How It Works Open App

How We Protect Your Photos

MaskMyKid was built by a parent, for parents. We understand the trust it takes to upload a photo of your child — and we take that seriously. Here's exactly what happens when you use our app.

We never store your photos.

We never share your photos.

We never use your photos to train AI.

What Happens When You Upload a Photo

1
Your photo stays in your browser When you upload a photo, it loads directly into your browser's memory. It's not uploaded to a MaskMyKid server or saved anywhere.
2
AI detects the face Your photo is sent briefly to Google's Gemini AI to detect where the face is. Google processes it in real time and does not store it. Google's API terms prohibit using customer data for training.
3
AI generates the mask The photo is sent to Gemini again to generate a realistic mask over the face. The AI processes the image and returns the result immediately — nothing is saved on Google's servers after the response.
4
Your browser does the final compositing The mask is blended onto the original photo right in your browser using canvas technology. Color matching, lighting adjustments, and edge blending all happen locally on your device.
5
You download the result The masked photo exists only in your browser. When you download or share it, it goes directly from your browser to your device. We never see the final result.

What We Store (and Don't Store)

Your account includes an email address and a credit balance — that's it. We use Supabase (a secure, open-source database platform) to manage accounts. Your photos, masked results, and any image data are never written to our database or any file storage system.

Payments are handled entirely by Stripe. We never see, process, or store your card details. Stripe is PCI Level 1 certified — the highest level of payment security certification.

Technical Details

Photo Processing All image processing after AI generation happens client-side in your browser via HTML5 Canvas. The original photo and final result never touch our servers. The only server interaction is the AI API call to Google Gemini for face detection and mask generation.
HEIC Conversion If you upload an iPhone HEIC photo, it may be briefly sent to our server for format conversion (HEIC to JPEG). This conversion happens in memory on a temporary serverless function — no files are written to disk, and the container is destroyed immediately after the response.
Google Gemini AI We use Google's Gemini API for face detection and mask generation. Google's Cloud API terms state that customer data submitted via API is not used to train Google's models. Data is processed in transit and not retained after the API response is delivered.
Infrastructure MaskMyKid runs on Netlify (static hosting + serverless functions) and Supabase (authentication + database). There is no traditional server, no file storage bucket, and no image database. Your photos have nowhere to be stored even if we wanted to — which we don't.

Questions?

We're happy to answer anything about how your data is handled. Reach out anytime at hello@maskmykid.com.