FaceReceipt

A privacy web app that helps you assemble a personal facial-recognition exposure dossier — every known incident your face was likely caught in, every vendor that still holds it, and a one-click bundle of pre-drafted deletion demands under BIPA, CCPA, CPRA, and GDPR.

Problem

When OkCupid handed Clarifai three million user photos in 2014, those users were never told. Twelve years later the FTC announced its March 30, 2026 settlement with Match Group — no fine, no user compensation, and no obligation to notify the people whose faces were in the dataset. The Clearview AI class action paid consumers in equity in a surveillance company, not cash. And modern age-verification services like Persona retain selfies for three years by default. The result: a typical adult has a facial-recognition footprint they cannot enumerate, cannot evidence to a regulator, and cannot demand deleted, because they don't know who holds it.

Target user

Privacy-aware consumers ages 25–55 who already use a password manager, have heard of Have I Been Pwned, and have at some point used a dating app, an age-verification flow, a "scan your face to unlock" app, or an old photo-app whose TOS quietly changed. Job-to-be-done: "show me, in one place, every credible reason to believe my face is in a facial-recognition vendor's index, and give me the exact paperwork to demand it deleted."

MVP scope

• Curated incident registry: a versioned JSON of public facial-recognition incidents — OkCupid → Clarifai (2014), IBM Diversity in Faces (2019), MegaFace, Clearview AI's web scrape, the 2026 age-verification stack hack, and ongoing FTC/state-AG settlements — each with affected service, date range, data types, and the legal basis a user can invoke to demand deletion.
• Exposure wizard: user answers a short series of questions ("which dating apps did you use before 2019?", "have you completed a Persona/Stripe Identity selfie check?", "do you have an old Facebook account from before tagging defaults changed?") and the app builds a personalized exposure list scored likely / probable / possible.
• Deletion-demand generator: for each exposed vendor, generate a pre-filled email under the strongest applicable law (BIPA in IL, CCPA/CPRA in CA, GDPR Article 17 in the EU/UK, generic state-AG complaint elsewhere) with the user's identifiers, the incident citation, and the legal deadline the vendor must respond by.
• Face Receipt PDF: a signed, dated one-pager summarizing the user's exposures and the demands they sent, suitable for attaching to a regulator complaint, a class-action claim, or a divorce/custody filing.
• Response tracker: a lightweight inbox-bridge (forward replies to a project address) that classifies each vendor reply as acknowledged / deleted / refused / silent and surfaces the silent ones at the legal-deadline mark.
• No selfie upload in MVP — exposure scoring is metadata-only. A future Pro feature can optionally call PimEyes / FaceCheck ID APIs to enumerate open-web indexing, but the free tier never touches the user's biometric.

Monetization

Freemium web app.

• Free: full incident registry, exposure wizard, three deletion demands per month, plain-text PDF export, single-user response tracker.
• Pro ($6/mo or $48/yr): unlimited demands, branded/signed PDF, response tracker with deadline reminders, optional opt-in reverse-face search via PimEyes/FaceCheck ID with the search artifact stored only locally, family plan for up to 5 people.
• Stretch B2B: same engine repackaged as a "Right-to-Erasure intake" widget that consumer apps embed to let their users submit deletion requests against upstream vendors, priced as B2B SaaS ($199–$499/mo per company).

Why now

The Match/OkCupid FTC settlement announced March 30, 2026 was the second high-profile event in a year where consumers learned their biometric had been laundered into a third-party AI training set without notice or compensation — Clarifai only deleted the photos in April 2026 under public pressure, not court order. Hackers published the surveillance stack hiding inside age-verification flows in February 2026, naming the specific vendors retaining selfies and ID scans. The EU AI Act's transparency obligations for biometric and generative systems begin entering force in August 2026, giving European users a fresh legal lever. Wrongful-arrest counts tied to facial-recognition misidentification crossed nine US cases by March 2026. The collective signal: people now believe their face is exposed and there is no consumer-grade tool to enumerate or contest the exposure.

Risks & open questions

• The incident registry has to stay accurate — wrong vendor → wrong demand → defamation/litigation exposure. Registry edits need a clear citation rule and a public changelog.
• Deletion-demand templates need a lawyer review before launch in BIPA / GDPR jurisdictions; CCPA/CPRA letters are lower risk but still benefit from counsel pass.
• The response tracker is the stickiest feature but adds support burden (forwarded emails, parsing failures, accidental PII in screenshots).
• Reverse-face-search via PimEyes/FaceCheck ID is monetizable but ethically fraught — it can also be used adversarially. Strong opt-in flow + rate limits + user-only viewing of results required.
• Distribution: privacy tools convert well on Twitter/X and via journalists, but Google Ads will refuse ads for "face deletion." Likely launch path is a Hacker News post + a one-page "see your face footprint" demo, then organic from privacy-focused newsletters.

Next step

Validate by manually walking 10 paid users through the wizard with the v0 registry, sending the generated demands on their behalf, and measuring three numbers at 30 days: % of vendors that respond, % that confirm deletion, and the user's self-reported confidence delta on a 1–10 scale. If at least 40% of vendors respond and confidence delta ≥ +3, promote to a weekly prototype: a static HTML demo of the wizard + a sample Face Receipt PDF.

Sources

• https://www.ftc.gov/news-events/news/press-releases/2026/03/ftc-takes-action-against-match-okcupid-deceiving-users-sharing-personal-data-third-party — FTC's March 30, 2026 enforcement action against Match/OkCupid for sharing three million user photos with Clarifai.
• https://techcrunch.com/2026/04/21/clarifai-okcupid-facial-recognition-ai-ftc-settlement/ — Clarifai's April 2026 deletion of the OkCupid photos following public pressure, post-settlement.
• https://stateofsurveillance.org/news/okcupid-ftc-settlement-clarifai-facial-recognition-3-million-photos-2026/ — Analysis of the "no fine, no notice, no compensation" outcome for the three million affected users.
• https://www.techdirt.com/2026/02/25/hackers-expose-the-massive-surveillance-stack-hiding-inside-your-age-verification-check/ — February 2026 hacker disclosure of age-verification vendors retaining selfies, IDs, and device fingerprints for years.
• https://scheerpost.com/2026/04/28/facial-recognition-data-is-a-key-to-your-identity-if-stolen-you-cant-just-change-the-locks/ — Framing piece on why facial-data exposure is uniquely irreversible and worth a consumer tool.
• https://artificialintelligenceact.eu/implementation-timeline/ — EU AI Act timeline showing transparency and high-risk biometric rules entering force August 2026.
• https://news.bloomberglaw.com/class-action/clearview-ai-gets-settlement-approved-in-face-scan-privacy-case — Clearview AI's equity-based consumer settlement, illustrating the gap between exposure and meaningful compensation.