Privacy Policy
Last Updated: December 26, 2024
Important Notice: AI Headshot Generator processes your photos to generate professional
headshots. Your privacy is our top priority. We store your images securely and never sell or share them with
third parties for marketing purposes.
SUMMARY OF KEY POINTS
This summary provides key points from our Privacy Policy. You can find more details about any
of these topics by clicking the links or using our table of contents below.
What personal information do we process?
When you use our Service, we process photos you upload, generated headshots, device information,
usage statistics, and subscription data. We do NOT require account creation or collect contact
information unless you contact support. Learn more →
Do we process any sensitive personal information?
We process facial images for headshot generation purposes only. These images are NOT used for
biometric identification, authentication, or to create biometric templates. Images are processed
temporarily and not used for AI model training without your consent. Learn more →
Do we collect any information from third parties?
We do not collect any information from third parties.
How do we process your information?
We process your information to generate AI headshots, store your generation history, manage
subscriptions, improve our Service, and comply with legal obligations. We only process your
information when we have a valid legal reason to do so. Learn
more →
In what situations and with which parties do we share personal information?
We share information only with essential service providers: Supabase (cloud storage), RevenueCat
(subscription management), Apple/Google (payment processing), and AI processing services. We do NOT
sell or share your personal information for marketing purposes. Learn more →
How do we keep your information safe?
We use industry-standard encryption (HTTPS/TLS in transit, encryption at rest), secure cloud storage,
access controls, and regular security audits. However, no electronic transmission can be 100%
secure. Learn more →
What are your rights?
Depending on your location, you may have rights to access, delete, correct, or export your personal
information. You can delete all your data anytime through our in-app deletion feature. Learn more →
Do we use cookies or tracking technologies?
We use minimal analytics and device storage for app functionality. We do not use cookies or web
tracking technologies. Learn more →
1. Face Data Disclosure
Specific Disclosure for Apple Policy Compliance:
This section explicitly addresses how we handle face data to comply with Apple's App Store Review
Guidelines.
1.1 What Face Data Do We Collect?
We strictly collect only the facial image data provided by you when you upload a photo ("Original
Photo") for the specific purpose of generating professional headshots. We do NOT collect facial
geometry data, face recognition signatures, biometric identifiers, or depth map data.
1.2 How Do We Use Your Face Data?
The collected face data is used exclusively for one purpose: to act as input for our AI models to
generate the professional headshots you requested. We do NOT use your face data for user
authentication, identification, tracking, or advertising.
1.3 Will the Data Be Shared with Third Parties?
Yes, but only with necessary service providers for processing and storage:
- Google Gemini API: For AI image processing (images are processed in-memory and
not stored by Google).
- Supabase: For secure cloud storage of your uploaded photos and generated
results.
We do NOT share your face data with data brokers, marketing agencies, or any other third parties.
1.4 Third-Party Face Data Storage Practices
Apple requires us to disclose whether our third-party service providers store your face data. Here is the explicit disclosure:
Google Gemini API (AI Processing):
- Does Google store your face data? NO. Google Gemini API does NOT store your face data.
- How is data handled? Your photos are transmitted securely (encrypted via HTTPS/TLS), processed in real-time memory for AI headshot generation, and immediately discarded after processing completes.
- Retention period: Zero. No face data is retained by Google after the API request is completed.
- Google's privacy practices: Google processes data in accordance with their Privacy Policy and Data Processing Addendum. The Gemini API is subject to Google's enterprise data handling policies which prohibit using customer data to train AI models.
Supabase (Cloud Storage Provider):
- Does Supabase store your face data? YES. Supabase stores your uploaded photos and generated headshots on our behalf as our cloud storage provider.
- Why does Supabase store face data? Supabase acts as our secure cloud infrastructure provider. They store your images solely to enable us to provide the headshot generation service to you, including allowing you to access your generation history and download your headshots.
