ProProfilePhoto.com

Loading...

Privacy Policy

Last Updated: 16 November 2025

Privacy at a Glance

Here’s a quick summary of our privacy practices:

  • We DO NOT train AI models on your photos. Your images are used only to create your headshots.
  • We DO NOT use tracking or advertising cookies. We only use essential cookies for login.
  • We DO NOT sell your data. We only share it with essential, GDPR-compliant service providers (Google Vertex AI, Azure, PayPal).
  • You own your images. You can download and delete them at any time.

1. Introduction

Welcome to ProProfilePhoto.com ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This policy outlines how we collect, use, process, and safeguard your information in compliance with the General Data Protection Regulation (GDPR) and other relevant privacy laws.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Your email address and authentication credentials when you create an account.
  • Uploaded Photos: The images you upload for the purpose of generating headshots.
  • Generation Parameters: Information you provide for customization, such as profession, a bio, or a job description.

2.2 Information We Collect Automatically

  • Usage Data: Anonymized data about your interactions with our service, such as pages visited and features used.
  • Device Information: Anonymized browser type and operating system. We do not collect or store your IP address.
  • Essential Cookies: We use session cookies that are strictly necessary for authentication and site functionality.
  • Analytics: Anonymous, aggregated usage statistics via Azure Application Insights. This process is cookie-less and does not collect personal data.

3. Legal Basis for Processing Your Information

Under GDPR, we process your data based on the following legal grounds:

  • Performance of a Contract (Art. 6(1)(b) GDPR): We process your account data, uploaded photos, and payment information to provide the core service you requested—generating AI headshots.
  • Legitimate Interests (Art. 6(1)(f) GDPR): We process anonymous usage data to understand how our service is used, prevent fraud, and improve the user experience. Our interest in improving our service does not override your fundamental rights and freedoms.
  • Legal Obligation (Art. 6(1)(c) GDPR): We may process certain data to comply with legal and tax obligations.

4. How We Use Your Information

Your information is used exclusively to:

  • Generate AI-powered professional headshots from your photos.
  • Manage your account, provide access, and maintain security.
  • Process payments for token purchases via our payment processor.
  • Send essential service-related notifications (e.g., password resets). We will not send marketing emails.
  • Comply with legal obligations and enforce our terms.
  • Analyze anonymous usage patterns to improve our service.

Important: Your uploaded photos and personal data are NEVER used to train third-party AI models. We use Google's Gemini API under terms that prohibit them from using your data for model training.

5. Data Storage and Security

We implement robust technical and organizational measures to protect your data. It is stored securely within Microsoft Azure's infrastructure with industry-standard encryption:

  • Default Encryption: All data is encrypted at rest by default within Azure Blob Storage and Azure SQL Database using 256-bit AES encryption. Data is also encrypted in transit via HTTPS/TLS.
  • Access Controls: We enforce strict access controls and authentication measures to prevent unauthorized access to your data.

6. Data Retention

We retain your data only for as long as necessary:

  • Generated Images: Stored for as long as your account exists, unless you delete them sooner.
  • Account Data: Retained as long as your account is active. It will be deleted upon your request to close your account.
  • Anonymous Session Images: Images from non-authenticated sessions are automatically deleted after 24 hours.

7. Data Sharing and Third-Party Sub-processors

We do not sell your personal data. We only share data with trusted third-party service providers (sub-processors) who are essential for delivering our service:

  • AI Service Providers: Google (Vertex AI, `europe-west1` region) for image generation.
  • Cloud Infrastructure: Microsoft (Azure) for hosting, database, and storage.
  • Payment Processors: PayPal for secure payment processing. We do not collect, store, or have access to your payment card details.
  • Analytics: Microsoft (Azure Application Insights) for anonymous, cookie-less usage analytics.
  • Legal Requirements: We may disclose data if required by law or to protect our legal rights.

8. Your Rights Under GDPR

As a user, you have the following rights over your personal data:

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data.
  • Right to Restrict Processing: You can request that we limit the processing of your data.
  • Right to Data Portability: You can request your data in a machine-readable format.
  • Right to Object: You can object to our processing of your data based on legitimate interests.
  • Right to Withdraw Consent: You can withdraw consent at any time where consent is the legal basis for processing.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (such as the data protection authority in your country or state).

To exercise these rights, please contact us at proprofilephoto4you@gmail.com.

9. Cookies

We use only "strictly necessary" cookies for essential functions like keeping you logged in. We do not use cookies for analytics, advertising, or tracking. Because we only use essential cookies, we are not required to show a cookie consent banner.

10. Data Processing within the EEA

To ensure full compliance with GDPR, all our data processing, including AI image generation, occurs within the European Economic Area (EEA).

  • Hosting: Our application servers, database, and storage are hosted in Microsoft Azure's West Europe region.
  • AI Processing: We use Google's Vertex AI services, specifically configured to process all data within the "europe-west1" (Belgium) region. This ensures that your uploaded photos and prompts are not transferred outside the EEA for AI generation.

By processing all data within the EEA, we provide strong data protection guarantees under GDPR. Payments are processed by PayPal, which may process personal data under its own terms. Please refer to PayPal’s privacy policy for details on its data handling practices.

11. Children's Privacy

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

14. Data Protection Officer

As a small business, we are not required to appoint a formal Data Protection Officer (DPO). For any data protection inquiries, please use the contact details provided above.

← Back to Home