Privacy Policy

This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI‑powered business headshots service.

Key points at a glance

• We only use technically necessary cookies — for authentication and to enable secure payment collection.
• Uploaded photos are stored on servers located in the United States.
• We do not share your photos or personal data with third parties except to provide our service.
• For AI generation, we use Google AI models hosted by Google. Your photos are sent to these models for processing but are not permanently stored by Google and are not used to train Google models.
• For payments, we use Polar Software Inc (San Francisco, USA), which processes payment‑related data on our behalf.
• You can delete uploaded photos, delete generated photos, and request account deletion at any time.

Who we are (data controller)

AI Business Headshots by MaxedApps GmbH ("we", "us", "our") is the controller responsible for your personal data.

AI Business Headshots by MaxedApps GmbH
Lena‑Christ‑Straße 2, 82031 Grünwald, Germany
HRB 302504
Email: [email protected]

Merchant of Record and roles

For purchases made via our checkout, Polar Software Inc acts as the Merchant of Record and reseller of our digital services. In that context, Polar is an independent data controller for billing, taxation, and payment processing information it collects to comply with its legal obligations and to process your transaction. We remain the controller for your account, content, and Service usage data. We have data processing agreements and/or appropriate terms in place with our providers.

Personal data we process

• Account data: name, email address, password hash, authentication tokens.
• Payment and billing data: transaction IDs, payment status, billing country, VAT/GST numbers where applicable, and other billing details processed by Polar Software Inc (MoR). We do not store full payment card details.
• Content data: uploaded photos, generated photos, generation metadata and preferences (attire, backgrounds, poses).
• Technical data: IP address, device and browser information, and basic logs for security and fraud prevention.

How we use your data (purposes and legal bases)

• Provide and operate the service (Art. 6(1)(b) GDPR — contract): account creation, authentication, photo upload, AI generation, downloads.
• Process payments (Art. 6(1)(b) and 6(1)(f) GDPR): purchase handling, fraud prevention, invoicing and payment confirmations via Polar Software Inc (as independent controller for its processing).
• Communication (Art. 6(1)(b) GDPR): service updates, transactional emails (e.g., verification, receipts).
• Security and compliance (Art. 6(1)(c) and 6(1)(f) GDPR): detect abuse, enforce Terms, maintain logs, and meet legal obligations (tax, accounting).

Technically necessary cookies

We only set cookies that are strictly necessary to deliver the service, such as session cookies for authentication and cookies required to complete a payment through Polar. We do not use advertising or marketing cookies.

AI processing with Google

We use Google‑hosted AI models to transform your uploaded photos into business headshots. Photos are transmitted to Google for processing and returned to us. Google does not permanently store your photos or use them to train models; processing is ephemeral and limited to completing your request.

Service providers and sharing

• Cloud storage: We store photos and generated images on US‑based infrastructure (e.g., S3‑compatible object storage).
• Payments (Polar as MoR): Polar Software Inc acts as the Merchant of Record and independent controller for billing and tax data related to your purchase and may receive data necessary to complete and evidence the transaction.
• Email delivery: Transactional emails may be sent through an email service provider (e.g., AWS SES).

We do not sell your personal data. We only share data with providers necessary to operate the service, under appropriate data protection agreements or, where applicable, controller-to-controller terms.

International transfers

Where data is transferred outside the European Economic Area (EEA), we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and implement additional measures where required. For payments processed by Polar Software Inc (USA) and generation performed on Google infrastructure (USA), we apply SCCs where applicable and require equivalent protections. Polar may also rely on its own transfer mechanisms where it acts as an independent controller.

Data retention

• Uploaded and generated photos are retained until you delete them or delete your account.
• Transactional records (e.g., invoices) are kept as required by law (typically 6–10 years in the EU).
• Backups and logs may persist for a limited period for security and continuity (e.g., up to 30–90 days).

Polar Software Inc may retain billing and tax data as required by applicable law in the jurisdictions where it operates.

Your rights

Subject to applicable law (e.g., GDPR), you have the right to access, rectify, erase, restrict processing, object, and request data portability. You also have the right to withdraw consent where processing is based on consent.

To exercise these rights or to request account deletion, contact us at [email protected]. For invoices, payment details, or tax-handling queries related to purchases, you may be directed to Polar Software Inc where it acts as an independent controller.

You also have the right to lodge a complaint with your local supervisory authority.

Children

Our service is intended for individuals 18 years and older. We do not knowingly process data of minors. If you believe a minor has provided data to us, please contact us and we will take appropriate action.

Security

We implement technical and organizational measures to protect your data, including encryption in transit, access controls, and least‑privilege practices. No method of transmission or storage is 100% secure, but we strive to protect your information to the best of our ability.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in technology, law, or our practices. We will post the updated version with the effective date above. If changes are material, we will provide additional notice where required.

Contact

AI Business Headshots by MaxedApps GmbH
Lena‑Christ‑Straße 2, 82031 Grünwald, Germany
HRB 302504
Email: [email protected]