Your face is almost certainly in PimEyes. The platform indexes approximately 3 billion faces scraped from the open web, and if you have ever had a photo published online, yours is among them. The opt-out process exists and it works. But most people approach it backwards. They submit the form without first understanding what PimEyes has actually found. That is a mistake, and it is the single biggest thing every other removal guide gets wrong.
How to opt out of PimEyes: the process and what it actually involves
The opt-out form sits at pimeyes.com/en/opt-out-request-form. Submitting it requires uploading a clear photo of your face and anonymised identification. PimEyes uses this to match your biometric data against their index and exclude future matches.
The verification process is genuinely intense. You are handing over a face photo and ID to a facial recognition company in order to stop that company from recognising your face. The irony is not lost on anyone who has gone through it. But it works, and it is currently the only mechanism available.
Processing takes anywhere from a few days to several weeks. There is no published SLA. In my experience, expect closer to two weeks for confirmation, sometimes longer. No automated service or software handles this for you. Every submission is manual.
Search yourself on PimEyes before you submit anything
Before you touch the opt-out form, run a PimEyes search on yourself. This is the step that separates a useful removal from a blind one, and it is the approach I take with every client assessment.
Use your own photos as seed images. Your LinkedIn headshot, your Facebook profile picture, and any professional headshot you have used publicly. Upload multiple photos if possible. Different angles and lighting conditions improve coverage because PimEyes matches facial geometry, not exact pixel data.
The results are often unsettling. I have seen images surface on websites people forgot existed, in directories they never consented to, and on platforms they have never heard of. Through investigation work I have encountered results appearing on suspicious and illicit websites, including sexually explicit platforms like swingers and fetish sites. If someone ever signed up and uploaded a photo, PimEyes will find it.
For each match, record four things: the page URL, what the image shows, whether you were aware of it, and whether the content is something you would want visible to anyone searching your face. This becomes your removal list for work that goes far beyond PimEyes itself. I cover the broader methodology in my piece on why mapping comes first when reducing your digital footprint. The principle is the same here. You cannot remove what you have not found.
The re-appearance problem nobody warns you about
PimEyes continuously scrapes the open web for new images. New photos of you will be indexed. Old URLs that were not part of your original opt-out will surface. This is not a one-time fix.
I have seen cases where individuals opted out successfully, only to find new matches appearing within months as PimEyes re-scraped updated pages or discovered photos on previously unindexed sites. The 90-day re-scrape cycle that affects data broker removal services applies here too, though PimEyes does not publish its exact crawl frequency.
Most people treat this as a task to complete and forget. Anyone telling you a single opt-out permanently solves the problem is selling something that does not exist. Set a quarterly calendar reminder and re-check.
FaceCheck.ID: the secondary sweep
FaceCheck.ID is a separate facial recognition engine with one specific advantage worth knowing about. It indexes Instagram and TikTok profile pictures. If you use the same profile photo across Instagram and LinkedIn, FaceCheck will match them. That makes it particularly useful for detecting impersonation accounts or verifying whether your face appears on social platforms under names you do not control.
Removal at facecheck.id/Face-Search/RemoveMyPhotos is simpler than PimEyes. Upload anonymised ID and photos are hidden immediately. Effort rating: easy to medium.
Run FaceCheck after PimEyes, not instead of it. They index different sources and catch different exposures.
Clearview AI and what you cannot control
Clearview AI holds approximately 30 billion facial images. The ICO fined them £7,552,800 in May 2022 for scraping UK residents’ photos without consent. The First-tier Tribunal overturned the fine, but the Upper Tribunal reversed that decision in October 2025, reinstating ICO jurisdiction.
Individual removal requests remain in legal limbo during ongoing proceedings. Then there are the Russian services: FindClone (1.1 billion VK avatars) and Search4faces (125 million TikTok avatars). Neither operates under GDPR. Removal from either is effectively impossible.
This is why facial recognition opt-outs are necessary but insufficient on their own. You can control PimEyes and FaceCheck. You cannot control Clearview, FindClone, or Search4faces. The only real defence against those platforms is controlling the source images, which means auditing and removing photos from the websites they scrape in the first place.
Why no automated service covers facial recognition
Incogni, DeleteMe, and every other automated removal service skip facial recognition entirely. Their broker lists cover people-search sites and data aggregators like 192.com. None of them submit PimEyes opt-outs, FaceCheck removals, or Google RTBF requests for facial recognition matches.
This gap is unlikely to close. The opt-out processes require biometric verification. You cannot delegate a face photo upload to an automated bot. It requires a human, and specifically it requires the person whose face is being removed.
My honest opinion: the entire facial recognition removal space is a regulatory failure. The ICO has taken action against Clearview but has done nothing about PimEyes, despite PimEyes processing biometric data (special category data under UK GDPR) without consent from a single person in its index. The legal basis for enforcement exists under UK GDPR Article 17 and Article 9. The will to enforce it is another matter entirely.
Your legal position
PimEyes processes biometric data, which qualifies as special category data under UK GDPR. Processing requires explicit consent or another Article 9 condition. PimEyes has never obtained consent from the individuals it indexes.
If PimEyes refuses your opt-out request, you have grounds for an ICO complaint and potentially a compensation claim under UK GDPR Article 82. The Farley v Paymaster (2025) ruling removed the seriousness threshold for non-material damage claims, meaning you do not need to prove actual harm from the biometric processing. The legal position is strong. Practical enforcement across jurisdictions is the hard part, given PimEyes operates from Poland.
What I actually recommend
Search yourself on PimEyes before you do anything else. Document every match. Then submit the opt-out with a clear face photo and anonymised ID. Run FaceCheck as a secondary sweep, particularly if you use consistent profile photos across platforms.
After both opt-outs are confirmed, work through the source URLs from your PimEyes search results. Request removal from each hosting website individually. Submit Google RTBF requests for any cached facial recognition results that remain in search.
Set a quarterly reminder to re-check both platforms. New images will surface. This is maintenance, not a project.
If you are dealing with compound exposure across multiple data brokers, Companies House filings, electoral register data, and facial recognition databases simultaneously, that is where a professional digital footprint assessment makes sense. The facial recognition layer is one piece of a much larger picture. Get in touch if you want the full picture mapped before you start pulling threads.