- How long does Supabase store face data? Supabase retains your face data until: (a) you delete it using the in-app "Delete All Data" feature, (b) you request deletion via email, or (c) your data becomes inactive for 2 years, after which it may be automatically deleted.
- Why this retention period? This retention period allows you to access your generated headshots at any time without time pressure. The 2-year inactivity limit ensures data is not stored indefinitely for abandoned accounts while giving active users continuous access to their images.
- Supabase's privacy practices: Supabase processes data in accordance with their Privacy Policy and Terms of Service. Supabase is SOC 2 Type II compliant, uses encryption at rest and in transit, and operates under strict data protection standards. Supabase does not access, use, or share your stored images for any purpose other than providing storage services to us.
1.5 How Long Is Face Data Retained?
Original Photos: Retained temporarily in cloud storage to facilitate the generation
process and then are subject to deletion. They are not permanently archived.
Generated Headshots: Retained in cloud storage until you choose to delete them via
the "Delete All Data" feature in the app settings, or automatically deleted after 2 years of
inactivity.
1.6 Data Location
All face data is stored securely in Supabase's cloud infrastructure (US region) and processed via
Google's enterprise AI cloud services.
2. Introduction
Welcome to AI Headshot Generator ("we," "us," or "our"). This Privacy Policy explains how we collect, use,
disclose, and protect your personal information when you use our mobile application and services
(collectively, the "Service").
By using AI Headshot Generator, you agree to the collection and use of information in accordance with this
Privacy Policy. If you do not agree with our policies and practices, do not use the Service.
Questions or concerns? Reading this Privacy Policy will help you understand your privacy
rights and choices. If you have questions, please contact us at nikolai.bora.mindwise@gmail.com.
2.1 Personal Information You Provide
Photos and Images: When you upload a photo to generate a headshot, we collect and
temporarily process your original image. This is the core functionality of our Service.
Generated Headshots: We store the AI-generated headshot images you create using our Service.
These images are stored securely in cloud storage (Supabase) and on your device.
Image Metadata: We collect metadata associated with your images, including:
- Creation date and time
- Selected style options (clothing, expression, background)
- Generation settings and parameters
- Image dimensions and file size
2.2 Automatically Collected Information
We automatically collect certain information when you use the Service:
- Device Information: Device type, operating system version, device ID, app version
- Usage Data: Generation count, subscription tier, feature usage patterns, app session
data
- Performance Data: App crashes, errors, generation success rates, processing times
- Analytics Data: Aggregated usage statistics to improve our Service
2.3 Subscription and Payment Information
If you purchase a subscription:
- Subscription Data: Plan type (weekly/monthly), subscription status, renewal dates,
generation usage counts
- Transaction Data: Purchase receipts, transaction IDs (provided by Apple/Google)
- Payment Information: We do NOT directly collect or store credit card information. All
payment processing is handled by Apple App Store, Google Play Store, and RevenueCat
2.4 Categories of Personal Information (California CCPA)
For California residents, we collect the following categories of personal information:
| Category |
Examples |
Collected |
| Identifiers |
Device ID, subscription ID, transaction IDs |
YES |
| Commercial Information |
Purchase history, subscription tier, usage records |
YES |
| Internet/Network Activity |
App usage data, generation history, feature interactions |
YES |
| Visual Information |
Uploaded photos, generated headshots |
YES |
| Inferences |
Style preferences, usage patterns |
YES |
| Sensitive Personal Information |
Facial images (for headshot generation only, NOT for identification) |
YES |
2.5 Information We Do NOT Collect
We do not require or collect:
- Personal account creation (no email or username required)
- Contact information (unless you contact support)
- Location data or GPS coordinates
- Access to contacts, calendar, or other device data
- Biometric data for identification or authentication purposes
- Social security numbers or government IDs
- Financial account information
Important: Facial Image Processing
While we process facial images to generate headshots, we do NOT:
- Use facial recognition for user identification or authentication
- Create biometric templates or identifiers from your face
- Store facial geometry or biometric data
- Use images for any purpose beyond generating your requested headshots
- Share your facial images with third parties (except secure AI processing)
Your facial images are processed temporarily for AI generation and then the processing files are deleted.
