Frequently Asked Questions

GDPR Compliance

Articles 15, 17, and 30 requirements

What is a GDPR Article 15 access request?

Article 15 gives individuals the right to obtain confirmation that their personal data is being processed, access to that data, and information about how it's being used. For photos, this means finding every image containing that person across all your systems. You have 30 days to respond completely.

Learn more about Article 15

How does Ansikt handle Article 17 right to erasure?

Ansikt identifies every photo containing a specific person across all connected sources. When you receive an erasure request, you get a complete inventory of images that need attention. You can then use Ansikt's Proxy feature to automatically blur faces in photos you want to keep, or generate a deletion report for images you remove entirely.

What records does Article 30 require?

Article 30 requires organizations to maintain records of processing activities, including: categories of data subjects and personal data processed, purposes of processing, data transfers, and retention periods. Ansikt automatically tracks which photos contain which individuals, when they were processed, and where they're stored—providing the documentation needed for Article 30 compliance.

How do I prove I searched everywhere for a DSAR?

Ansikt provides timestamped audit logs showing every source that was searched, when it was searched, and what was found. You can export a comprehensive report documenting your search scope and results—evidence that demonstrates due diligence to regulators and auditors.

Data Retention

Policies and data lifecycle management

How long does Ansikt store facial recognition data?

Face embeddings are stored as long as you maintain your Ansikt subscription and the source images remain in your connected systems. When source images are deleted, Ansikt automatically removes the corresponding face data within 24 hours. You can also configure automatic purging of face data after specified periods to align with your data minimization policies.

Can we set custom retention policies?

Yes. Ansikt supports custom retention policies at the organization level. You can configure automatic deletion of face embeddings after a specified period, set different retention rules for different image sources, and establish retention schedules that align with your organization's data governance policies.

What happens to data when someone is deleted?

When a person is removed from your organization (e.g., former employee, departed member), Ansikt immediately removes their associated face embeddings from the recognition index. Historical audit logs are retained for compliance purposes but anonymized. You receive a deletion certificate confirming complete removal of biometric data.

Technical

APIs, integrations, and infrastructure

Do you offer API access?

Yes. Ansikt provides a comprehensive REST API for all platform functions: searching for people, retrieving results, managing sources, generating reports, and exporting data. API documentation is available to all customers, and we offer SDKs for common languages. Rate limits vary by plan tier.

What SSO providers do you support?

Ansikt supports standard SAML 2.0 and OpenID Connect (OIDC) for single sign-on. This includes compatibility with major identity providers including Azure AD, Okta, Google Workspace, OneLogin, and any other SAML/OIDC-compliant system. We also support Zitadel natively for organizations using our recommended identity infrastructure.

What integrations are available?

Ansikt integrates with SharePoint, Google Drive, Amazon S3, WordPress, Drupal, and custom websites via our Watchtower crawler. For enterprise customers, we offer custom integrations with DAM systems, CMS platforms, and proprietary storage systems. Contact us for specific integration requirements.

Is there an on-premise option?

Ansikt is cloud-hosted only. We don't offer on-premise deployments. However, our cloud infrastructure is 100% EU-hosted with no data transfers outside the EU. For organizations with strict air-gapped requirements, we can discuss private cloud deployments on EU-based infrastructure—contact our sales team for details.

Security

Encryption, certifications, and hosting

What encryption do you use?

All data is encrypted in transit using TLS 1.3. At-rest encryption is provided by our S3-compatible storage infrastructure using AES-256. Face embeddings (the mathematical representations used for recognition) are stored with organization-based access controls. We follow industry best practices for key management and rotation.

What certifications do you have?

Ansikt is working toward ISO 27001 certification. Our infrastructure provider maintains SOC 2 Type II, ISO 27001, and ISO 27701 certifications. We're GDPR compliant by design and conduct regular penetration testing. Security documentation is available under NDA for enterprise customers undergoing vendor assessment.

What are your breach notification procedures?

