Logo

Privacy Policy

Last updated: April 2026

At iSamurai ("we," "our," or "us"), we take your privacy seriously. This Privacy Policy explains what data we collect, how we use it, how we protect it, and what rights you have over it. By using our platform at isamur.ai and our mobile applications, you agree to the practices described below.


1. Who We Are

iSamurai is an AI-powered face swap and video processing platform. Our website address is https://isamur.ai. We provide tools for face swapping in images and videos, AI-powered image restoration, slow motion video generation, and related creative services.


2. What Data We Collect

Account Information

When you create an account, we collect:

  • Username — chosen by you during registration
  • Email address — for account verification, password recovery, and important service communications
  • Password — stored only as a secure, irreversible hash (we never see or store your actual password)
  • Name — if provided via Google sign-in
Google OAuth

If you sign in with Google, we receive your name and email address from Google. We do not receive or store your Google password. We use this information solely to create and authenticate your iSamurai account.


Uploaded Media & Biometric Data

When you use our services, you may upload:

  • Face images (source photos used for face swapping)
  • Target images and videos (media you want to process)
  • Generated outputs (results produced by our AI)

Important — Biometric Data Notice: Face images constitute biometric data under laws such as GDPR, BIPA (Illinois Biometric Information Privacy Act), and similar regulations. By uploading face images to iSamurai, you consent to our processing of this biometric data solely for the purpose of providing the face swap service you requested. We do not use your face images to build facial recognition databases, train AI models, or for any purpose other than delivering your requested output.


Payment Information

Payments are processed securely by Stripe. We never see, store, or have access to your full credit card number, CVV, or bank details. Stripe provides us with a customer ID (for managing your subscription), transaction amounts and dates (for invoicing), and subscription status. For more information, see Stripe's Privacy Policy.


Usage Data

We collect anonymized usage statistics such as credits consumed, number of jobs processed, and feature usage. This helps us improve our service and plan capacity. This data is aggregated and cannot be used to identify you personally.


3. How We Use Your Data

We use your data exclusively to:

  • Provide our services — process your face swaps, restorations, and slow motion videos
  • Manage your account — authentication, subscription management, credit tracking
  • Process payments — via Stripe for subscriptions and booster purchases
  • Provide support — respond to your support tickets and inquiries
  • Improve our platform — using anonymized, aggregated usage data only

We do NOT:

  • Use your uploads to train AI models
  • Sell your data to third parties
  • Share your data with advertisers
  • Use your biometric data for any purpose beyond delivering the service you requested

4. Third-Party Services

We do not share your uploaded media (face images, videos, outputs) with any third party. All AI processing happens on our own servers.


5. Cookies & Authentication

We use minimal cookies and tokens:

  • JWT authentication tokens — stored in your browser to keep you logged in. These contain only your user ID and expiration time, no personal data.
  • Session cookies — standard browser cookies for maintaining your session.
  • Cache — we use server-side caching to speed up your experience. Cached data is temporary and automatically expires.

We do not use tracking cookies, analytics cookies, or advertising pixels. We do not track you across other websites.


6. Data Security

We implement multiple layers of security to protect your data:

  • Encryption in transit — all connections use HTTPS/TLS encryption
  • Password hashing — passwords are stored using industry-standard one-way hashing (they cannot be reversed)
  • Secure payment processing — handled entirely by Stripe; we never touch your card details
  • API key security — API keys are hashed with SHA-256 before storage; the plain key is shown only once at creation
  • Isolated processing — AI processing runs in isolated containers with access limited to active jobs
  • Webhook verification — all payment webhooks are cryptographically verified to prevent tampering

7. Your Rights — Access & Deletion

You have full control over your data at all times. We provide two ways to exercise your rights:


Delete Individual Content

You can delete specific files — source images, previews, or generated outputs — directly from your Gallery at any time. Files are permanently removed from our servers immediately upon deletion.


Delete Your Entire Account

If you want to erase everything, go to your Profile page and click "Delete My Account" at the bottom. You will be asked to confirm twice — first with a confirmation prompt, then by typing DELETE — to prevent accidental deletion.

When you delete your account, the following is immediately and permanently removed:

  • All face swap projects — source images, target videos, and output files
  • All studio projects — timelines, videos, and previews
  • All slow motion projects — source and output videos
  • All gallery content — uploaded source images, generated previews, and face mapping data
  • Your support tickets — all messages and attachments
  • Your API keys — revoked and deleted instantly
  • Your active subscription — cancelled immediately
  • Your personal information — username, email, name, and password are all erased

After deletion, your account is fully anonymized. Your username is replaced with a random identifier, your email is removed, and your password is set to an unusable state. You cannot be identified from what remains.


8. What We Retain After Account Deletion

We retain a small amount of anonymized data strictly for legal and operational reasons:

  • Payment records — Invoice amounts, dates, and transaction IDs are kept for tax and accounting compliance, as required by law in most jurisdictions (typically 5–7 years). These records are linked to an anonymized user ID, not to your name or email.
  • A one-way hash of your email — We store a cryptographic hash (SHA-256) of your email address. This hash cannot be reversed to reveal your actual email — not by us, not by anyone. It exists solely to prevent abuse (for example, someone deleting their account repeatedly to obtain free credits). We never see, store, or have access to your original email after deletion.

Everything else — every image, every video, every project, every piece of personal information — is permanently and irreversibly erased.


9. Returning After Deletion

If you choose to create a new account with the same email after deletion, you are welcome to return. Your new account will start clean — no projects, no gallery, no files. Your credit balance will be restored to what it was at the time of deletion (not reset to a fresh allocation), to ensure fairness for all users.


10. Data Retention

  • Active accounts — your data is retained for as long as your account exists
  • Uploaded media — kept until you delete it or delete your account
  • Payment records — retained for 7 years after the transaction date for legal compliance
  • Server logs — automatically rotated and deleted within 30 days
  • Deleted accounts — all personal data is erased immediately; only anonymized payment records and the email hash are retained as described above

11. Children's Privacy

iSamurai is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has created an account, please contact us and we will delete it promptly.


12. International Data Transfers

Our servers are located in secure data centers. If you access iSamurai from outside the region where our servers are hosted, your data may be transferred internationally. We ensure that all transfers comply with applicable data protection laws and that your data receives the same level of protection regardless of where it is processed.


13. Compliance & Legal Framework

Our privacy practices are designed to align with and exceed the expectations of modern data protection regulations, including:

  • GDPR (General Data Protection Regulation) — the European Union's comprehensive data protection law
  • Right to Erasure (GDPR Article 17) — the "Right to Be Forgotten," which our account deletion feature directly implements
  • CCPA (California Consumer Privacy Act) — granting California residents the right to know what data is collected and to request its deletion
  • BIPA (Illinois Biometric Information Privacy Act) — regulating the collection and handling of biometric data, including face images
  • LGPD (Lei Geral de Protecao de Dados) — Brazil's general data protection law
  • PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada's federal privacy law
  • UK Data Protection Act 2018 — the United Kingdom's implementation of GDPR principles
  • Privacy by Design — a framework we follow that embeds privacy into every stage of product development
  • Data Minimization Principle — we only process data that is strictly necessary for the purpose it was collected

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify users through the platform. The "Last updated" date at the top of this page indicates when the most recent revision was made.


15. Contact Us

If you have any questions about this Privacy Policy, want to exercise your data rights, or need to report a concern, please contact us at:

We aim to respond to all privacy-related inquiries within 30 days.