We process your information for the following purposes:
3.1 Provide Core Service
- Process your photos and generate AI-powered professional headshots
- Store your generation history for easy access
- Apply your selected style preferences (clothing, expressions, backgrounds)
- Manage your subscription and generation limits
- Enable you to download and share your headshots
3.2 Service Improvement and Analytics
- Improve AI model quality and generation results
- Analyze usage patterns to enhance user experience
- Develop new features and style options
- Fix bugs and resolve technical issues
- Monitor app performance and stability
- Understand which features are most popular
3.3 Communication and Support
- Respond to your support requests and inquiries
- Send important service notifications (subscription status, app updates)
- Communicate about changes to our policies or Service
3.4 Legal and Security
- Comply with legal obligations and respond to legal requests
- Protect against fraud, abuse, and security threats
- Enforce our Terms of Service
- Protect our rights, property, and safety
We Do NOT:
- Sell your personal information to third parties for money or other consideration
- Share your personal information for cross-context behavioral advertising
- Use your images to train AI models without your explicit consent
- Share your photos with third parties for their marketing purposes
5. What Legal Bases Do We Rely On To Process Your Information?
We process your personal information based on the following legal grounds:
4.1 Consent
When you consent: By using our Service and uploading photos, you consent to:
- AI processing of your facial images for headshot generation
- Storage of generated headshots in cloud infrastructure
- Collection of usage data to improve the Service
You can withdraw consent at any time by deleting your data or uninstalling the app.
4.2 Performance of Contract
To provide our Service: Processing is necessary to:
- Fulfill our obligations to provide AI headshot generation services
- Process your subscription and manage your account
- Deliver the features and functionality you expect
4.3 Legitimate Interests
For our legitimate business interests: We process data to:
- Improve and develop our Service and AI technology
- Analyze usage patterns and trends
- Detect and prevent fraud and security threats
- Conduct analytics and measure Service performance
We balance these interests against your privacy rights and do not process data in ways you would not
reasonably expect.
4.4 Legal Obligations
To comply with law: We process data when required by:
- Tax and financial regulations (payment records retention)
- Legal requests from authorities
- Consumer protection laws
- Data protection regulations (GDPR, CCPA, etc.)
4.5 For EEA/UK Users
If you are located in the European Economic Area (EEA) or United Kingdom (UK), our legal basis for collecting
and using personal information depends on the specific information and context:
- Consent: For AI image processing and analytics (you can withdraw anytime)
- Contractual necessity: For subscription services and headshot generation
- Legitimate interests: For service improvement, fraud prevention, and analytics (when
balanced against your rights)
- Legal obligation: For compliance with EU/UK laws
We share your information only in the following limited circumstances:
5.1 Service Providers
We share data with third-party service providers who perform services on our behalf:
- Supabase (Cloud Storage) - Stores generated headshots securely
- RevenueCat (Subscription Management) - Manages in-app purchases and subscriptions
- Apple App Store / Google Play Store - Processes payments and manages subscriptions
- AI Processing Services - Processes images temporarily for headshot generation
These providers are contractually obligated to protect your data and use it only for specified purposes.
5.2 Legal Requirements
We may disclose your information if required by law:
- To comply with legal processes (subpoenas, court orders)
- To respond to lawful requests from public authorities
- To enforce our Terms of Service
- To protect our rights, property, or safety
- To investigate fraud or security incidents
5.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part
of that transaction. We will notify you of any such change.
5.4 With Your Consent
We may share your information for other purposes with your explicit consent.
