Privacy Policy

Last updated: May 6, 2026

The short version

Free face-analysis tools: photos never leave your device. Analysis runs entirely in your browser using client-side AI. No server processing, no uploads, no storage.

Paid audit tiers ($29 Premium Audit, $39 4-Week Roadmap, $99 60-Day Glow-Up Plan, $149 Pro Audit): server processing is required. We send a compressed thumbnail of each photo to our server and to our AI vendor (Anthropic Claude) so a written report can reference visible details. Thumbnails are deleted after the report is generated. We never sell or share your photos, and we don't train AI models on your data.

1. Who we are

RealSmile ("we," "us," "our") operates the website realsmile.online. We provide free and premium AI-powered facial analysis tools. This Privacy Policy explains how we handle your information when you use our website and services.

2. Free face-analysis tools (in-browser)

The free tools on RealSmile (looksmaxxing test, face score, face rating, golden ratio, symmetry test, FWHR calculator, canthal tilt test, face shape test, am-i-ugly test, attractiveness test, headshot ranker desktop, mog-your-friends, and similar) use face-api.js, an open-source AI library that runs entirely in your web browser (client-side). When you upload or capture a photo for any of these tools:

  • Your photo is processed locally on your device
  • No image data is transmitted to our servers or any third party
  • No facial data, landmarks, or analysis results are stored by us
  • When you close the page, all photo data is discarded from your browser's memory

You can verify this yourself by opening your browser's developer tools (Network tab) while using any free RealSmile tool on a desktop browser — you will see no outbound requests containing image data. Mobile browsers may fall back to a server-side analysis path on a small number of tools (currently /headshot and /dating-photo-ranker) because mobile WebGL is too slow for the on-device model; in that case the photo is processed on our server and deleted from disk immediately after the score returns.

3. Paid audit tiers and AI photo generation

Unlike the free tools, the Premium Audit and AI glow-up / hairstyle-tryon previews require server processing. We are upfront about this so the disclosure here matches what actually happens on the wire:

  • When you upload photos for any paid audit tier ($29 Premium / $39 Roadmap / $99 60-Day Plan / $149 Pro), your browser computes a 320-pixel JPEG thumbnail of each usable photo and sends those thumbnails to our server alongside your numeric metric scores.
  • The thumbnails are forwarded to Anthropic (Claude API, our AI report writer) so the personalized report can reference visible details — lighting, crop, background, expression, wardrobe, grooming — instead of writing a generic numbers-only report. Anthropic does not train its models on API inputs by default and has its own privacy and data-handling policies (see Anthropic Privacy Policy).
  • The AI glow-up preview and AI hairstyle / beard try-on features send your selected photo to a third-party generative-AI vendor (FLUX / PuLID via Replicate) so an identity-preserving target image can be rendered. The output image is returned to you and stored against your audit so you can re-view it.
  • We do not sell your photos. We do not display them publicly. We do not use them to train AI models. Thumbnails and uploaded images associated with a paid audit are retained only for the lifetime of the audit record so you can re-download your report; we will delete them on request (email hello@realsmile.online).
  • Payment is processed by Stripe; we never see or store your card number.

If you want a face analysis with no server upload at all, use any of the free in-browser tools listed in section 2 instead.

4. Information we do collect

We collect limited, standard information to operate the website:

Analytics

We use Google Analytics to understand how visitors use our site (pages visited, time on site, device type, general location at the country/city level). This data is aggregated and does not include photos, facial data, or personally identifiable information. You can opt out using browser extensions like Google Analytics Opt-out.

Payment information

If you purchase a premium report, payment is processed by Stripe. We do not store your credit card number, CVV, or full payment details. Stripe handles all payment processing in compliance with PCI DSS standards. We receive only a transaction confirmation, your email (if provided), and payment amount. See Stripe's Privacy Policy for details.

Cookies

We use essential cookies for website functionality, analytics cookies (Google Analytics), and advertising cookies (described in the next section). EU and UK visitors are presented with a consent banner powered by Google's Funding Choices CMP, where you can accept or reject non-essential cookies before they are set.

Third-party advertising

RealSmile displays advertisements on certain pages (primarily blog content) to fund the free tools. These ads are served by third-party vendors, including Google AdSense. To deliver and measure ads, these vendors may use cookies and similar technologies, including the DART cookie, to serve ads based on your prior visits to this website and other sites on the internet.

  • Google's use of advertising cookies enables it and its partners to serve ads to you based on your visit to RealSmile and other sites on the internet.
  • You may opt out of personalized advertising by visiting Google Ads Settings.
  • You may also opt out of third-party vendor cookies via the Digital Advertising Alliance opt-out page.
  • We do not share your photos, facial analysis data, or paid-audit thumbnails with any advertising partner.

