Privacy Policy

Last Updated: November 24, 2025

At HeadshotAI, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and handle your personal information when you use our AI headshot generation service.

1. Information We Collect

Photos You Upload

When you use HeadshotAI, you upload photos of yourself to generate professional headshots. We collect and temporarily store:

• Original photos you upload for headshot generation
• Generated headshots created by our AI system
• AI model data trained specifically on your photos

Account Information

When you create an account or make a purchase, we collect:

• Email address
• Name (optional)
• Payment information (processed securely by Stripe)
• Order history and preferences

Technical Information

We automatically collect certain technical data:

• Device type and operating system
• IP address and general location
• Browser type and settings
• Usage patterns and app interactions

2. How We Use Your Information

Headshot Generation

Your uploaded photos are used exclusively to:

• Train a custom AI model specific to your facial features
• Generate professional headshots based on your selected styles
• Provide you with high-quality, personalized results

Service Improvement

We use aggregated, anonymized data to:

• Improve our AI models and algorithms
• Enhance user experience and interface design
• Fix bugs and technical issues
• Develop new features and styles

Communication

We use your email address to:

• Send you your generated headshots
• Provide order confirmations and receipts
• Send important service updates
• Respond to your support inquiries

3. Data Storage & Security

Where Your Data Is Stored

Your data is stored securely on cloud infrastructure:

• Photos: Firebase Storage (Google Cloud Platform)
• Account data: Firebase Firestore with encryption at rest
• AI models: Secure cloud servers in the EU/US

Security Measures

We implement industry-standard security practices:

• End-to-end encryption for all data transmission
• Encrypted storage at rest
• Regular security audits and penetration testing
• Access controls and authentication systems
• GDPR-compliant data handling procedures

4. Data Sharing & Third Parties

Service Providers

We work with trusted third-party services that help us operate HeadshotAI:

• Firebase/Google Cloud: Database and file storage
• HeadshotPro API: AI headshot generation technology
• Stripe: Payment processing (PCI-DSS compliant)
• Analytics providers: Anonymized usage statistics

Important: These providers are bound by strict data processing agreements and can only use your data to provide services to us, not for their own purposes.

Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal processes or government requests
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

5. Your Rights & Controls

Access & Download

You have the right to:

• Access all your personal data we hold
• Download all your generated headshots
• Request a copy of your account information

Deletion & Correction

You can:

• Delete your account and all associated data at any time
• Request early deletion of your photos (before 30 days)
• Update or correct your account information
• Opt out of marketing communications

Data Portability

You have the right to receive your data in a structured, commonly used format and transfer it to another service.

6. GDPR Compliance (EU Users)

If you're located in the European Union, you have additional rights under GDPR:

• Right to be forgotten: Request complete deletion of your data
• Right to restriction: Limit how we process your data
• Right to object: Object to data processing for specific purposes
• Right to lodge a complaint: File complaints with your local data protection authority

Legal basis for processing: We process your data based on:

• Your explicit consent when you upload photos
• Contract fulfillment (providing the service you paid for)
• Legitimate business interests (service improvement)

7. Children's Privacy

HeadshotAI is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

8. Cookies & Tracking

We use cookies and similar technologies to:

• Essential cookies: Required for the service to function (authentication, sessions)
• Analytics cookies: Understand how users interact with our app (anonymized)
• Preference cookies: Remember your settings and preferences

You can control cookie settings in your browser, but disabling essential cookies may affect functionality.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States and European Union. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses (SCCs)
• GDPR-compliant data processing agreements
• Adherence to international data protection frameworks

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

• Notify you via email of significant changes
• Update the "Last Updated" date at the top of this policy
• Provide a summary of key changes when applicable

Continued use of HeadshotAI after changes constitutes acceptance of the updated policy.