Important: We Do NOT Sell Your Data
We do not sell or rent your personal information to third parties for monetary or other valuable
consideration. We do not share your information for cross-context behavioral advertising or
marketing purposes. Your photos and generated headshots are never shared with advertisers or data
brokers.
7. Do We Offer Artificial Intelligence-Based Products?
Yes. AI Headshot Generator uses artificial intelligence technology as its core
functionality. Here's how we use AI and handle your data:
6.1 AI Technology Overview
Our Service uses advanced AI models to:
- Analyze uploaded photos to identify facial features, pose, and lighting
- Generate professional headshots based on your style selections
- Apply clothing styles, expressions, and backgrounds to create realistic portraits
- Optimize image quality and professional appearance
6.2 How AI Processes Your Images
Processing Workflow:
- Upload: You upload a photo from your device
- Secure Transmission: Image is encrypted and sent to our AI processing servers
- AI Analysis: AI analyzes facial features, pose, lighting, and composition
- Generation: AI creates a professional headshot based on your selected options
- Storage: Generated headshot is saved to cloud storage and your device
- Cleanup: Temporary processing files are immediately deleted from AI servers
6.3 AI Data Usage and Training
Important Disclosure:
- We do NOT use your uploaded photos to train AI models without your explicit consent
- We do NOT use generated headshots for AI training without permission
- Your images are processed solely to provide the Service to you
- We may use aggregated, anonymized usage data (not actual images) to improve AI performance
- Original photos are temporarily cached during processing and then deleted
6.4 AI Limitations and Disclaimers
You should be aware that AI technology has limitations:
- Variable Results: AI output quality depends on input photo quality, lighting, angle,
and resolution
- Not Perfect: Generated headshots may not always be photorealistic or meet professional
standards
- Facial Features: AI may not perfectly replicate all facial features, especially with
poor quality inputs
- Artifacts: AI may occasionally produce visual artifacts or imperfections
- Unexpected Results: AI may produce results that differ from expectations
- No Guarantees: We do not guarantee that every generation will be satisfactory or
suitable for your purposes
6.5 Third-Party AI Services
We use third-party AI processing services to generate headshots. Your images are:
- Sent securely (encrypted) to AI processing servers
- Processed in real-time and not permanently stored by AI providers
- Deleted from AI servers immediately after generation completes
- Protected by contractual agreements requiring data security and privacy
6.6 AI Decision-Making
Our AI makes automated decisions about:
- How to modify facial features for professional appearance
- Application of clothing styles and backgrounds
- Image composition and framing
- Quality optimization and enhancement
These decisions are based on AI algorithms and your selected preferences. You have control over inputs (photo
selection, style choices) and can regenerate if unsatisfied with results.
6.7 Your Rights Regarding AI Processing
You have the right to:
- Object to AI processing: Don't use the Service if you don't want AI to process your
images
- Understand AI logic: Contact us for more information about how our AI works
- Delete AI-generated content: Delete any generated headshots at any time
- Access your data: Request copies of images we store for you
8. How Do We Keep Your Information Safe?
7.1 Storage Location
Local Device Storage:
- Generation history and preferences stored locally on your device
- Usage statistics and counters stored in encrypted device storage
- Subscription status cached locally
Cloud Storage (Supabase):
- Generated headshots stored in secure cloud infrastructure
- Data centers with physical and network security
- Redundant backups for data reliability
- Geographic storage in secure, compliant data centers
7.2 Security Measures
We implement industry-standard security measures:
Encryption:
- In Transit: All data transmitted between your device and our servers uses HTTPS/TLS
encryption
- At Rest: Images and data are encrypted when stored in cloud infrastructure
- Device Storage: Local data is encrypted using platform security features
Access Controls:
- Strict access controls limit who can access your data
- Multi-factor authentication for administrative access
- Principle of least privilege for data access
- Regular access reviews and audits
Security Practices:
- Regular security assessments and vulnerability scanning
- Security patches and updates applied promptly
- Incident response procedures
- Employee training on data security
- Secure development practices
7.3 AI Processing Security
During AI generation, your images are:
- Transmitted over encrypted connections
- Processed on secure, isolated servers
- Deleted from processing servers immediately after generation
- Never logged or stored permanently during processing
- Accessed only by authorized AI processing systems
7.4 Security Limitations
Important: While we implement strong security measures, no electronic transmission or
storage can be 100% secure. We cannot guarantee absolute security and are not responsible for:
- Unauthorized access due to factors beyond our control
- Security vulnerabilities in third-party services
- Device-level security compromises
- User credential theft or account compromise
Please keep your device secure and use strong device passwords.
