Privacy Policy

Effective Date: August 5, 2025

Welcome to Headshot.ai. We value your privacy and are committed to being transparent about the information we collect, how we use it, how it’s stored, and with whom it is shared. This Privacy Policy outlines our practices with respect to personal data in connection with our services, website, and any digital products operated by Headshot.ai (“we,” “our,” or “us”).

We strive to meet the highest standards of privacy, aligning our practices with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection regulations.

1. Personal Data We Collect

When you use our services, we collect a range of personal data directly from you or automatically through your interactions with our site and platform. These include:

  • Photographic Data: Selfies or portraits you upload, which are processed by our proprietary AI to generate professional headshots.

  • Onboarding Metadata: Data such as gender identity, age bracket, ethnicity, preferred clothing styles, and other attributes used to enhance personalization.

  • Account Credentials: Your email address and password (stored securely) used to register, sign in, and manage your profile.

  • Communication Data: Information provided through support tickets, emails, or feedback forms.

  • Device and Usage Data: IP addresses, browser types, operating systems, device identifiers, interaction timestamps, pages visited, and referral URLs.

  • Cookies and Web Beacons: Technologies used to collect behavioral information, remember user preferences, and assess the effectiveness of our site and campaigns.

We limit our data collection to what is essential for providing, maintaining, and enhancing our services, and we handle it with the utmost care and security.

2. How We Use Personal Data

We use your personal data for a variety of legitimate business purposes, ensuring that each use is justified under applicable data protection laws. This includes:

  • Providing Services: Your photos and onboarding inputs are used to generate custom AI-enhanced headshots.

  • Customization: Metadata enhances your final outputs by tailoring the headshot results to your preferences.

  • Communication: We use your email for account verification, password recovery, order confirmations, updates, and responding to support inquiries.

  • Analytics: Device and usage information help us understand how users interact with our platform, diagnose issues, and refine features.

  • Security: Monitoring for suspicious activity and unauthorized access attempts is essential for safeguarding user data.

  • Legal Obligations: To comply with laws, enforce our terms of service, and respond to lawful requests.

  • Marketing: We may occasionally send you promotional content-only if you’ve opted in. You can opt out at any time.

We never use your photos to train our models, and we do not use your data for profiling or automated decision-making without your clear, explicit consent. Your privacy and control over your content are always our priority.

3. How We Disclose Your Personal Data

We do not sell, rent, or lease your personal data. However, we may disclose it in the following ways:

  • Service Providers: Third-party vendors that support infrastructure, image processing, analytics, payments, and customer service. Each partner is vetted and bound by strict data privacy contracts.

  • Corporate Transfers: In the case of a merger, acquisition, or sale of company assets, your data may be transferred in accordance with applicable laws.

  • Legal Authorities: If required by law or to protect the rights, property, or safety of Headshot.ai or others, we may disclose your data.

All third parties operate under data processing agreements and must comply with this Privacy Policy.

4. Data Retention

Your data is only stored for the time required to fulfill its intended purpose. Our retention periods are as follows:

  • Uploaded Images: Encrypted and deleted 7 days after upload.

  • Generated Headshots: Deleted from our servers after 30 days.

  • Account Metadata and Preferences: Retained while your account is active. Anonymized usage data may be stored longer for internal analytics.

  • Support Requests and Communication: Stored for up to 12 months for quality assurance and follow-up purposes.

Users can request immediate deletion of all associated data from their dashboard.

5. Your Rights in Relation to Your Personal Data

As a user, you maintain full control over your personal data. Depending on your jurisdiction, your rights include:

  • Access: You can request a copy of the data we hold about you.

  • Rectification: You can correct any incorrect or incomplete information.

  • Erasure: You can delete your data permanently (right to be forgotten).

  • Restriction: You may request limits on how we use your data.

  • Data Portability: We can provide your data in a transferable format upon request.

  • Objection: You can object to data processing based on legitimate interests.

  • Consent Withdrawal: If we process data based on your consent, you can withdraw that consent at any time.

To exercise your rights, contact privacy@headshot.ai or use our in-app privacy tools.

6. Third Parties

To enhance our services, we work with carefully selected partners. These include:

  • Cloud Infrastructure Providers: To host our application and store your data securely.

  • Payment Processors: To handle secure transactions (e.g., Stripe).

  • Customer Support Platforms: To manage support requests efficiently.

  • Marketing and Analytics Tools: Tools such as Google Analytics are used to understand trends and improve services.

Each third-party provider is vetted for security, data handling practices, and compliance with global privacy standards.

7. Security

Your security is at the core of our operations. We use industry-leading technologies and protocols to secure your data:

  • Encryption: All data in transit is secured via HTTPS; stored files use AES-256 encryption.

  • Access Controls: Limited access based on roles and job responsibilities.

  • Monitoring: Ongoing system monitoring, regular security audits, and vulnerability testing.

  • Incident Response: A defined protocol exists to handle any data breach or unauthorized access.

While no system is 100% impenetrable, we are dedicated to continuous improvement and swift remediation.

8. Children’s Privacy

Headshot.ai is not designed for, nor does it knowingly collect information from, individuals under the age of 18 (or the legal equivalent in your jurisdiction). If we learn that a child has submitted data to us, we will delete it promptly.

9. Cross-Border Data Transfers

Your data may be stored and processed in countries other than your own, including the United States and the European Union. In such cases, we ensure:

  • Adequate protections through Standard Contractual Clauses (SCCs)

  • Partnerships with data processors who meet or exceed applicable legal safeguards

  • User rights are preserved regardless of the country where the data is stored

10. Changes to This Policy

We may periodically update this policy. Changes will be posted on this page with an updated effective date. If changes are substantial, we will notify you by email or through an in-app notice before they take effect. Your continued use of Headshot.ai indicates your acceptance of these changes.

11. Our Contact Information

For questions, concerns, or data requests, you may contact us:

Email: privacy@headshot.ai

12. External Site Links

Our site may include links to other websites that are not operated by Headshot.ai. We are not responsible for the privacy practices or content of those third-party sites. We recommend reviewing their privacy policies before engaging with their services.

13. Your GDPR Rights

If you reside within the European Economic Area (EEA), you are entitled to additional rights under GDPR. These include:

  • The right to be informed of data collection and usage.

  • The right to access your personal information.

  • The right to correct inaccurate data.

  • The right to have your data erased.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object to data processing.

  • Rights related to automated decision-making.

You may file a complaint with your local Data Protection Authority if you believe we have not complied with your rights under GDPR.

Thank you for trusting Headshot.ai. We are committed to protecting your privacy and ensuring your data remains secure at every step.