legal

Privacy Policy

This Privacy Policy describes how Raily LLC handles your data when you use the ai-scoring platform. We are committed to transparency about our data practices.

Overview

The ai-scoring Service is designed with privacy as a core principle. We do not require user accounts, we do not store photographs, and we do not use analytics tracking. This policy explains exactly what data we handle, how, and for how long.

Information We Collect

We collect only the minimum data necessary to provide the Service:

  • Photographs you upload (full-face and profile images) — processed in real-time and never stored.
  • Personality profile data (metrics, scores, sociotype) — processed in real-time and held only in ephemeral server memory.
  • Device information (IP address, browser type, user-agent) — collected automatically for rate limiting and security purposes only.
  • Language preference — stored locally in your browser only.

Photographs — Our Commitment

We want to be explicit about how we handle your photographs:

  • Photos are NEVER stored on our servers, databases, or any persistent storage.
  • Photos are NEVER used for machine learning training, model development, or any purpose beyond your individual analysis.
  • Photos exist only in transient memory during processing. They are sent to our analysis partner (Merlin/RAILY) for feature extraction and are immediately discarded.
  • Once your analysis is complete, all photo data is permanently and irrecoverably deleted from server memory through automatic garbage collection.

How We Use Your Information

We use the collected information solely for:

  • Generating your personality analysis and visualizations.
  • Delivering analysis results to your browser session.
  • Enforcing per-IP daily rate limits to ensure fair access for all users.
  • Maintaining the security and integrity of the Service.

Third-Party Processors

We use the following third-party services to deliver the Service:

Merlin / RAILY API (api.raily.cloud)

Receives your photographs for facial feature extraction and personality data generation. Acts as a data processor under our instructions. Your photos are not retained or used for training by this service.

Google Gemini API

Receives your personality scores (not photos) to generate narrative text interpretations. Only metric names and numerical scores are transmitted — no images or personal identifiers.

Upstash Redis

Used exclusively for per-IP rate limiting. Stores only your IP address hash and a daily counter. Keys auto-expire after approximately 25 hours. No personal data is stored.

Data Storage

Our architecture is designed to minimize data persistence:

  • No user accounts — the Service is completely anonymous.
  • No database — all server-side state is held in ephemeral process memory.
  • Analysis results are stored only in your browser's sessionStorage, which is cleared when you close the browser tab.
  • Your language preference is stored in your browser's localStorage and can be cleared at any time.

Data Retention

All data has strict, minimal retention periods:

  • Photographs: Retained for milliseconds during processing only. Never persisted to disk.
  • Analysis results: Held in server memory for the duration of your session. Cleared within 24 hours.
  • Rate limit counters: Automatically expire after ~25 hours.
  • Task metadata: Purged after 24 hours or when the task queue exceeds 100 entries.

Cookies and Tracking

We do NOT use cookies, analytics trackers, advertising pixels, or any third-party tracking technologies. The only data stored in your browser is your language preference (localStorage) and your analysis results (sessionStorage). No data is shared with advertising networks or analytics platforms.

Your Rights (GDPR / CCPA)

Regardless of your jurisdiction, we extend the following rights to all users:

  • Right to access — request a copy of any data we hold about you.
  • Right to deletion — since we do not persist your data, there is nothing to delete. Your photos and analysis data are ephemeral by design.
  • Right to correction — you may re-run analyses with different inputs at any time.
  • Right to data portability — your analysis results are available in your browser session and can be exported.
  • Right to object — simply stop using the Service. No data about you will remain.

To exercise any of these rights, contact us at [email protected]. Because we do not maintain user accounts or persistent records, most data subject requests are inherently satisfied by our architecture.

Children's Privacy

The Service is not directed at individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect data from children. If you believe a child has submitted personal data through the Service, contact us at [email protected] and we will take appropriate steps to address the matter.

International Data Transfers

The Service is operated from Qatar. Your data may be processed in countries outside your jurisdiction, including Qatar and the United States (for Google Gemini API processing). By using the Service, you consent to such transfers. We ensure that all third-party processors maintain appropriate data protection safeguards.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

Contact Us

For any privacy-related questions, data subject requests, or concerns, please contact us at:

Raily LLC

Al Shoumoukh Towers, 10th Floor, Tower B, Al Sadd, Doha, Qatar

Email: [email protected]

Effective date

July 17, 2026