← Back to database

Predaxia Research

PimEyes

Face Recognition Solutions Ltd. · Poland (operations opaque)

ActiveMultiple GDPR complaints
3

Confidence 3/5

VendorFace Recognition Solutions Ltd. (PimEyes)
Country of originFounded 2017 in Wrocław, Poland. Corporate domicile has shifted (Seychelles, Dubai, Belize per various filings)
FoundersLukasz Kowalczyk, Denis Tatina
Current statusActive. Public website accessible globally
Business modelConsumer-facing face search engine with monthly subscription. Free preview, paid access to source URLs
US Entity ListNo
Regulatory exposureHamburg DPA, Polish UODO, French CNIL active investigations
Predaxia GlossaryWhat it means in practicePlain-English explainer · Threat model · Action steps

Technical capabilities

PimEyes is a consumer-accessible face search engine. Users upload a probe image and receive a result list of public web pages that contain images of faces matching the probe, ranked by similarity. The vendor publicly claims to index “millions of websites” with a refreshed crawl pipeline.

Unlike Clearview AI, which restricts access to government and law-enforcement customers, PimEyes is openly accessible to any subscriber. The implications for stalking, harassment, deanonymization of pseudonymous content creators, and revenge-imagery investigation are substantial and documented across multiple investigative articles by the New York Times, BBC and others.

Documented use

  • Stalking and harassment: BBC and New York Times investigations between 2020 and 2024 documented PimEyes use to identify and locate strangers, deanonymize adult-content creators, and harass journalists.
  • Open-source intelligence (OSINT) communities: routine use for missing-persons identification, investigative journalism, and account fraud detection.
  • Sextortion ecosystems: documented as part of toolchains used by extortion operators.
  • Journalist source identification risk: concrete operational risk for journalists publishing photographs of confidential sources.

Customer states

Service is purchased by individual subscribers worldwide. The vendor states that it does not have direct government contracts. The actual customer mix is opaque due to subscription-based consumer access.

Legal and sanctions status

  • Not on the US Department of Commerce Entity List.
  • Not designated by US OFAC.
  • Hamburg Commissioner for Data Protection: investigation opened 2020, EUR 90,000 penalty 2020 for procedural violations. Ongoing scrutiny.
  • Polish UODO (Personal Data Protection Office): active investigations.
  • French CNIL: complaints under GDPR opened by privacy associations.
  • EU AI Act (entered into force 2024): future scope for biometric identification systems.

Technical countermeasures

  • GDPR opt-out: EU and UK residents can request removal of indexed matches under GDPR Article 17. PimEyes operates a public opt-out form, although effectiveness on subsequent re-indexing is limited.
  • PimEyes opt-out program: paid “PROtect” tier allows individuals to add their face to a non-disclosed list. Effectiveness on third-party re-indexing is debated.
  • Reduce indexable face presence on the open web: high-resolution frontal portraits are the primary signal. Profile photos on public LinkedIn, Twitter, personal websites are direct fuel.
  • Adversarial cloaking: research projects like Fawkes (University of Chicago SAND Lab) provide pixel-level transformations to reduce face-recognition effectiveness on subsequently uploaded photos.
  • Avoid stock-photo and conference imagery: many public face indexes are seeded by conference photographs and stock-photo aggregators.
  • For journalist sources: never publish identifying photos of confidential sources, even with face blurring at low resolution. PimEyes and equivalent tools can defeat partial obscuration.
For at-risk individuals. PimEyes operates a face search engine accessible to anyone who pays a subscription. Any high-quality frontal photo of you on the open web is potentially indexed. Audit your public face presence and use GDPR rights where available.

Sources

  1. The New York Times, Powerful and Free Face-Search Tool (May 2022, October 2024)
  2. BBC, PimEyes face search investigation
  3. Hamburg Commissioner for Data Protection, PimEyes investigation
  4. CNIL, Facial recognition regulatory framework
  5. EU, Artificial Intelligence Act (Regulation 2024/1689)
  6. University of Chicago SAND Lab, Fawkes face cloaking project
  7. PimEyes, Opt-out form

Update log

May 12, 2026: Entry created. Sourced from New York Times and BBC investigative reporting, Hamburg Commissioner for Data Protection enforcement, French CNIL regulatory framework, EU AI Act provisions, the University of Chicago SAND Lab Fawkes research, and PimEyes own opt-out documentation.

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.