Overview#
When a surveillance camera captures a face at a crime scene, investigators need to search it against every indexed profile image in the system, fast and without crossing tenant boundaries. The Profile Image Management domain handles the full pipeline: presigned uploads, automatic face indexing on ingest, configurable similarity threshold searches against evidence photos, and strict per-organisation collection isolation that prevents cross-tenant identification.
Key Features#
- Presigned URL upload workflow with client-side direct upload for scalable file transfers
- Automatic face detection and indexing for person profile images
- Face search capability matching evidence images against indexed profile faces with configurable thresholds
- Multi-image support: avatar, reference, ID document, and other image categories
- Per-organisation collection isolation preventing cross-tenant identification
- Primary image designation per profile with soft delete protection
- Storage metering with automatic usage tracking for billing and quota enforcement
- RBAC integration with write permission checks and organisation-scoped access control
- Graceful error handling with best-effort cleanup for face indexing and storage operations
- Support for JPEG, PNG, and WebP formats with configurable size limits
Use Cases#
Relevant sectors include law enforcement, intelligence agencies, and financial crime investigation.
- Uploading and managing profile photos with automatic face enrolment for biometric search
- Searching indexed faces using evidence photos for suspect identification in investigations
- Managing multiple reference photos per person for improved recognition accuracy
- Tracking storage usage per tenant for billing and capacity planning
Integration#
The Profile Image Management domain connects with evidence services for face search, usage metering for billing, and RBAC for access control. It supports multi-tenant deployment with per-organisation isolation.
Open Standards#
- EU AI Act (Regulation (EU) 2024/1689): The face recognition service hard-codes Article 5(1)(h) prohibitions against real-time remote biometric identification in public spaces, enforces Article 12 audit logging on every face-match query, and classifies the system as High-Risk under Annex III.
- GraphQL (June 2018 specification): All profile image operations, upload URL requests, upload completion, image listing, primary image designation, deletion, and face-match queries, are exposed exclusively through a Strawberry GraphQL schema.
- AWS S3 Presigned URL API (HMAC-SHA256 request signing): Client-side direct uploads and time-limited download links are issued as presigned PUT and GET URLs via the S3-compatible Cloudflare R2 API, with configurable TTLs.
- IANA Media Types (RFC 2046): Upload requests enforce an explicit MIME type allowlist, image/jpeg, image/png, and image/webp, validating the declared Content-Type before a presigned URL is issued.
- SHA-256 (FIPS PUB 180-4): An optional SHA-256 hex checksum is accepted at upload request time and verified on completion, providing end-to-end file integrity assurance for stored images.
- UUID (RFC 4122): Every profile image record, face index entry, and upload session is assigned a Version 4 RFC 4122 UUID as its primary identifier.
- OAuth 2.0 / Role-Based Access Control: All mutations and queries are gated by token-based authentication (IsAuthenticated) and write-permission checks, with access scoped to the caller's organisation via standard RBAC rules.
- GDPR (Regulation (EU) 2016/679): Face biometric vectors constitute special-category personal data under Article 9; per-organisation collection isolation and strict tenant-scoped access controls implement the data minimisation and access restriction obligations of the Regulation.
Last Reviewed: 2026-02-23 Last Updated: 2026-04-14