Privacy Policy

(Last Updated: March 18, 2026)

Our Core Principles

At HeadshotMaster, your privacy matters. We operate by a few fundamental principles:

  • We are thoughtful about the personal information we ask you to provide and what we collect through the operation of our services.
  • We store personal information only for as long as we have a legitimate reason to keep it.
  • We aim to make it as simple as possible for you to control your data, including the right to delete it permanently.
  • We aim for full transparency in how we gather, use, and share your personal information.
  • We will never sell your personal data or use your uploaded photos to train AI models.

1. Who We Are and What This Policy Covers

This Privacy Policy applies to information we collect when you use:

HeadshotMaster provides AI-powered portrait generation and image enhancement services. This policy describes how we collect, use, store, and protect personal information in connection with those services.

For privacy inquiries, contact us at: [email protected]

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from third-party sources.

2.1 Information You Provide to Us

  • Account Information: To create an account, we require only your email address. You may optionally provide additional profile information (such as your name), but this is not required.
  • Payment Information: When you make a purchase, payment is processed by our third-party payment processor (Stripe). We receive a transaction confirmation and limited billing details (e.g., last four digits of your card, billing country), but we never store your full payment card information.
  • User Content: You may upload photos and images to use with our AI generation services. These uploads are processed solely to deliver the requested service and are permanently deleted within 24 hours of processing.
  • Communications: If you contact us for support or respond to surveys, we collect the content of those communications.

2.2 Information We Collect Automatically

  • Usage Information: We collect data about how you interact with the Site, including pages visited, features used, actions taken, timestamps, and session duration. This helps us understand how our services are used and how we can improve them.
  • Device Information: We may collect information about the device you use to access the Site, including browser type, operating system, screen resolution, IP address, and referring URLs.
  • Cookies and Tracking Technologies: We use cookies and similar technologies (such as pixel tags and web beacons) to recognize returning visitors, track usage patterns, maintain session states, and measure the effectiveness of our communications. You can configure your browser to reject cookies, though some features of the Site may not function properly as a result.

2.3 Information from Third-Party Sources

If you create or log into your account using a third-party service (such as Google or GitHub), we receive information from that service — such as your username and basic profile information — as permitted by that service's authorization procedures. The information we receive depends on which permissions you grant.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide our services: Including creating and maintaining your account, processing your credits, and delivering AI-generated outputs.
  • To process payments: To facilitate and verify your purchases.
  • To communicate with you: Including transactional emails (e.g., purchase receipts, account notices), service updates, and — if you have opted in — promotional communications.
  • To improve our services: We analyze aggregated usage data to understand how our services are used and to develop new features.
  • To ensure security and prevent fraud: We monitor for suspicious activity, unauthorized access, fraudulent transactions, and other abuse.
  • To comply with legal obligations: We may process your data to comply with applicable laws, regulations, or legal process.
  • To enforce our Terms: Including investigating potential violations and protecting the rights and safety of HeadshotMaster and our users.

4. How We Share Your Information

We do not sell your personal information.

We share your information only in the following limited circumstances:

  • Service Providers: We share information with trusted third-party vendors who help us operate the Site and provide our services. This includes payment processors (Stripe), email delivery services, analytics providers, and customer support tools. These vendors are contractually required to use your information only as necessary to provide services to us and in compliance with applicable law.
  • Legal Compliance: We may disclose your information in response to a valid subpoena, court order, government request, or other legal process, or when we believe disclosure is necessary to comply with applicable law, protect our rights, prevent fraud, or protect the safety of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to a successor entity. We will notify you of any such change through the Site or by email, and the successor will be bound by this Privacy Policy.
  • With Your Consent: We may share your information for any other purpose with your explicit prior consent.

5. Uploaded Photos and AI-Generated Content

We take the handling of your images extremely seriously:

  • Photos you upload are used solely to generate your requested AI outputs and are permanently and automatically deleted within 24 hours of processing.
  • AI-generated outputs are stored in your account for your access and download. You may delete them at any time from your account dashboard.
  • We will never use your uploaded photos or AI outputs to train AI models.
  • We will never sell your uploaded content to any third party.

6. Cookies

We use cookies and similar tracking technologies to operate and improve the Site. Types of cookies we use include:

TypePurpose
Essential CookiesRequired for core Site functionality (e.g., login sessions, security)
Analytics CookiesHelp us understand how users interact with the Site
Marketing CookiesUsed to measure the effectiveness of communications (only with consent)

You can manage cookie preferences through your browser settings or any cookie consent tool provided on the Site. Disabling essential cookies may impair Site functionality.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law:

  • Account data is retained for the duration of your account's existence plus a reasonable period thereafter (typically 30 days) to allow for account recovery.
  • Uploaded images are permanently deleted within 24 hours of processing.
  • AI-generated outputs are retained in your account until you delete them or close your account.
  • Transaction records may be retained for up to 7 years for accounting, tax, and legal compliance purposes.
  • Communications (e.g., support emails) may be retained for up to 2 years.

Upon account deletion, all personal data linked to your account will be permanently purged within 7 days, except where retention is required by law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of all personal information we hold about you.
  • Right to Rectification: You may request correction of inaccurate or incomplete personal information.
  • Right to Erasure: You may request deletion of your personal data, subject to certain legal exceptions.
  • Right to Restriction: You may request that we limit how we process your personal data.
  • Right to Data Portability: You may request a copy of your data in a structured, machine-readable format.
  • Right to Object: You may object to our processing of your personal data for direct marketing purposes at any time. We will cease such processing upon receipt of your objection.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

For EU/EEA users (GDPR): The above rights are guaranteed under the General Data Protection Regulation. We will respond to verified requests within 30 days.

For California users (CCPA): You have the right to know what personal information we collect, to request deletion, to opt out of the sale of personal information (we do not sell personal information), and not to be discriminated against for exercising your rights.

To exercise any of these rights, contact us at [email protected].

9. International Data Transfers

HeadshotMaster operates globally. Your information may be processed in countries outside your country of residence, including countries that may have different data protection laws. When transferring personal data from the European Economic Area (EEA) to countries outside it, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms.

10. Children's Privacy

The Site is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from someone under 18, we will take prompt steps to delete that information. If you believe a minor has provided us with personal information, please contact us at [email protected].

11. Security

We implement commercially reasonable administrative, technical, and physical security measures to protect your personal information, including:

  • TLS/HTTPS encryption for all data in transit
  • DKIM, SPF, and DMARC standards for email security
  • Regular security testing and vulnerability scanning
  • Strict access controls for personnel who handle personal data
  • Automatic deletion of uploaded images within 24 hours

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Third-Party Links

The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and this Policy does not apply to them. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, notify you by email or through a prominent notice on the Site at least 14 days before the change takes effect. Your continued use of the Site after the effective date of any update constitutes your acceptance of the updated Policy.

14. Contact Us

For questions, requests, or concerns regarding this Privacy Policy, please contact:

Email: [email protected]
Website: https://headshotmaster.io