Privacy Policy
Last updated: July 2026
1. Introduction
PrimeHeadshots ("we," "our," or "us") is committed to protecting your privacy. This policy explains how we collect, use, store, and safeguard your personal data when you use our AI-powered headshot generation service. By using PrimeHeadshots, you consent to the practices described herein.
2. Information We Collect
We collect the following categories of data: (a) Account data: your name, email address, and authentication credentials when you sign up; (b) Uploaded content: the photos you submit for headshot generation; (c) Generated content: the AI-generated headshots produced from your photos; (d) Usage data: pages visited, features used, session duration, and technical logs (IP address, browser type, device information); and (e) Payment data: transaction records processed via Dodo Payments (we do not store full credit card numbers).
3. How We Use Your Data
Your data is used solely to deliver, maintain, and improve our service. Specifically: to generate headshots from your uploaded photos; to process payments and manage your account; to provide customer support; to send transactional emails (order confirmations, status updates); to monitor service performance and prevent fraud; and to comply with legal obligations. We will never sell, rent, or trade your personal data to third parties.
4. AI Model Training & Data Usage
Your uploaded photos and generated headshots are never used to train, fine-tune, or improve our underlying AI models. Your data belongs to you. We do not incorporate customer content into training datasets, nor do we share it with any third-party model providers for training purposes. Our foundation models are pre-trained by our AI infrastructure partners exclusively on properly licensed and public-domain datasets.
5. Data Storage & Retention
All data is stored on Google Cloud Storage infrastructure with AES-256 encryption at rest and TLS 1.3 in transit. Uploaded photos and generated headshots are retained for 30 days after your last active session, after which they are permanently deleted from our servers. You may request immediate deletion at any time via your account dashboard or by contacting privacy@primeheadshots.com. Account data and transaction records are retained for as long as your account is active, or as required by applicable law.
6. Third-Party Services
We engage the following categories of third-party processors, each bound by strict data processing agreements: (a) Cloud infrastructure (Google Cloud Platform) for storage and compute; (b) Payment processing (Dodo Payments) for handling transactions; (c) Authentication services (SuperTokens) for secure login; and (d) Analytics providers for aggregated, anonymised usage metrics. No customer photos or generated images are shared with analytics providers.
7. Cookies & Tracking
We use essential cookies for session management, authentication, and security. We may also use non-essential cookies for analytics and marketing with your consent. You can manage your cookie preferences at any time from your account settings. Our service honours Do Not Track (DNT) signals where supported by your browser.
8. Data Ownership & Rights
You retain full ownership of your uploaded photos and the generated headshots. We claim no intellectual property rights over your content. Under GDPR, CCPA, and similar data protection regulations, you have the right to: access your personal data; correct inaccurate data; request deletion of your data; restrict or object to processing; and data portability. To exercise any of these rights, contact privacy@primeheadshots.com.
9. Security Measures
We implement industry-standard security practices to protect your data: AES-256 encryption at rest, TLS 1.3 encryption in transit, SOC 2 compliant cloud infrastructure, access controls and audit logging, and regular security assessments. While we strive to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.
10. Children's Privacy
PrimeHeadshots is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly. If you believe a child has provided us with data, please contact us immediately.
11. International Data Transfers
Your data is processed and stored in Google Cloud data centres located in the United States and, where applicable, the European Economic Area. For users outside these regions, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) to ensure your data receives an adequate level of protection.
12. Changes to This Policy
We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email or a prominent notice on our website. Continued use of the service after such changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or wish to exercise your data rights, please contact our Data Protection Officer at privacy@primeheadshots.com. We aim to respond to all privacy-related inquiries within 72 hours.