For more information on how Google uses data when you use our partner sites or apps, see How Google uses information from sites that use our services.

5. Affiliate links

Some pages contain affiliate links to Amazon and other retailers. When you click these links, the retailer may set their own cookies to track the referral. We earn a small commission on qualifying purchases at no extra cost to you. We do not share any of your personal information or facial analysis data with affiliate partners.

6. Data sharing

We do not sell or rent your personal information. We share limited data only with: Stripe (payment processing), Google Analytics (anonymous usage statistics), Google AdSense and its certified ad-tech partners (advertising on free / blog pages only), Resend (email delivery for opt-in subscribers), Vercel (website hosting), Anthropic (AI report writer for the paid Premium Audit), and Replicate / FLUX-PuLID (the generative-AI vendor that renders paid AI glow-up and hairstyle previews). For the free face-analysis tools, none of these parties receive your photos or facial analysis data because that data never leaves your device. For the paid Premium Audit and paid AI photo features, the relevant AI vendor receives the thumbnail or photo as described in section 3 above.

7. Data retention

Free in-browser tools: photos and facial analysis results are not retained (processed and discarded in your browser). Paid Premium Audit: thumbnails and uploaded photos are retained against your audit record so you can re-download your report; we will delete them on request. AI glow-up / hairstyle preview: the generated output image is retained against your audit record on the same basis. Analytics data: retained by Google Analytics per their standard retention policy (14 months by default). Payment records: retained as required by law for tax and accounting purposes.

8. Your rights

For free in-browser tools, we don't collect or store your photos, so there is nothing on our side to delete. For paid Premium Audit data (thumbnails, uploaded photos, generated output images, audit report) and any other data (analytics, payment records), you can email us at hello@realsmile.online and we will delete the record. If you are a resident of California (CCPA), the EU (GDPR), or another jurisdiction with data protection laws, you have the right to request access to, correction of, or deletion of your personal data.

8a. How to request data deletion

Three self-serve options. All three satisfy GDPR Article 17 (right to erasure) and CCPA § 1798.105:

  • 1. Sign in and use the privacy panel. Visit /account/privacy, click Delete my account, type DELETE to confirm. Immediate, no email round-trip. You can also choose "Hold for 30 days" for a recoverable soft-delete (see section 8b).
  • 2. Use the public link. Visit /account/data, enter your email, and confirm via the link we email you. Works without signing in (useful if you've lost access to the sign-in email).
  • 3. Email us. hello@realsmile.online. Manual processing within 30 days, free of charge, no questions asked.

To download a copy of every record we hold on you (GDPR Article 15), use the same /account/privacy panel and click "Download my data". Limit: one export per 24h.

8b. What data we retain after deletion (and why)

When you delete your account, every record tied to your email is erased except for the items below. We anonymize rather than delete these because the underlying records are legally required to be retained, but the personal binding (your email) is severed:

  • Refund records (RefundLog). Required for 7 years by US tax/accounting law (IRC § 6001). Your email is replaced with a one-way hash; the SKU + amount + reason text is retained for our books. We cannot reverse the hash.
  • Purchase rows (Entitlement). Same treatment — email anonymized, SKU + purchase timestamp retained for revenue reconciliation against Stripe.
  • Email-suppression record (EmailUnsubscribe). If you unsubscribed before deleting, we keep your address on a one-way suppression list. CAN-SPAM 15 U.S.C. § 7704(a)(4) requires us to honor opt-outs indefinitely — wiping the suppression row would let a future signup with the same address restart emails to you. The suppression list is regulatory-protected data the user wants us to remember.
  • Stripe invoice / tax history. Stripe retains its own copy under its own retention schedule (typically 7+ years). To request deletion of Stripe-side records, contact Stripe directly via your billing portal — we do not have the ability to delete records on Stripe's servers.
  • Deletion audit log (AccountDeletion). A new row is written for each completed deletion, containing only a one-way SHA-256 hash of your email, the timestamp, and counts of affected tables. This is our compliance evidence that the request was processed; it contains no recoverable personal data.

30-day grace period. If you choose "Hold for 30 days" instead of immediate deletion, your account enters a suspended state — emails are paused, sign-in is blocked, but no rows are erased yet. You can recover by signing back in within the window. After 30 days, an automated cron at /api/cron/grace-period-deletion runs the same hard-delete pipeline described above.

9. Children's privacy

RealSmile is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has used our service, please contact us and we will address your concerns.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Your continued use of RealSmile after changes constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or concerns, contact us at hello@realsmile.online.

Terms of ServiceAbout RealSmile