Legal

Privacy Policy

Last updated: 6 July 2026

BusinessHeadshots.ai (“we”, “us”) turns your selfies into professional headshots. Because our whole product is built around photos of your face, we keep this policy short, plain, and honest. The one-sentence version: your photos are used to generate your headshots - nothing else - and we never sell your data.

What we collect

  • Account details - your email address, an optional name, and a password (stored only as a secure hash; we cannot see it).
  • Your photos - the selfie you upload for your free headshot and the reference photos (front, left, right) you add to your profile.
  • Generated images - the headshots we create for you, saved to your private gallery.
  • Payment records - payments are processed by Stripe. Your card details go directly to Stripe and never touch our servers; we keep only the purchase record (amount, credits, date).
  • Technical data - IP addresses (used for abuse prevention and rate limiting) and essential cookies (see below).

How your photos are processed

To generate a headshot, your reference photo(s) and your chosen style options are sent to our AI provider (OpenAI) over an encrypted connection. Under OpenAI's API terms, content submitted through the API is not used to train their models. We do not use your photos to train any models, we do not use them in our marketing, and we do not share them with anyone except the processors needed to run the service.

What we never do

  • We never sell or rent your personal data or photos.
  • We never use your photos for advertising or model training.
  • We never run third-party ad trackers on this site.

Cookies

We use essential cookies only: one that keeps you signed in, and one anonymous identifier that remembers your free headshot before you create an account. No analytics or advertising cookies.

Storage and retention

Your photos and generated headshots are stored securely for as long as your account is active, so your gallery stays available to you. You can replace your reference photos at any time - replaced photos are no longer used for generation. Purchase records are retained as required for accounting and tax purposes.

Who we share data with

Only the processors required to operate the service: OpenAI (image generation), Stripe (payments), and our hosting provider (infrastructure). Each receives only what it needs to perform its function.

Your rights

You can access, correct, export, or delete your data - including every photo and generated image - at any time by emailing hello@businessheadshots.ai. Account deletion removes your photos and gallery permanently. Depending on where you live, these rights may be backed by laws such as the GDPR or CCPA; we honour them for everyone regardless of location.

Security

All traffic is encrypted in transit (HTTPS). Passwords are hashed with bcrypt. Access to your images is restricted to your account. No system is perfectly secure, but if we ever become aware of a breach affecting your data, we will notify you promptly.

Children

The service is not intended for anyone under 16, and we do not knowingly collect data from children.

Changes

If we make material changes to this policy, we'll update the date above and, for significant changes, notify you by email or an in-app notice.

Contact

Questions about privacy? Email hello@businessheadshots.ai.