9. How Long Do We Keep Your Information?
8.1 Generated Headshots
We retain your generated headshots until:
- You manually delete individual images
- You delete all your data using the in-app deletion feature
- You uninstall the app and request data deletion
- Your data becomes inactive for 2 years (we may archive or delete)
Retention Period: Indefinitely until you request deletion, or 2 years of inactivity.
8.2 Original Photos
Retention Period: Temporarily during AI processing only, then immediately deleted.
Original photos you upload are:
- Cached temporarily during AI generation (typically 1-5 minutes)
- Deleted from our servers immediately after generation completes
- Not stored permanently in our systems
8.3 Usage Data and Analytics
Retention Period: Up to 24 months
- Usage statistics retained for 24 months for analysis and improvement
- Aggregated data may be retained longer (anonymized)
- Device IDs and identifiers deleted after 24 months of inactivity
8.4 Subscription and Payment Records
Retention Period: 7 years (or as required by law)
- Transaction records retained for tax and legal compliance
- Subscription history maintained for accounting purposes
- Payment data handled by Apple/Google (subject to their retention policies)
8.5 Support Communications
Retention Period: 3 years
- Email correspondence retained for customer service purposes
- Support tickets and inquiries kept for quality and training
8.6 Backup and Archive Retention
When you delete data:
- Immediate: Data marked for deletion and becomes inaccessible
- Within 7 days: Images permanently deleted from cloud storage
- Within 30 days: All backups and cached data completely removed
- Exception: Legal retention requirements may require keeping some records (e.g.,
financial transactions)
10. What Are Your Privacy Rights?
You have various rights regarding your personal information, depending on your location:
9.1 Universal Rights (All Users)
- Access: View all your generated headshots in the app's History section
- Download: Download and save your headshots to your device anytime
- Delete: Delete individual images or all your data using in-app features
- Export: Share or export your images to other apps and services
- Stop Use: Uninstall the app and request data deletion anytime
9.2 EEA/UK Users (GDPR Rights)
If you are in the European Economic Area or United Kingdom, you have additional rights:
- Right to Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restriction: Request limitation on how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing
- Right to Withdraw Consent: Withdraw consent for AI processing or analytics anytime
- Right to Lodge Complaint: File a complaint with your local data protection authority
9.3 California Users (CCPA/CPRA Rights)
See detailed California rights in Section 14: US Privacy Rights.
9.4 How to Exercise Your Rights
In-App Deletion:
- Open Settings in the app
- Go to "Data & Privacy"
- Tap "Delete All Data"
- Confirm deletion
Contact Us:
- Email: nikolai.bora.mindwise@gmail.com
- Subject: "Privacy Rights Request"
- Include: Your device type, approximate number of generations, and specific request
Response Time: We will respond to your request within 30 days (or as required by law).
9.5 Verification
To protect your privacy, we may verify your identity before processing requests. This may involve:
- Confirming device ID or subscription information
- Asking for additional information to verify your identity
- Using authentication methods appropriate to the sensitivity of the request
11. How Can You Delete Your Data?
You have full control over your data and can delete it anytime.
