The FaceApp application goes viral for a new aging feature that allows you to edit a person’s face to make it appear older or younger.

FaceApp uses artificial intelligence to create an image of what you may look like in a few decades. The FaceApp Challenge is blowing up because of celebrities and basically everyone contributing to the challenge.

The popularity the app gained had people questioning whether their data is protected or not. It immediately uploads all your camera roll pictures to its servers, sparking user concern.

The app doesn’t mention processing photos on their servers, nor does it state how long it retains uploaded photos. The developers of the app don’t make this explicit in their privacy policy.

READ: The UK investigates ‘TikTok’ for children’s privacy rights

FaceApp is granted a free hand to do whatever it wants with your pictures according to their terms of service.

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”

Since photos aren’t only narrowed to personal photos, but sensitive information like banking, it could be quite dangerous. Photo access is a security risk that shouldn’t be taken lightly.

Luckily for us, Forbes contacted founder Yaroslav Goncharov, who promised to give a statement on the situation providing further explanation. It reads:

We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:

  1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
  2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
  3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
  4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
  5. We don’t sell or share any user data with any third parties.
  6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.

Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.