Privacy Policy

AI Headshot Generator ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI headshot generation service.

Information We Collect

Facial Photos

When you use our service, you upload 10–20 selfie photographs that contain your facial likeness. These photos are used exclusively as references in our AI processing pipeline to generate professional headshots for you.

Account Information

We collect information you provide when creating an account, including your name, email address, and authentication credentials through Google OAuth or email magic links.

Payment Information

Payment processing is handled entirely by our secure payment partners. We do not store your credit card number, bank account details, or other financial information on our servers. Our payment processors handle your payment and provide us with a transaction record.

Usage Data

We automatically collect certain information when you visit our website, including your IP address, browser type, operating system, referring URLs, pages viewed, and the dates and times of your visits.

How We Use Your Information

• AI Processing: Your uploaded photos are sent to our third-party AI providers and used as visual references to generate headshots for your order.
• Headshot Generation: We use the provider output and our processing pipeline to generate professional headshots in various styles as part of your purchased package.
• Payment Processing: We use secure payment processors to handle one-time payments for our headshot packages (starting at $9.50).
• Service Improvement: We may use aggregated, anonymized usage data to improve our service quality and user experience.
• Communication: We send transactional emails such as order confirmations and notifications when your headshots are ready.

Facial Data Handling

We take the handling of your facial data extremely seriously. Here is exactly what happens to your photos and related processing data:

• Uploaded Photos: Your original selfie photographs are automatically and permanently deleted from our servers 30 days after upload. During this period, they are stored securely on Cloudflare R2 with encryption at rest.
• Provider-Side Temporary Artifacts: If a provider-specific model or temporary processing artifact is created for your order, it is scheduled for cleanup within the same 30-day window where applicable.
• Generated Headshots: The AI-generated headshots remain available in your account for you to download at any time. These images do not contain your original photos and are generated outputs from the processing pipeline.

Third-Party Services

We use the following third-party services to operate our platform:

• AI Providers: We may route headshot generation through third-party AI providers, including Replicate and Volcengine Ark. Your uploaded photos may be transmitted to these providers for processing, and their privacy policies govern their handling of this data.
• Payment Processors: Payment processing and transaction management. Our payment partners handle all payment data and are PCI DSS compliant.
• Cloudflare R2: Secure file storage for uploaded photos and generated headshots. Data is encrypted at rest and in transit.
• Google OAuth: Optional authentication service for user login. We receive your name and email address from Google when you sign in with Google.
• Resend: Email delivery provider for account sign-in links and transactional emails. When you use email magic link login, we send a one-time sign-in link to your email address.

Data Retention & Deletion

• Uploaded photos: Automatically deleted 30 days after upload.
• Provider-side temporary artifacts: Scheduled for cleanup within 30 days where applicable.
• Generated headshots: Retained in your account until you delete them or your account is terminated.
• Account data: Retained as long as your account is active. Deleted upon account termination request.
• Early deletion: You may request early deletion of your uploaded photos and any provider-side temporary processing artifacts at any time by contacting us. We will process your request within 72 hours.

GDPR Rights

If you are a resident of the European Economic Area (EEA), you have the following data protection rights under the General Data Protection Regulation (GDPR):

• Right to Access: You have the right to request copies of your personal data that we hold.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.

To exercise any of these rights, please contact us at the email address provided below.

CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell your personal information.
• Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.

Children's Privacy

Our service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete such information promptly. If you believe a child under 13 has provided us with personal information, please contact us immediately.

Cookies

We use the following types of cookies:

• Session Cookies: Essential cookies required for authentication and maintaining your session. These are strictly necessary for the service to function and cannot be disabled.

We do not currently use advertising cookies. We may use privacy- focused aggregate traffic analytics and operational logs, including Vercel Web Analytics, to understand which pages are visited and to diagnose reliability issues. This analytics layer does not rely on cross-site advertising cookies.

Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL.
• Encryption at Rest: Uploaded photos and generated headshots are stored with encryption at rest on Cloudflare R2.
• Access Controls: Access to user data is strictly limited to authorized personnel and systems on a need-to-know basis.
• Automatic Deletion: Our automated systems permanently delete uploaded photos and schedule any provider-side temporary processing artifacts for cleanup after 30 days, minimizing the window of data exposure.

Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:

Email: support@getaiheadshot.it.com

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the service after any changes indicates your acceptance of the updated Privacy Policy.