🔐 Data Encryption & Protection

We use military-grade encryption to protect your data at every stage:

• TLS 1.3 encryption for all data in transit between your device and our servers
• AES-256 encryption for all data at rest in our secure cloud infrastructure
• Encrypted backups with separate encryption keys
• Secure key management using industry-standard HSM (Hardware Security Modules)

🏗️ Secure Infrastructure

Our infrastructure is built on enterprise-grade cloud platforms with multiple layers of security:

• Hosted on AWS/Google Cloud with enterprise-level security certifications
• Isolated environments with network segmentation
• DDoS protection and Web Application Firewall (WAF)
• Regular security patches and system updates
• 24/7 infrastructure monitoring and intrusion detection
• Automated threat detection and response systems

🔑 Access Controls & Authentication

We implement strict access controls to ensure only authorized personnel can access systems:

• Multi-Factor Authentication (MFA) required for all team members
• Role-Based Access Control (RBAC) with principle of least privilege
• Secure Google OAuth 2.0 authentication for users
• Regular access reviews and automatic deprovisioning
• Audit logs for all system access and data operations

📸 Photo & Biometric Data Handling

Your photos contain sensitive biometric data. Here's how we protect them:

• Photos are processed in secure, isolated environments
• Temporary storage only - original photos deleted within 30 days
• No permanent storage of biometric identifiers beyond processing needs
• Photos never shared with third parties for marketing or training
• AI processing happens on our secure servers, not on third-party systems
• You retain full ownership and can request deletion at any time

✅ Compliance & Certifications

We adhere to the highest industry standards and regulatory requirements:

🛡️ Security Best Practices

We follow industry best practices to maintain the highest security standards:

• Regular third-party security audits and penetration testing
• Vulnerability scanning and patch management
• Secure software development lifecycle (SDLC)
• Code reviews and security testing before deployment
• Incident response plan with 24/7 security team
• Employee security training and background checks
• Data loss prevention (DLP) measures

🤝 Our Privacy Commitments

👤 Your Rights & Control

You have complete control over your data. You can:

• Access all your personal data and photos at any time
• Download your generated headshots in high resolution
• Delete your photos and account whenever you want
• Request a copy of all data we have about you
• Opt out of marketing communications
• Request data portability to another service

🚨 Security Incident Response

In the unlikely event of a security incident:

• 24/7 security team monitors for threats and anomalies
• Immediate containment and investigation procedures
• Notification to affected users within 72 hours (GDPR requirement)
• Transparent communication about the incident and remediation steps
• Post-incident analysis and security improvements

🤝 Trusted Subprocessors

We carefully select reliable subprocessors to ensure the security and integrity of our services. These may include:

• Cloudflare — File storage
• Amazon SES — Email service provider
• Creem — Payments
• Hetzner — Cloud infrastructure
• Cloudflare — DNS

📧 Contact Our Security Team

Have security questions or concerns? We're here to help: