1. Information We Collect

1.1 Personal Information

When you use HeadshotsReady, we collect the following personal information:

• Name and email address (via Google authentication)
• Profile picture from your Google account
• Payment information (processed securely through our payment provider)
• Account preferences and settings

1.2 Photos and Images

To provide our AI headshot generation service, you upload photos of yourself. These photos are:

• Temporarily stored on our secure servers
• Processed by our AI models to generate professional headshots
• Automatically deleted within 30 days after generation
• Never used to train public AI models without your explicit consent
• Never shared with third parties for marketing purposes

1.3 Usage Data

We automatically collect certain information about your device and how you interact with our service:

• Browser type and version
• Device information (operating system, device type)
• IP address and general location (city/country level)
• Pages visited and features used
• Time and date of access

2. How We Use Your Information

We use your information for the following purposes:

• To provide and maintain our AI headshot generation service
• To process your uploaded photos and generate professional headshots
• To process payments and manage your subscription
• To communicate with you about your account, updates, and support
• To improve our service quality and user experience
• To detect and prevent fraud, abuse, and security issues
• To comply with legal obligations and enforce our Terms of Service

3. Data Sharing and Disclosure

3.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or photos to third parties for marketing purposes.

3.2 Service Providers

We may share your information with trusted service providers who assist us in operating our service:

• Cloud hosting providers (for secure data storage)
• Payment processors (for subscription and payment processing)
• AI model providers (for headshot generation - your photos are not used for training)
• Email service providers (for account notifications)

All service providers are contractually obligated to protect your data and use it only for the specified purposes.

3.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

4. Data Security

We implement industry-standard security measures to protect your information:

• Enterprise-grade encryption for data in transit (TLS/SSL) and at rest (AES-256)
• Secure authentication via Google OAuth 2.0
• Regular security audits and vulnerability assessments
• Access controls and monitoring to prevent unauthorized access
• Secure payment processing (PCI DSS compliant)

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

• Uploaded photos: Automatically deleted within 30 days after headshot generation
• Generated headshots: Stored until you delete them or close your account
• Account information: Retained while your account is active
• Payment records: Retained for 7 years for tax and legal compliance

6. Your Rights

Under applicable data protection laws (including GDPR and CCPA), you have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of data processing
• Withdraw consent: Withdraw consent for data processing at any time

To exercise these rights, please contact us at [email protected]. We will respond within 30 days.

7. Cookies and Tracking

We use essential cookies for:

• Authentication and session management
• Security and fraud prevention
• Remembering your preferences

We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect service functionality.

8. Children's Privacy

HeadshotsReady is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by regulatory authorities
• Compliance with GDPR and other data protection regulations
• Adequate security measures for international transfers

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date
• Sending you an email notification (for material changes)

Your continued use of HeadshotsReady after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: