Product · Privacy

AI face recognition for events: what it is, how it works, why privacy matters in 2026

You take one selfie when you sign up. An hour later, an app shows you 47 photos of yourself from a festival you've never seen the photographer at. How? And — fair question — what happens to that selfie?

Face recognition has become an everyday feature: unlocking your phone, sorting your camera roll, tagging photos on Facebook. The version that powers Picsaris is a more focused application of the same technology — applied to a closed event with people who chose to be there.

Here's what's actually happening under the hood, in plain English.

Step 1: Your selfie becomes a number

When you take a selfie at sign-up, the app doesn't store the image to compare against later. Instead, it runs the photo through a face embedding model — a neural network whose only job is to convert any image of a face into a vector of roughly 512 numbers.

This vector is a kind of mathematical "fingerprint" of your face. Two photos of you look very similar in this vector space (think: a few millimetres apart). A photo of a different person sits far away. The model learned this from millions of labeled face pairs.

Once we have your vector, we throw away the original selfie. The vector cannot be reversed back into an image of you.

Step 2: Every event photo gets the same treatment

As guests upload photos to the event, each one goes through the same process: the model detects faces, extracts a vector per face, and stores those vectors against the photo.

A wedding photo with 8 people in it produces 8 vectors. A festival crowd shot might produce 40+.

Step 3: Matching is just measuring distance

To find every photo you're in, the system compares your sign-up vector against every face vector from the event. If the distance is below a threshold (we use cosine similarity), it's a match.

Modern models like the one we use are remarkably good at this: over 95% accuracy in normal event lighting, including for faces partially turned, in sunglasses, or in low light. Performance drops for extreme cases (very dark photos, masks covering most of the face), but the false-positive rate stays very low — you almost never see strangers in your gallery.

The privacy question: what's actually stored

This is the part that matters. Here's what Picsaris stores about you:

• Your face vector — 512 numbers, encrypted at rest.
• Your profile selfie thumbnail — small image (200×200) used only as your avatar in the app. You can delete it anytime.
• The photos you upload — stored encrypted in Cloudflare R2.
• Which event photos you appear in — derived from the matching process, just an ID list.

What we don't store:

• The original sign-up selfie (deleted after vector extraction).
• Any biometric data beyond the vector.
• Your contacts, location, or any data outside the event you joined.

Why this is GDPR-compliant

GDPR (Europe's data protection regulation) treats face data as a "special category" of personal data. To process it legally, you need explicit consent and data minimization: only what you need, only for the stated purpose, and the user must be able to delete it.

Picsaris asks for explicit consent at sign-up (not buried in a 40-page ToS), stores the minimum needed (the vector, not the image), and provides one-tap deletion in the profile screen. Deleting your account purges your vector immediately. Photos you uploaded stay (they belong to the event), but you're no longer matched to anything.

Why it's different from "surveillance face recognition"

The face recognition used in public surveillance — scanning crowds for matches against a watchlist — is a fundamentally different application. Three differences:

1. Closed system. Picsaris only matches you within events you joined. There's no cross-event index, no "find this person across all of Picsaris" capability.
2. Opt-in. You take the selfie. You sign up. You can leave.
3. No identification. The system doesn't know who you are by name — only that "this vector matches that vector." Your name comes from your account, which you chose to create.

What about the photos other guests took of me?

This is the genuine ethical question. If your cousin uploads a photo with you in it, Picsaris will surface it to you (good) — but the photo exists in the event gallery whether you joined or not.

Our position: if you joined the event by scanning the QR, you've consented to photos being shared within that event. If you don't want to participate, don't scan. If you scanned and later changed your mind, leave the event and your vector is deleted; we stop surfacing matches to you.

For events where the host wants explicit per-photo consent (corporate, certain ceremonies), we offer a setting that restricts uploads to organizers and approved photographers only.

The summary

• Your selfie becomes a vector of 512 numbers. The image itself is deleted.
• Every photo's faces become vectors. Matching is just measuring distance.
• 95%+ accuracy in event lighting.
• GDPR-compliant: explicit consent, minimum data, deletable on demand.
• Closed system: no cross-event tracking, no name database.