Privacy Policy

1. Introduction

AI Professional Portrait ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered professional portrait generation service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Password (encrypted and hashed via Supabase Auth)
• Account creation date
• Login activity and session information

2.2 Photos and Generated Content

When you use our service:

• Photos you upload are processed temporarily to generate portraits
• Original uploaded photos are not permanently stored
• Generated portraits are stored in your account for your access
• Portrait style selections and generation history are recorded

2.3 Payment Information

Payment processing is handled by Stripe. We collect:

• Transaction IDs and payment status
• Purchase history and subscription status
• Credit balance and usage records

We do not store or have access to your full credit card numbers. All payment data is securely handled by Stripe according to their privacy policy and PCI-DSS compliance.

2.4 Usage Data

We automatically collect:

• Browser type and version
• Device information
• IP address (for security and fraud prevention)
• Pages visited and features used
• Generation timestamps and completion status

3. How We Use Your Information

We use collected information to:

• Provide and maintain our portrait generation service
• Process payments and manage subscriptions
• Generate AI portraits based on your uploaded photos
• Track credit usage and enforce service limits
• Send service-related notifications and updates
• Respond to customer support inquiries
• Detect and prevent fraud or abuse
• Improve our service quality and features
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

4.1 Service Providers

• Google Gemini AI: Photos are sent to Google's Gemini 2.5 Flash API for portrait generation. Google processes images according to their privacy policy.
• Supabase: User authentication, database storage, and file storage services.
• Stripe: Payment processing and subscription management.
• Vercel: Website hosting and deployment.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

5. Data Security

We implement industry-standard security measures:

• All data transmissions are encrypted using HTTPS/TLS
• Passwords are hashed and salted using bcrypt
• Database access is restricted and authenticated
• Payment data is handled exclusively by PCI-compliant Stripe
• Regular security audits and updates

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

• Uploaded Photos: Deleted immediately after portrait generation (typically within minutes)
• Generated Portraits: Stored in your account indefinitely until you delete them or close your account
• Account Data: Retained while your account is active and for up to 90 days after account deletion for legal compliance
• Transaction Records: Retained for 7 years for tax and legal compliance

7. Your Rights and Choices

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct your account information
• Deletion: Request deletion of your account and associated data
• Portability: Export your generated portraits
• Opt-out: Unsubscribe from marketing communications
• Object: Object to certain data processing activities

To exercise these rights, contact us at glistisaac@gmail.com

8. Cookies and Tracking

We use essential cookies and local storage to:

• Maintain your login session
• Remember your preferences
• Ensure security and prevent fraud

We do not use third-party advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect service functionality.

9. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our service, you consent to such transfers. We ensure appropriate safeguards are in place for international data transfers.

11. Third-Party Services

Our service integrates with:

• Google Gemini: Google Privacy Policy
• Stripe: Stripe Privacy Policy
• Supabase: Supabase Privacy Policy

We are not responsible for the privacy practices of these third-party services.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Material changes will be communicated via email or prominent notice on our website. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

Email: glistisaac@gmail.com