Why we store embeddings instead of images

Every face recognition system makes a fundamental architectural decision at enrollment time: do you store the raw photo, or do you store only the mathematical representation of the face — the embedding? The choice sounds technical, but its implications are deeply legal, ethical, and reputational. At IntelliFace, we made this decision before we wrote our first line of production code: we never store photos. Here is why, and how it works.

What is a face embedding?

When our face service processes an enrollment photo, DeepFace with the SFace model runs the image through a deep convolutional neural network. The network produces a 128-dimensional floating-point vector — a sequence of 128 numbers that encode the spatial relationships between facial landmarks. This vector is the embedding. Critically, you cannot reconstruct a recognizable face image from this vector. It is a one-way mathematical transformation, similar in principle to a cryptographic hash. The original photo is discarded immediately after the embedding is generated.

• Storage size: a raw JPEG face crop is ~80KB; an embedding is 512 bytes — 160× smaller
• Irreversibility: no known algorithm can reconstruct a recognizable face from the embedding alone
• Legal classification: under GDPR Article 9, biometric templates used for identification are special category data — but the legal risk is substantially lower when raw images are not retained
• Breach impact: if embeddings are leaked, they are useless to an attacker without the matching inference model and the same model version
• Portability: embeddings are model-version-specific — migrating to a new model requires re-enrollment, preventing silent data misuse

"

"Storing embeddings instead of photos is the architectural equivalent of hashing passwords. It is not just a privacy best practice — it is the only responsible approach for biometric data."