10.1 In-App Data Deletion
Step-by-Step Instructions:
- Open AI Headshot Generator app
- Tap Settings (⚙️ icon)
- Scroll to "Data & Privacy" section
- Tap "Delete All Data"
- Review what will be deleted
- Confirm deletion twice
- Wait for deletion to complete
What Gets Deleted:
- All generated headshots from cloud storage
- Generation history and metadata
- Usage statistics and preferences
- Local device data
- Temporarily stored original photos (if any)
What Remains:
- Subscription records (required for billing and legal compliance)
- Payment transaction history (handled by Apple/Google)
- Aggregated, anonymized analytics (no personal identification)
10.2 Manual Deletion Request
If you cannot access the app, contact us:
Processing Time: We will process manual requests within 30 days.
10.3 Deletion Timeline
- Immediate: Data marked for deletion and becomes inaccessible
- Within 24 hours: Images begin deletion from cloud storage
- Within 7 days: All images permanently deleted from primary storage
- Within 30 days: All backups and cached data completely removed
For detailed instructions, see our Data Deletion Guide.
12. Third-Party Services
We use the following third-party services to provide and improve our Service:
11.1 Supabase (Cloud Storage)
Purpose: Secure storage of generated headshots
Data Shared: Generated headshot images, metadata (date, style selections), user identifiers
Data Location: Secure cloud data centers
Privacy Policy: https://supabase.com/privacy
Data Retention: Until you delete your data or request removal
11.2 RevenueCat (Subscription Management)
Purpose: Manage in-app subscriptions and purchases
Data Shared: Device ID, subscription status, purchase transactions, app user ID
Privacy Policy: https://www.revenuecat.com/privacy
Data Use: Subscription management and analytics only
11.3 Apple App Store
Purpose: Process payments and manage iOS subscriptions
Data Shared: Apple ID, payment information, purchase history
Privacy Policy: https://www.apple.com/legal/privacy/
Payment Processing: All payment data handled by Apple (we don't access credit card info)
11.4 Google Play Store
Purpose: Process payments and manage Android subscriptions
Data Shared: Google Account ID, payment information, purchase history
Privacy Policy: https://policies.google.com/privacy
Payment Processing: All payment data handled by Google (we don't access credit card info)
11.5 AI Processing Services
Purpose: Generate professional headshots using AI technology
Data Shared: Uploaded photos (temporarily during processing only)
Data Handling:
- Images transmitted securely over encrypted connections
- Processed in real-time and not stored permanently
- Deleted immediately after generation completes
- Not used for AI model training without consent
Security: Contractual agreements require data security and privacy protections
11.6 Third-Party Responsibilities
We are not responsible for:
- Third-party privacy practices or policies
- Third-party data breaches or security incidents
- Third-party service availability or performance
- Content or accuracy of third-party services
Please review each third party's privacy policy to understand their data practices.
13. Do We Use Cookies and Other Tracking Technologies?
No, we do not use cookies. As a mobile application, we do not use web cookies or similar web
tracking technologies.
12.1 What We Use Instead
We use mobile app equivalents for necessary functionality:
- Local Storage: AsyncStorage for app preferences and generation history
- Device Identifiers: Device ID for subscription management
- Session Data: Temporary session storage for app state
12.2 Analytics
We use minimal analytics to understand app usage:
- Generation counts and success rates
- Feature usage patterns
- App crashes and errors
- Performance metrics
This data is aggregated and anonymized. We do not track individual user behavior across websites or apps.
12.3 No Cross-Site Tracking
We do NOT:
- Track your activity across different websites or apps
- Use advertising identifiers for personalized ads
- Share data with ad networks
- Create behavioral profiles for marketing
14. Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature or setting you can
activate to signal your privacy preference.
