Privacy Policy

1. Who We Are

ProfileHero.ai is operated in the United Kingdom. We provide AI-based image generation services that create professional-style headshots from user-uploaded photos.

For data protection purposes, we act as the data controller of your personal data under the UK GDPR and EU GDPR.

You can contact us regarding this Policy or your data rights.

2. Information We Collect

We collect and process personal data when you use our Services. This includes:

a. Information You Provide to Us

When using our Services, you may provide:

• Account Information: Name, email address, and password when you register or sign in.
• Payment Information: Billing details processed securely through our payment provider (Stripe). We do not store full payment card details.
• Uploaded Photos: Images you upload to create AI-generated headshots.
• User Preferences: Your chosen styles, clothing, and backgrounds.
• Communications: Messages or feedback you send to us via email, contact forms, or other channels.

b. Information derived or generated

• AI-generated images and associated descriptive data produced by our systems.
• Analytical data derived from uploaded images, which may include facial structure, lighting, background features, and visual characteristics such as hair or eye colour, or other descriptive attributes inferred by our AI model.
• Technical data, including IP address, device type, browser information, and usage logs collected automatically through analytics tools.

c. Cookies and tracking

• We use cookies and similar tracking technologies for functionality, analytics, and advertising.
• These may include Google Analytics, Meta (Facebook) Pixel/Ads, LinkedIn Ads, Reddit Ads, and similar services that help us understand site usage and deliver relevant advertising.
• Additional advertising or analytics platforms may be introduced in future, and will be updated in this Policy as required.
• You can manage or withdraw cookie consent at any time via your browser settings.

3. How We Use Your Data

We process personal data for the following purposes:

• To create and deliver AI-generated headshots based on your inputs.
• To operate, maintain, and improve our Services and website.
• To communicate with you, including responding to enquiries and providing support.
• To process payments and issue refunds under our Refund & Money-Back Guarantee Policy.
• To send administrative and promotional communications where you have consented or where legitimate interest applies.
• To conduct usage analytics, measure performance, and enhance marketing.
• To prevent, detect, and investigate fraud, misuse, or security breaches.

4. Lawful Basis for Processing

We process data under the following lawful bases:

• Contractual necessity: to provide the Services you have purchased or requested.
• Legitimate interests: to maintain security, analyse usage, and improve user experience.
• Consent: for marketing communications, cookies, and optional processing.
• Legal obligations: to comply with accounting, tax, and regulatory requirements.

5. How We Share Your Data

We may share your personal data with trusted third parties who assist in operating our Services, including:

• AI processing and storage providers (e.g., Astria, Replicate, Cloudinary).
• Payment processors (e.g., Stripe, PayPal).
• Authentication and access providers (Google, Facebook, LinkedIn).
• Analytics and advertising services (Google, Meta, LinkedIn, Reddit).
• Professional advisers (legal, audit, or compliance services).
• Regulators or law enforcement where legally required.

These providers maintain their own data protection practices and security standards.

We take reasonable steps to ensure they handle your information lawfully and securely.

6. Data Retention

We retain your personal data only as long as necessary to provide our Services and fulfil the purposes outlined in this Policy:

• Uploaded Photos: Retained for up to 30 days to allow for regeneration, quality review, or refund assessment. You can request earlier deletion at any time.
• Generated Headshots: Retained indefinitely as part of your deliverables unless you request deletion.
• Account Data: Retained for as long as your account is active, or as required to comply with legal obligations.

7. Your Rights

Under applicable data protection law, you have the right to:

• Access, correct, or delete your personal data.
• Object to or restrict processing in certain circumstances.
• Withdraw consent where processing is based on consent (e.g., marketing).
• Request a copy or transfer of your data (data portability).
• Lodge a complaint with a supervisory authority if you believe your rights have been infringed.

To exercise these rights, please contact us. We may request verification of your identity before processing your request.

8. Marketing Communications

We may send marketing or promotional communications about our products and offers where you have provided consent or where legitimate interest applies.

You can unsubscribe at any time via the link in the email or by contacting us directly.

We also use advertising platforms (Google, Meta, LinkedIn, Reddit) to show tailored ads to users who have interacted with our site.

9. Data Security

We implement technical and organisational measures to safeguard personal data, including encryption, secure storage, and access controls.

Despite these measures, no system is completely secure, and data transmission over the internet is at your own risk.

10. International Transfers

Some service providers may process data outside the UK or EEA.

Where this occurs, we ensure that appropriate safeguards—such as Standard Contractual Clauses or equivalent legal mechanisms—are in place to protect your data.

11. Children's Privacy

Our Services are not intended for or directed toward individuals under the age of 18, and we do not knowingly collect data from minors.

If you believe a minor has submitted personal data, please contact us immediately to request deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically.

Any changes will be posted with a new "Last updated" date.

Continued use of the Services after such changes constitutes acceptance of the updated Policy.

13. Contact

For questions about this Policy or to exercise your data rights, please contact us.

14. User Content

You retain ownership of your original photos and any AI-generated images you create. However, by submitting User Content (your original photos and any prompts or instructions), you grant ProfileHero.ai a worldwide, non-exclusive, royalty-free licence to store, process, and use your User Content solely to deliver and improve the Services. This includes generating images and performing necessary technical operations.

We will not share your User Content with third parties for their own marketing purposes, except as required by law or as described in this Policy.

You agree that you will not submit any User Content that infringes on the intellectual property rights, privacy rights, or other legal rights of any third party.

You are solely responsible for the User Content you submit.