Privacy Policy

Headshotr ("we", "our", "us") operates the headshotr.ai web service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our AI-powered professional portrait generation service.

By using Headshotr, you agree to the practices described in this policy. If you do not agree, please do not use the service.

We collect the following types of information:

• Account data: Name and email address provided through your Google account when signing in with OAuth.
• Uploaded photos: The selfies you upload as reference to generate your professional portraits. These photos are considered sensitive personal information.
• Generated images: The professional portraits created by our AI from your photos.
• Payment information: Payment data is processed directly by Stripe. We do not store card numbers or banking details.
• Usage data: Technical information such as device type, browser, IP address, and pages visited to improve the service.

Headshotr does NOT collect, store, or use biometric identifiers or facial recognition data. Our service is image generation, not facial analysis.

Your photos are sent to the Google Gemini API exclusively to generate the requested professional portrait. No facial templates, biometric metrics, or recognition data of any kind are extracted.

• Generate your professional portraits from the photos you upload.
• Process payments and manage your subscription.
• Communicate with you about your account and the service.
• Improve and optimize service performance.
• Detect and prevent fraud or misuse.

We do not use your photos or generated images to train AI models.

We share data with the following providers, strictly to operate the service:

• Google OAuth: Authentication. Receives your name and email address.
• Google Gemini: AI processing. Receives your photos to generate portraits. Google processes this data according to their API privacy policy.
• Stripe: Payment processing. Receives your payment data directly.
• Cloudflare R2: File storage. Stores your photos and generated images in encrypted form.

We do not sell, rent, or trade your personal information to third parties.

• Uploaded selfies: Automatically deleted 30 days after generation.
• Generated portraits: Retained while your account is active.
• Account data: Retained while your account is active. Upon deletion request, removed within 30 days.
• Payment records: Retained for 7 years as required by tax and legal obligations.

Depending on your location, you may have the following rights regarding your personal data:

• Right to access the personal data we hold about you.
• Right to correct inaccurate or incomplete data.
• Right to request deletion of your personal data.
• Right to receive your data in a portable format.
• Right to opt out of the sale of your data (we do not sell data, but we respect this right).

To exercise any of these rights, contact us at privacy@headshotr.ai. We will respond within 30 days.

Your data may be processed in the United States through our providers (Google Gemini, Cloudflare R2). We ensure these transfers comply with adequate protections, including Standard Contractual Clauses for European Union users.

We protect your information through encryption in transit (TLS) and at rest, strict access controls, and continuous monitoring. However, no system is 100% secure. If you detect suspicious activity, contact us immediately.

Headshotr is not intended for persons under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has provided personal data, we will delete it immediately.

We use strictly necessary cookies for authentication and service operation. We do not use tracking cookies or third-party advertising cookies.

We may update this policy periodically. We will post any changes on this page with a new update date. Continued use of the service after changes constitutes your acceptance of the updated policy.

If you have questions about this policy or wish to exercise your rights, contact us at privacy@headshotr.ai.