Privacy Policy

Account registration (Google Sign-In)

When you sign in with Google, we receive your name and email address from Google. We store these in our database to identify your account and deliver your portraits to you.

Legal basis: Performance of a contract — Art 6(1)(b) GDPR. Processing your name and email is necessary to create and manage your account.

Photo uploads (input selfies)

You upload 1–3 photos of yourself. These are transmitted to our AI generation pipeline and then to Google's Gemini API to produce your professional portraits. Input photos are retained in your account alongside your generated portraits so you can review the source photos and regenerate if needed. They remain accessible until you request deletion or close your account.

Special category data (Art 9 GDPR): Facial photographs can constitute biometric data. We process your photos solely to generate your portrait. The legal basis is your explicit consent given at the upload step — Art 9(2)(a) GDPR. You may withdraw this consent at any time by not uploading further photos or by requesting deletion of your account data. Withdrawal does not affect processing already completed.

Legal basis: Explicit consent — Art 9(2)(a) GDPR for biometric processing; performance of a contract — Art 6(1)(b) GDPR for the service itself.

Generated portraits (output images)

The AI-generated portrait photos are stored in your account so you can download them at any time. They remain accessible until you request deletion or close your account.

Legal basis: Performance of a contract — Art 6(1)(b) GDPR.

Payment

When you purchase a plan, your email address and order details (tier, amount, currency, date) are processed by our payment provider. We store the order record in our database to fulfil your plan and for accounting purposes. We do not store credit card numbers — these are handled entirely by Stripe or Paddle.

Legal basis: Performance of a contract — Art 6(1)(b) GDPR; legal obligation (tax and accounting records) — Art 6(1)(c) GDPR.

Account usage and service operation

We record how many generations you have remaining (your purchased allowance) and log standard server activity (IP address, request timestamps, error events) for security and debugging purposes. These server logs are kept for 90 days and then deleted.

Legal basis: Legitimate interests — Art 6(1)(f) GDPR. We have a legitimate interest in keeping the service secure and diagnosing faults. This processing is limited in scope and does not override your rights.

Google LLC — Authentication (Google OAuth)

Data shared: name and email address. Country: United States. Transfer mechanism: Standard Contractual Clauses (Art 46(2)(c) GDPR).

Google LLC — AI Generation (Gemini API)

Data shared: your uploaded photos (potentially biometric data). Country: United States. Transfer mechanism: Standard Contractual Clauses (Art 46(2)(c) GDPR). Google's data processing terms apply; input images are not used to train Google's models under the API terms.

Stripe Inc. — Payment Processing (EU markets and Malaysia)

Data shared: email address, order amount and currency. Country: United States. Transfer mechanism: Standard Contractual Clauses (Art 46(2)(c) GDPR).

Paddle.com Market Ltd — Payment Processing (UAE only)

Data shared: email address, order amount and currency. Paddle acts as merchant of record and is independently responsible for its own data processing. Country: United Kingdom. Transfer mechanism: UK adequacy decision and Standard Contractual Clauses where required.

Vercel Inc. — Hosting and File Storage

Data shared: all data in transit and at rest (account data, uploaded photos, generated portraits). Country: United States. Transfer mechanism: Standard Contractual Clauses (Art 46(2)(c) GDPR).

Neon Inc. — Database (Postgres)

Data shared: all structured user and order data stored in our database. Country: United States. Transfer mechanism: Standard Contractual Clauses (Art 46(2)(c) GDPR).

next-auth.session-token

Purpose: Maintains your authenticated session so you stay logged in. Type: HTTP-only, Secure, SameSite=Lax. Duration: Session / up to 30 days.

next-auth.csrf-token

Purpose: Protects against cross-site request forgery attacks. Type: HTTP-only, Secure. Duration: Session.

next-auth.callback-url

Purpose: Remembers where to redirect you after sign-in. Type: Short-lived. Duration: Expires immediately after use.

Right of access (Art 15)

You can request a copy of all personal data we hold about you.

Right to rectification (Art 16)

You can ask us to correct inaccurate or incomplete data.

Right to erasure (Art 17)

You can request deletion of your data. We will erase your account and generated portraits promptly. Note: order records must be retained for 7 years under accounting law and cannot be deleted on request.

Right to restriction of processing (Art 18)

You can ask us to temporarily stop processing your data in certain circumstances, for example while a dispute is being resolved.

Right to data portability (Art 20)

You can request your data in a structured, machine-readable format (e.g. JSON). This applies to data you provided and that we process by automated means on the basis of contract or consent.

Right to object (Art 21)

You can object to processing based on legitimate interests (Art 6(1)(f)). We will stop unless we have compelling legitimate grounds that override your interests.

Right to withdraw consent (Art 7(3))

Where processing is based on your consent (photo uploads), you can withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Right to lodge a complaint (Art 77)

You have the right to complain to a supervisory authority. Our lead supervisory authority is the Czech data protection authority:

If you are based in another EU member state, you may also lodge a complaint with the supervisory authority in your country of habitual residence or place of work.