Seventeen questions, real answers.
The questions DPOs, procurement teams and skeptical engineers actually ask us. Edited only for length. No marketing detours.
Product & how it works.
The functional questions. What it does, where it sits, what it doesn't do.
What does Ansikt actually do?
Ansikt reads the photo sources you connect, detects faces, links appearances to known people, and keeps the review trail. You can search by person record or reference photo, then export the appearances with source paths, crawl dates and confidence labels.
It is built for one job: accounting for photos of people when consent, withdrawal, access requests or erasure requests are involved.
Where does the original photo live?
Where it already lives: your DAM, CMS, Drive, SharePoint, S3 bucket or other connected source. Ansikt reads the image data needed for analysis, then keeps the working records: source path, detections, person links, review state and audit history.
Originals stay in your systems. Temporary processing copies are discarded after scanning.
How accurate is recognition?
Each match carries a confidence label: High, Likely or Review. Strong matches can move through the normal workflow. Uncertain matches stay visible for human review.
We do not publish numeric thresholds. We also do not pretend every face is usable. Tiny faces, heavy occlusion, blur, harsh shadows and stylised images reduce accuracy. See accuracy & limits.
What about group photos?
Each detected face becomes its own appearance tied to the same image. A class photo with 24 children is handled as one image with many appearances, not as one blanket decision.
Where the URL Proxy is in use, a withdrawal can blur the withdrawn subject on the next request while other consented faces remain visible. The proxy is in preview and only applies to images served through it.
How long does setup take?
It depends on the source, archive size and how clean the existing records are. A first setup usually starts with one connector, one image set and one Campaign. From there, the initial crawl builds the working view and queues review work as it finds it.
The setup walkthrough shows the shape of the first hour.
Privacy & the law.
The hardest questions, kept in one place. We answer the same way to a procurement officer and to a skeptical journalist.
Isn't face recognition special category data?
Yes. Biometric data used to uniquely identify a person can fall under Article 9. Processing it needs a lawful basis and a special-category condition.
You are the controller. You decide the lawful basis and whether the processing is appropriate for your organisation. Ansikt acts as processor under documented instructions and only for the purpose of running the service for you. We do not give legal advice, but we do make the processing visible enough for your DPO to assess.
Can the data subject see what you have on them?
The subject portal is in preview. It gives the person in the photos a view of their appearances, Campaigns and decisions, and a way to request changes from one place.
The controller still owns the response. Ansikt keeps the request, decision and action trail together.
What if a photo is deleted at the source?
When a connected source no longer contains a photo, the next crawl records that change. The working appearance data tied to that source image is removed according to the retention rules for the workspace.
The audit trail keeps the fact of the removal: source path, timestamp and action. Enough to show what happened without keeping the underlying image.
Can a regulator audit the system?
Ansikt gives you exportable records: source paths, review decisions, operator actions, timestamps and reasons. That is the material your DPO can use when answering an audit, access request or erasure request.
As processor, Ansikt supports supervisory-authority requests routed through you, the controller, under the DPA.
Do you train models on customer data?
No customer archives are used for third-party model training. Customer data is processed to provide the service inside that customer workspace.
If the data-use policy changes, it changes in the contract before it changes in the product. We will not bury that in a product update.
Security & hosting.
Short answers. The longer technical write-up lives on security.
Where is the data hosted?
The live production sub-processor list has one name: Hetzner in Frankfurt for compute and primary storage. No US vendors are used to operate the production service.
Additional sub-processors will be added before launch, and each one will be disclosed before it handles customer data. See Security.
What encryption do you use?
Production data is encrypted at rest and in transit. Connector traffic and the console use HTTPS.
For a procurement review, use the Security page as the current public source. Vendor questionnaires can go to hej@ansikt.dk.
Are you ISO 27001 certified?
No. Ansikt is working towards ISO 27001 readiness. We do not claim certification, an audit underway, or an auditor engagement we do not have.
Until that changes, we can walk through the current control posture directly.
How do I report a vulnerability?
Email security@ansikt.dk with reproduction steps. Pre-launch we are still building out the formal disclosure programme — your email reaches a human, and we credit reporters by name unless asked otherwise.
Pricing & procurement.
Pricing and packaging are still being worked out. Talk to us if you want to be in the conversation.
What does it cost?
Pricing is not pinned down yet. We are still working out packaging with early customers: archive size, source count, review volume, proxy use and support level all matter.
If you want to be in that conversation, get in touch: hej@ansikt.dk.
Company & ethics.
The questions that decide whether you trust us, separate from whether the product works.
Will you sell to law enforcement?
Not for live or investigative use. Ansikt only searches systems the customer connects and has a lawful basis to process. We do not crawl the open internet, and we do not enable real-time surveillance.
The product is for compliance work: finding photos so organisations can honour consent, access, withdrawal and erasure obligations.
How do I get in touch?
Email is the fastest route today: hej@ansikt.dk.
If you want to see the product first, start with the interactive demo.