The Face Rank privacy promise is short and verifiable: your camera frames never leave the peer-to-peer connection between you and your opponent. The only things our server ever sees about you are five integers and a win/loss flag.

What our server actually sees

  1. A unique player ID (a UUID we generate in your browser and persist in localStorage).
  2. Your nickname if you typed one.
  3. Your country code if you allowed it.
  4. Your five Face Score sub-scores after you complete a Lab scan — just the numbers.
  5. Match outcomes — for each match you play, which side won, the final vote tally, the resulting ELO changes.

That’s the entire dataset. No frames, no audio, no biometric template.

How the video is transmitted

Face Rank uses standard WebRTC peer-to-peer video. When you and your opponent are paired, your browsers exchange a few connection-setup messages (offer / answer / ICE candidates) through a relay on our server. As soon as that handshake is done, the actual video stream goes directly between your two computers, encrypted by DTLS-SRTP. Our server is not in the video path. Not for streaming, not for buffering, not for recording.

How the Face Score is computed

The face-mesh model (Google MediaPipe Face Landmarker) runs entirely inside your browser tab. The model file is fetched from a CDN once, cached, then runs locally for every frame. The landmarks never leave your computer. We compute the five proportion metrics from those landmarks, average them over a 3-second scan, send only the five integers to our server. The frames are discarded the moment your browser releases them.

What we cannot do, even if we wanted

What we ask you to do

You can read the full text in our Privacy Policy and Terms of Service.