email if a change is material.

Contact

Questions, data requests, or anything else: hello@mikian.photos.

← HomeTermsPrivacy