EU Data Protection (GDPR)
Last updated: 1 July 2026
Commitment to data protection
Safeguarding your personal data is a core design goal of DV Green Pass, not an afterthought. The strongest protection is simple: we do not keep your photos.
Our security measures
- No server-side photo storage: images are processed in memory and discarded after the response.
- Encryption in transit: traffic is served over HTTPS.
- Data minimisation: we collect only what is needed (an email only if you choose to register).
- Access control: access to any stored data (e.g. the launch email list) is limited to authorised personnel.
GDPR basics
The EU General Data Protection Regulation (enforceable since 25 May 2018) governs how personal data of individuals in the EU/EEA is processed. A face image is a special category of biometric data and receives heightened care.
Lawful basis
- Providing the Service (processing your photo): performance of your request / consent, with no retention.
- Launch emails: your explicit consent, withdrawable at any time.
Your rights
You may access, correct, delete, or restrict processing of your personal data, object to processing, and request portability. Because photos are not stored, most requests concern the email you provided.
International transfers
Where data is processed outside the EU/EEA, we rely on appropriate safeguards (such as Standard Contractual Clauses).
Contact
Data protection enquiries: [your-dpo-email].