In the event of a security breach affecting personal data, we notify affected customers within 24 hours of discovery. We provide a detailed incident report including: nature of the breach, categories of data affected, likely consequences, and measures taken. We support your GDPR Article 33/34 notification obligations to supervisory authorities and data subjects.

Where is data hosted?

100% in the European Union. Our primary infrastructure is hosted in Germany with backup facilities in the Netherlands. No data is transferred to, processed in, or stored in the United States or any other non-EU jurisdiction. This eliminates Schrems II concerns and SCC complexity.

Pricing

Plans, billing, and trials

What is your pricing model?

Ansikt uses a tiered subscription model based on image volume and organization size. Plans start at €299/month for small organizations (up to 50,000 images). Mid-tier plans cover larger image libraries and additional users. Enterprise pricing is customized for organizations with 500,000+ images or complex requirements.

What is included in each tier?

All tiers include: unlimited sources, unlimited users, API access, standard integrations (SharePoint, Google Drive, S3), email support, and regular security updates. Higher tiers add: priority support, custom integrations, dedicated account management, advanced analytics, and higher API rate limits. See our pricing page for full details.

Do you offer volume discounts?

Yes. Organizations with 1 million+ images qualify for volume pricing. Multi-year commitments also receive discounted rates. Contact our sales team for a custom quote based on your specific image volume and usage patterns.

Is there a free trial?

We offer a 14-day free trial for qualified organizations. During the trial, you can connect up to 3 sources and process up to 10,000 images. No credit card required. At the end of the trial, you can subscribe to continue or export your data and delete your account. Contact us to request trial access.

Implementation

Setup, training, and support

How long does implementation take?

Typical implementation takes 2-4 weeks. Week 1: Account setup, SSO configuration, and initial source connections. Weeks 2-3: Initial crawl and processing of existing images. Week 4: User training and workflow integration. Large organizations with millions of images may require 6-8 weeks for complete initial processing.

What are the technical requirements?

Ansikt is cloud-hosted—you don't need to install or maintain any software. You need: (1) Admin access to the image sources you want to connect, (2) A modern web browser for the dashboard, (3) For SSO: SAML 2.0 or OIDC support in your identity provider. No local software installation, no server requirements, no maintenance burden.

Do you provide training?

Yes. All tiers include access to video training materials and documentation. Mid-tier and above include a live onboarding session for your team. Enterprise plans include custom training tailored to your workflows and on-site training options (EU locations). We also provide train-the-trainer sessions for organizations with internal training teams.

What support is included?

All plans include email support with next-business-day response times. Mid-tier adds priority email/phone support with 4-hour response SLA. Enterprise includes 24/7 support with 1-hour response for critical issues, a dedicated account manager, and quarterly business reviews. All customers have access to our documentation and community forum.

Legal

DPA, subprocessors, and compliance

Is a DPA available?

Yes. A standard Data Processing Agreement (DPA) is available for all customers. The DPA covers: roles and responsibilities, data subject rights, security measures, subprocessor management, breach notification, and audit rights. The DPA is pre-signed and available for your legal team to review during the trial or procurement process.

Can I see your subprocessor list?

Yes. We maintain a current list of subprocessors with their functions and locations. Our infrastructure is hosted on EU-based cloud providers. We use minimal third-party services—all GDPR-compliant and EU-hosted. The subprocessor list is updated quarterly and customers are notified of any changes 30 days in advance per GDPR Article 28 requirements.

What is your data residency policy?

All customer data—photos, face embeddings, metadata, and audit logs—is stored exclusively in EU data centers. We don't transfer data outside the EU for processing, backup, or any other purpose. Our support team accesses data only from EU locations. This policy is contractual, not just technical—we're liable if data leaves the EU.

Are you Schrems II compliant?

Yes. Ansikt eliminates Schrems II concerns entirely by never transferring personal data to the United States or any non-EU country. We don't use US cloud providers. We don't transfer data for processing. We don't have US support staff accessing EU data. No Standard Contractual Clauses (SCCs) are needed because no transfers occur.