Headshots AI

Privacy Policy

Last updated: April 2025

1. Overview

Headshots AI ("we", "our", "us") is committed to protecting your privacy. This policy explains what personal information we collect, how we use it, and your rights under the New Zealand Privacy Act 2020.

By using headshots-ai.com you agree to the collection and use of information as described here.

2. Information We Collect

Account information

When you create an account we collect your email address and a hashed password.

Photos you upload

To generate your headshot you upload one or more photographs. These are stored securely and used solely to produce your AI-generated images. They are not shared with third parties and are automatically deleted after 30 days.

Generated images

AI-generated headshots are stored in your account and automatically deleted after 30 days unless you have an active purchase, in which case they are retained for 12 months.

Payment information

Payments are handled entirely by Stripe. We never see or store your card number, expiry, or CVV. We retain a record of the transaction amount, date, and Stripe payment reference for accounting purposes.

Usage data

We collect standard server logs including IP address, browser type, pages visited, and timestamps. This is used to maintain security, diagnose errors, and improve the service.

3. How We Use Your Information

  • To generate your AI headshots
  • To manage your account and purchases
  • To send transactional emails (receipts, delivery confirmations)
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

We do not use your photos or generated images to train AI models. We do not sell your personal information to third parties.

4. Data Processors

To operate the platform we engage trusted third-party service providers acting as data processors on our behalf. These providers are contractually bound to process your data only as directed by us, to maintain appropriate security standards, and not to use your data for their own purposes.

We use processors for the following functions: secure cloud hosting and storage, payment processing, AI image generation, and email delivery. Your uploaded photos are shared only with the AI generation processor and solely for the purpose of producing your headshot. Payment information is handled entirely by our payment processor and never passes through our own systems.

You may request a list of our current data processors by contacting us at privacy@headshots-ai.com.

5. Data Retention

  • Uploaded photos — deleted after 30 days
  • Generated images (unpurchased) — deleted after 30 days
  • Generated images (purchased) — retained for 12 months
  • Account data — retained while your account is active
  • Payment records — retained for 7 years for accounting compliance

6. Cookies

We use a single session cookie to keep you logged in. We do not use advertising, tracking, or analytics cookies. No third-party cookies are set by our service.

7. Security

All data is transmitted over HTTPS. Photos and generated images are stored in a private, access-controlled storage bucket. Access to your files requires a time-limited signed URL that is only issued to the account that owns the file.

8. Your Rights

Under the New Zealand Privacy Act 2020 you have the right to:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your account and associated data

To exercise any of these rights, email us at privacy@headshots-ai.com. We will respond within 20 working days as required by the Privacy Act.

9. Children

Our service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18.

10. Changes to this Policy

We may update this policy from time to time. Material changes will be indicated by updating the "Last updated" date above. Continued use of the service constitutes acceptance of the revised policy.

11. Contact & Complaints

For privacy enquiries contact us at privacy@headshots-ai.com.

If you are not satisfied with our response you may lodge a complaint with the Office of the New Zealand Privacy Commissioner at privacy.org.nz.