13.1 Our Position on DNT
We respect Do-Not-Track signals. If your browser or device sends a DNT signal:
- We will not track your activity beyond what's necessary for Service functionality
- We will not collect analytics data for marketing purposes
- We will minimize data collection to essential operations only
13.2 How DNT Applies to Our App
Since we are a mobile app (not a website), DNT signals work differently:
- iOS: Use "Limit Ad Tracking" in Settings → Privacy → Advertising (iOS 13) or "Allow
Apps to Request to Track" (iOS 14+)
- Android: Use "Opt out of Ads Personalization" in Settings → Google → Ads
13.3 What We Track Regardless
Even with DNT enabled, we still collect data necessary for Service functionality:
- Generation counts (to enforce subscription limits)
- Subscription status (to provide premium features)
- Basic error logs (to fix crashes and bugs)
- Storage of your generated headshots (core Service feature)
This data is essential for the app to function and cannot be disabled while using the Service.
13.4 Industry Standards
There is no universal standard for recognizing and implementing DNT signals. We follow best practices and
respect user privacy preferences whenever technically feasible.
15. Do United States Residents Have Specific Privacy Rights?
Yes. If you are a resident of certain U.S. states, you have specific privacy rights under
state law.
14.1 California Residents (CCPA/CPRA)
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide California
residents with specific rights:
Right to Know
You have the right to request disclosure of:
- Categories of personal information we collect
- Specific pieces of personal information we hold about you
- Categories of sources from which we collect personal information
- Business or commercial purposes for collecting personal information
- Categories of third parties with whom we share personal information
Right to Delete
You have the right to request deletion of your personal information, subject to certain exceptions (e.g.,
legal retention requirements).
Right to Correct
You have the right to request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing
We do NOT sell or share your personal information. We do not sell personal information for
money or other valuable consideration, and we do not share personal information for cross-context behavioral
advertising.
Right to Limit Use of Sensitive Personal Information
You have the right to limit our use of sensitive personal information (facial images) to:
- Providing the services you requested (headshot generation)
- Ensuring security and integrity
- Short-term, transient use
We already limit sensitive data use to these purposes only.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment for exercising your CCPA rights. We will not:
- Deny you services
- Charge different prices or rates
- Provide different quality of services
- Suggest you'll receive different prices or quality of services
Authorized Agent
You may designate an authorized agent to make requests on your behalf. The agent must:
- Provide proof of authorization
- Verify your identity
- Submit a signed permission from you
California "Shine the Light" Law
California Civil Code Section 1798.83 allows California residents to request information about disclosure of
personal information to third parties for direct marketing. We do not share personal information
with third parties for their direct marketing purposes.
14.2 Virginia Residents (VCDPA)
The Virginia Consumer Data Protection Act provides Virginia residents with rights to:
- Access personal data we process about you
- Correct inaccuracies in your personal data
- Delete personal data you provided
- Obtain a copy of your personal data in a portable format
- Opt out of personal data processing for targeted advertising, sale, or profiling
We do not engage in targeted advertising, sale of personal data, or profiling that produces legal or
similarly significant effects.
14.3 Colorado Residents (CPA)
The Colorado Privacy Act provides Colorado residents with similar rights:
- Access and portability of personal data
- Correction of inaccuracies
- Deletion of personal data
- Opt-out of targeted advertising, sale, or profiling
14.4 Connecticut Residents (CTDPA)
The Connecticut Data Privacy Act provides similar rights to Connecticut residents.
14.5 Utah Residents (UCPA)
The Utah Consumer Privacy Act provides Utah residents with rights to:
- Access personal data we process
- Delete personal data you provided
- Obtain a copy of personal data in a portable format
- Opt out of sale or targeted advertising
14.6 How to Exercise U.S. State Privacy Rights
Submit a Request:
- Email: nikolai.bora.mindwise@gmail.com
- Subject: "Privacy Rights Request - [Your State]"
- Include:
- Your name and state of residence
- Type of request (access, delete, correct, etc.)
- Device information for verification
- Signature (for written requests)
In-App Deletion: Use the "Delete All Data" feature in Settings → Data & Privacy
Response Time: We will respond within 45 days (or as required by applicable state law)
Verification: We may verify your identity to protect your privacy before processing
requests.
