Back to FazeSwapFazeSwap logoFazeSwap
Legal

Privacy Policy

We take your privacy seriously. This policy explains exactly what data FazeSwap collects, why we collect it, who we share it with, and how you can control it.

Last updated April 26, 2026

1. Introduction

FazeSwap (“we,” “us,” “our”) provides AI-powered face swap, talking avatar, and lip sync services through our website (fazeswap.com), mobile apps (iOS and Android), and desktop apps (Windows and macOS).

This Privacy Policy applies to everyone who uses FazeSwap. It is written to comply with the Nigeria Data Protection Regulation (NDPR), the Nigeria Data Protection Act 2023 (NDPA), and — for users in the European Union, United Kingdom, and elsewhere — the General Data Protection Regulation (GDPR) and equivalent laws.

By using FazeSwap, you agree to the practices described here. If you do not agree, please do not use the service.

2. What we collect

Information you give us directly

  • Account information: name, email address, password (stored as a one-way hash, never in plain text).
  • Photos and videos you upload to face-swap, generate talking avatars from, or use for lip sync.
  • Face library entries: photos you save to reuse across features, with the names you give them.
  • Payment information: card details, mobile-money numbers, or crypto-wallet addresses when you subscribe or buy credits. Card numbers are processed directly by our payment partners (Paystack, Flutterwave, Korapay, Cryptomus, NOWPayments, Circle, Apple, Google) and never touch our servers.
  • Support messages you send us by email or contact form.

Information we collect automatically

  • Device and usage data: device type, operating system, app version, IP address, and how you interact with FazeSwap (e.g. which features you use, how long videos take to render).
  • Cookies and similar technologies: see our Cookie Policy for the full list.

3. How we use it

We use your data only for these specific purposes:

  • Provide the service: deliver the face swap, avatar, lip sync, and live face swap features you request.
  • Process payments: charge for subscriptions and credit packs through our payment partners.
  • Send transactional emails: account verification, password resets, payment receipts, and notifications when your video is ready.
  • Improve the service: analyse usage patterns to find bugs, improve performance, and decide which features to build next. We never use your uploaded media for this — only aggregated metrics.
  • Prevent abuse: detect and block fraud, illegal content, and behaviour that violates our Terms of Service.
  • Comply with the law: respond to legal requests, tax obligations, and regulatory requirements.

4. AI processing & your face data

Face data is sensitive personal data, and we treat it that way. Here is exactly how it's handled in each FazeSwap feature:

Recorded face swap, talking avatar, and lip sync (cloud)

  • Your uploaded photos and videos are sent over an encrypted (HTTPS) connection to our storage on Cloudflare R2.
  • They are passed to our AI partners (WaveSpeedAI for face swap; HeyGen for avatars and lip sync) only for the duration of processing your job. Our partners do not retain your media after the job completes.
  • The output video is saved to your account so you can download or share it.
  • You can delete any uploaded media or generated video from your account at any time. Deleted files are permanently removed from our storage within 30 days.

Live face swap (Desktop only)

Live face swap (used during Zoom / Google Meet / Teams / Discord / WhatsApp Desktop / Telegram Desktop calls) runs entirely on your computer. The AI model is downloaded once when you first open the desktop app, then every face-swap calculation happens locally. FazeSwap servers never see your camera feed. The desktop app only contacts our backend to (a) check your plan's daily minute limit and (b) record how many minutes you used today so the cap can be enforced.

What we never do

  • We never use your media to train AI models. Period.
  • We never sell your data to third parties for marketing or advertising.
  • We never share your photos or videos with anyone except the AI partners listed above, and only for the brief time needed to process your specific request.

5. Who we share with

We share data only with the partners we need to operate the service:

  • AI providers: WaveSpeedAI (face swap), HeyGen (talking avatar, lip sync) — only the specific media for the job you requested.
  • Storage: Cloudflare R2 — your uploaded and generated media.
  • Payment processors: Paystack, Flutterwave, Korapay, Cryptomus, NOWPayments, Circle, Apple App Store, Google Play Store — only the data needed to process your payment.
  • Email providers: Brevo (primary), Resend (fallback) — your name and email address to send transactional emails.
  • Authentication: Google (for “Sign in with Google”) — only the basic profile fields you authorise.
  • Hosting: our application servers run on a Contabo VPS in Europe.

We may also disclose data when legally required (court orders, subpoenas, regulator requests) or to protect FazeSwap and our users from fraud, abuse, or harm.

6. How long we keep it

  • Account data: as long as your account is active. If you delete your account, we erase it within 30 days, except where law requires us to keep records longer (e.g. tax invoices for 7 years).
  • Uploaded media and generated videos: until you delete them, or 12 months after your last login if you stop using the service.
  • Live face swap usage logs: kept for 90 days for quota enforcement and abuse prevention, then aggregated into anonymous totals.
  • Payment records: 7 years (Nigerian tax law).

7. Your rights (NDPR + GDPR)

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct data that is wrong or incomplete.
  • Delete your account and associated data.
  • Restrict certain types of processing.
  • Export your data in a machine-readable format.
  • Object to processing based on legitimate interest.
  • Withdraw consent at any time, where consent is the legal basis for processing.
  • Lodge a complaint with the Nigeria Data Protection Commission (NDPC) or your local data protection authority.

To exercise any of these rights, email privacy@fazeswap.com. We respond within 30 days.

8. How we protect your data

  • All connections to FazeSwap use TLS 1.3 (HTTPS).
  • Passwords are stored using bcrypt with a per-user salt — we cannot reverse them, even if our database were compromised.
  • Authentication tokens use short-lived (15-minute) access tokens with rotating refresh tokens.
  • Payment data never touches our servers — it goes directly from your device to the payment provider.
  • We follow OWASP Top 10 best practices, run automated security scanning on every deploy, and patch dependencies promptly.

No security system is perfect. If you believe your account has been compromised, email security@fazeswap.com immediately.

9. Children

FazeSwap is not intended for users under 13 (under 16 in some jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact privacy@fazeswap.com and we will delete it.

10. International transfers

FazeSwap is built and supported from Nigeria. Some of our processors (Cloudflare, HeyGen, WaveSpeedAI, Brevo, Apple, Google) operate from the United States and Europe. When data is transferred outside Nigeria or the EU, we rely on Standard Contractual Clauses (SCCs) and the provider's own NDPR / GDPR compliance.

11. Changes to this policy

When we make material changes, we will email registered users and post a notice on this page at least 14 days before the change takes effect. Continued use of FazeSwap after that date means you accept the updated policy.

12. Contact us

Questions, complaints, or rights requests: privacy@fazeswap.com.

Postal address:
FazeSwap
Lagos, Nigeria