Skip to content
FaceGate

Privacy & Trust

The page a privacy officer can read end-to-end.

Structured, citable, scannable. Every claim on this page can be checked against the app source or a published regulator document.

The on-device claim

What “on-device” means here.

FaceGate is a phone app. Face detection, embedding (the 512-d vector that represents a face), matching, and classification all run on the phone’s CPU and GPU. There is no network call to a FaceGate server, because there is no FaceGate server.

  1. 01

    Photo

    Selected from the device gallery or camera.

  2. 02

    Detect

    ML Kit finds and crops faces to 112 × 112 pixels.

  3. 03

    Match

    AuraFace v1 embeds each face and compares it against the consent list.

  4. 04

    Verdict

    Safe, Unsafe, or Review — written to the local audit log.

All four steps run on the phone’s CPU and GPU.No network calls

Data flow

Where everything lives and how to delete it.

What we collectWhere it’s storedWho has accessHow to delete
Photos you importPhone storage only (sandboxed)The phone's operatorRemove from app gallery or wipe biometric data
Face crops & embeddingsOn-device SQLite databaseThe phone's operatorSettings → Wipe biometric data
Consent list (names, status, photos)On-device SQLite databaseThe phone's operatorSettings → Wipe biometric data, or export then delete
Audit logOn-device SQLite databaseThe phone's operatorSettings → Clear audit log

Australian Privacy Principles

APP-by-APP alignment.

Designed against the Privacy Act 1988 (Cth) and the 13 APPs. Below are the ones that bear directly on biometric data and the school-publishing workflow. Click any card to expand.

  • APP 1Open and transparent management of personal information.

    How FaceGate satisfies it

    We publish this page, the privacy policy, and a named privacy contact (below). The app discloses what it processes on first launch.

  • APP 3Only collect personal information that is reasonably necessary.

    How FaceGate satisfies it

    FaceGate collects names, face photos, and consent status — the minimum needed for matching. Nothing else.

  • APP 5Notify the individual of the collection.

    How FaceGate satisfies it

    The app's first-tap consent gate explains, in plain language, what is processed, why, and where it stays.

  • APP 6Use or disclose only for the primary purpose.

    How FaceGate satisfies it

    Biometric data is used solely to match against the consent list. There is no secondary use and no disclosure.

  • APP 8Take reasonable steps before disclosing personal information overseas.

    How FaceGate satisfies it

    FaceGate has no cross-border transfer to take steps about — biometric data never leaves the device.

  • APP 11Take reasonable steps to protect personal information.

    How FaceGate satisfies it

    On-device storage with OS-level sandboxing and full-disk encryption. No network endpoints to attack.

  • APP 12Provide access on request.

    How FaceGate satisfies it

    The consent list and audit log are visible in the app at any time. Export is available.

  • APP 13Correct personal information on request.

    How FaceGate satisfies it

    Every person, photo, status, and override is editable from inside the app. Re-classification is automatic.

Regulatory horizon

What’s changing, and when.

  1. 10 June 2025

    Statutory tort of serious invasion of privacy (Cth)

    Federal statutory tort creates a direct cause of action for serious privacy invasions. On-device-only design minimises exposure.

  2. 1 July 2026

    WA PRIS Act commences

    The Western Australian Privacy and Responsible Information Sharing Act 2024 takes effect for public-sector bodies including state schools.

  3. 10 December 2026

    Children's Online Privacy Code in force

    Federal code regulating online services likely to be accessed by children. FaceGate is operated by school staff, not students, and is not an online service — out of scope.

  4. 1 January 2027

    WA Notifiable Information Breach provisions

    Mandatory breach-notification provisions come into force in WA. FaceGate is designed to minimise breach surface — no central store to breach.

Accuracy

How well it performs.

Measured on FaceGate’s internal 18-person × 95-image evaluation set using AuraFace v1, the production model.

0.920

F1 score

Combined precision + recall

0.992

Precision

Of confident matches, ratio correct

1 / 1,568

False positives

On the internal negative set

The model

A one-line model card.

Name
AuraFace v1
Architecture
ResNet100 + ArcFace head
Embedding dim
512
Licence
Apache 2.0 (commercial)
Publisher
fal.ai
Size
≈ 249 MB
Input
112 × 112 RGB, normalised to [-1, 1]
Benchmark
F1 0.920 · precision 0.992 (internal)

The model is bundled with the app; no remote model fetch at runtime. The model identifier and threshold settings are written into every audit-log entry.

Audit trail

Everything that happens is recorded.

Every enrolment, classification, override, and consent change is logged with a timestamp, the model in use, and the thresholds applied. The log is queryable in-app and exportable for evidence packs.

Contact a privacy officer

Direct line to the responsible person.

Privacy enquiries — whether from a school, parent, or regulator — come straight to Matthew Haskins, the founder and the named privacy contact.

matthew.haskins.mh@gmail.com