HeadshotZen

Privacy Policy

Last updated: March 1, 2026

1. Information We Collect

When you use HeadshotZen, we collect the following information:

  • Account information: Your name, email address, and profile picture provided through Google OAuth sign-in.
  • Photos you upload: The selfies and photos you upload for AI headshot generation.
  • Generated images: The AI-generated headshots created from your uploads.
  • Payment information: Payment details are processed securely by Paddle, our Merchant of Record. We do not store your credit card information. Paddle may collect billing details such as your name, email, country, and payment method to process transactions and comply with tax regulations.
  • Usage data: Basic analytics such as pages visited and features used.

2. How We Use Your Information

  • To generate AI headshots based on your uploaded photos.
  • To manage your account and credit balance.
  • To process payments through Paddle.
  • To send transactional emails (e.g., payment confirmations).
  • To improve our service and user experience.
  • To respond to your support requests.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you requested (account management, headshot generation, payment processing).
  • Legitimate interest: Improving our Service, preventing fraud, and ensuring security.
  • Consent: Where you have given explicit consent, such as for marketing communications (if applicable).
  • Legal obligation: Where processing is required to comply with applicable laws.

4. Photo Storage & Deletion

Your uploaded photos are stored securely on Supabase cloud infrastructure. Generated headshots are stored in your account for you to download at any time. You may request deletion of all your photos and generated images by contacting us at support@headshotzen.com. We will process deletion requests within 30 days.

5. Third-Party Services

We use the following third-party services to operate HeadshotZen:

  • Supabase: Database, authentication, and file storage.
  • fal.ai: AI image generation processing.
  • Paddle: Payment processing (Merchant of Record). Paddle handles all payment transactions, invoicing, sales tax, and refunds on our behalf. See Paddle's Privacy Policy.
  • Vercel: Website hosting.
  • Google: OAuth authentication.

Each of these services has their own privacy policy governing how they handle your data. We only share the minimum data necessary for each service to function.

6. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS), secure authentication, and access controls. However, no method of transmission over the Internet is 100% secure.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (“right to be forgotten”).
  • Data portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit the processing of your data.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@headshotzen.com. We will respond within 30 days.

9. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies for advertising purposes.

11. Children's Privacy

HeadshotZen is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page with an updated date.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@headshotzen.com.