Launch Checklist for Images of Real People

Resources

Before launching AI image features with real people, review consent, face handling, retention, support access, abuse response, copy, and deletion.

Date
July 3, 2026
Author
Unexposed

AI image launch control room with privacy and consent checklist icons

If your AI image feature handles real people, the launch checklist needs to be stricter than “the demo works and the button is blue.”

Start with consent. Can the uploader reasonably upload this person’s image? What if the image includes children, guests, employees, patients, students, or bystanders? Does the UI make the boundary clear without burying the user in legal gravel?

Check face handling. Does the system extract embeddings, match identity, create reusable likeness data, or train a personalised model? If it only edits an image for one job, say that. If it creates durable identity-related data, treat the feature as higher risk.

Check training. Customer faces, prompts, and outputs should not be used for training by default. If there is any opt-in training programme, it should be separate, explicit, and impossible to confuse with normal use.

Check retention. How long do source images remain? How long do outputs remain? Are prompts stored? Are failed jobs deleted? Are thumbnails, cache, and queue payloads covered? Can you describe the answer without using “eventually” as emotional support?

Check access. Can support see images? Can provider staff? Can human reviewers? Is access logged? Can support diagnose ordinary issues without opening the customer’s face photo?

Check abuse response. How will users report non-consensual images, impersonation, harassment, or deepfake-style misuse? Can harmful outputs be removed quickly? Do public links expire? Are galleries private by default?

Check customer copy. The upload UI, privacy page, docs, and support macros should all say the same thing about training, storage, deletion, and sharing. Inconsistent privacy language is how a product starts sounding nervous.

Check production deletion. Before launch, upload a test image, generate an output, copy the direct URL, delete the content, and try the URL again. If the image still loads, your checklist just found its villain.

Real people make image features more compelling and more sensitive. Launch like that is true.

Further reading: How biometric privacy applies to AI image generation, The minimum privacy standard for AI image apps, and The difference between a cool AI feature and a creepy one.

Your prompt. Your model. Only your content.

Create private images with Credits, Access Tokens, and sealed requests. Encrypted in transit, run on ephemeral compute, deleted after delivery.