14.7 Appeals Process
If we decline your request, you may appeal by:
- Sending an email to nikolai.bora.mindwise@gmail.com
with "Privacy Rights Appeal" in the subject
- Explaining why you believe our decision was incorrect
- Providing additional information if needed
We will respond to appeals within 45 days (or as required by law). If we deny your appeal, we will provide
information about how to contact your state attorney general or data protection authority.
16. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence, including
Bulgaria (where our service is operated) and the United States (where our cloud infrastructure is located).
15.1 EEA/UK Transfers
If you are in the European Economic Area or United Kingdom, we ensure appropriate safeguards for
international data transfers:
- Standard Contractual Clauses: We use EU-approved Standard Contractual Clauses with our
service providers
- Adequacy Decisions: We transfer data only to countries with adequacy decisions where
possible
- Additional Safeguards: Technical and organizational measures to protect your data
15.2 Data Protection Standards
Regardless of where your data is processed, we maintain the same level of protection as required by:
- GDPR (for EEA/UK users)
- CCPA/CPRA (for California users)
- Other applicable data protection laws
15.3 Your Rights Regarding Transfers
You have the right to:
- Request information about international data transfers
- Obtain copies of safeguards in place
- Object to transfers in certain circumstances
17. Do We Collect Information From Minors?
Age Restrictions:
- AI Headshot Generator is intended for users aged 13 and older (16 in the EEA/UK)
- We do not knowingly collect personal information from children under 13 (or 16 in EEA/UK)
16.1 Parental Consent
If you are under 18, please obtain parental consent before using the Service. Parents and guardians should
supervise their children's use of the app.
16.2 If We Discover Child Data
If we learn that we have collected personal information from a child under the minimum age without parental
consent, we will:
- Delete the information as quickly as possible
- Not use the information for any purpose
- Terminate access to the Service
16.3 Parental Rights
Parents or guardians who believe their child has provided us with personal information may contact us at nikolai.bora.mindwise@gmail.com to request deletion.
18. Do We Make Updates To This Policy?
Yes. We may update this Privacy Policy from time to time to reflect:
- Changes to our practices
- New features or services
- Changes in technology
- Legal or regulatory requirements
17.1 How We Notify You
When we make material changes, we will notify you by:
- Updating the "Last Updated" date at the top of this Policy
- Displaying an in-app notification
- Posting the updated Policy on our website
- Sending a notification through the app (for significant changes)
17.2 Your Acceptance
Your continued use of the Service after changes become effective constitutes acceptance of the updated
Privacy Policy. If you do not agree with the changes:
- Stop using the Service
- Delete your data using the in-app deletion feature
- Uninstall the application
17.3 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your
information.
18.1 Privacy Rights Requests
For requests related to your privacy rights, including:
- Access to your personal data
- Correction of inaccurate data
- Deletion of your data
- Data portability requests
- Objection to processing
- Questions about this Privacy Policy
- Complaints or concerns
Please contact us at nikolai.bora.mindwise@gmail.com
with "Privacy Rights Request" in the subject line.
Response Time: We will respond to your request within 30 days (or as required by applicable
law).
18.2 EEA and UK Users - Supervisory Authority
If you are located in the European Economic Area or United Kingdom, you have the right to lodge a complaint
with your local data protection authority if you believe we have violated your privacy rights.
EU Data Protection Authorities: Find your local authority
UK Information Commissioner's Office: https://ico.org.uk/make-a-complaint/
18.3 California Privacy Rights - Contact the Attorney General
California residents may contact the California Attorney General's office regarding privacy concerns:
California Department of Justice
Privacy Enforcement Section
File a
complaint
Your privacy is important to us.
We are committed to protecting your personal information and being transparent about our data practices.
Thank you for trusting AI Headshot Generator with your photos and data.
← Back to Legal Home