[jand]

I am a little bit unsure about this service. Although i find it technically highly appealing, the resulting privacy concerns are not to be ignored (personal opinion, tell me otherwise).

Can somebody clarify how you validate the claimed 'Article 29 of Directive 95/46/EC'-compliance? It seems to me that this service somehow relies heavily on the well-behaviour of the clients.

[skuhn]

(I work at imgix)

To follow up on Kelly's response:

Our service is only for use with images provided by our customers, and our terms of use specifically require them to have the associated rights for the images they use with us.

From a privacy standpoint, I don't see a practical difference between a website serving a user's profile photo directly from their S3 bucket vs. engaging imgix to serve it (in a more optimal fashion).

We do take security and privacy seriously. We do not sell or in any way utilize our customer's data for any purpose besides operating the service or reporting analytics metrics back to the customer. We do maintain caches of fetched and rendered images, but this is all done in a secure fashion.

Any online service has the potential for a data breach or unintended behavior, and we're not immune to bugs or mistakes. So far, our track record is impeccable, and we'll continue to take the appropriate steps to keep it that way.

[kellysutton]

The face information data is generated when the request is made, and none of the information generated is able to identify a person. It merely generates the coordinates of faces within the image.

Article 29 is geared more toward _facial recognition_, whereas what imgix does is mere _face detection_.