professional-headshots/ai
HomeLegalPrivacy policy
LEGAL · UPDATED 1 JUN 2026

Privacy policy.

How professional-headshots.ai collects, uses and protects your personal data under applicable law. Plain language, no dark patterns.

Updated 1 Jun 2026Version v4Jurisdiction Germany / EUStatus ● Privacy-first
Celsios GmbH
Cosimastr. 121
81925 München, Germany

Managing Director: Justus Wiedemann
Amtsgericht Frankfurt am Main, HRB 134969
VAT ID: DE442429324
Contact: help@professional-headshots.ai

At professional-headshots.ai ("we", "us", "our"), we are committed to protecting your privacy. This Privacy Policy describes how your personal information is collected, used and shared when you use our Service.

01Information we collect.

When you use our Service, we may collect:

  • Personal information: name, email address and other info you provide when you create an account.
  • Usage information: actions you take on the Service.
  • Log files: records of actions taken on our website or app, stored for 180 days, including timestamp, IP and user agent.

02How we use it.

We use the information to:

  • provide, maintain and improve the Service;
  • respond to your inquiries and provide customer service;
  • communicate with you about updates and changes;
  • monitor and analyze trends and usage;
  • detect, investigate and prevent fraudulent transactions;
  • personalize features that match user profiles.

03Third-party services.

We use a small number of third-party services:

  • Supabase (EU-hosted): authentication and database storage. Data hosted in the EU.
  • EU-based cloud storage and CDN: for image storage and serving.

04Sharing of information.

We do not sell your personal information. We may share with third parties:

  • with your consent or at your direction;
  • with vendors and service providers carrying out work on our behalf;
  • in response to a request for information required by applicable law;
  • to protect the rights, property and safety of professional-headshots.ai or others.

05Data security.

Selfies and generated portraits are encrypted in transit (TLS 1.3) and at rest (AES-256) on EU-based infrastructure. Access is limited to authenticated workers strictly required for processing your order. We take additional measures to help protect information about you from loss, theft, misuse and unauthorized access. No system can be guaranteed to be 100% secure.

06Changes to this policy.

professional-headshots.ai may modify this Privacy Policy. We will notify you by revising the date at the top, and depending on the changes, we may provide additional notice. By continuing to use the Service, you agree to be bound by the revised Privacy Policy. Questions? help@professional-headshots.ai.

07Your rights under applicable law.

If you reside in the European Economic Area, you have these rights:

  • Access: request a copy of the personal information we hold about you.
  • Rectification, deletion and restriction: request that we correct, delete or restrict processing.
  • Objection: challenge processing based on legitimate interest. You can object to direct marketing.
  • Data portability: request transfer of personal information you provided.
  • Withdraw consent: at any time, where processing is consent-based.
  • Complain: lodge a complaint with your local data protection authority.

To exercise these rights: help@professional-headshots.ai.

08Breach notification.

If we become aware of a data breach that impacts your personal data, we will notify you as soon as possible but no later than 72 hours after discovery.

09Authentication via Supabase.

We use Supabase (EU-hosted) for authentication. When you sign up or in:

  • Email address: used to create your account.
  • Profile information: if you sign in via Google, we may receive your name and profile picture.

Authentication data is stored in the EU. See the Supabase Privacy Policy.

10Cookies.

We use cookies and similar technologies to ensure our website functions properly, improve user experience and analyze usage:

  • essential cookies for security, authentication and payments;
  • functional cookies for your settings and preferences;
  • analytics cookies to understand usage and improve performance;
  • marketing cookies (if applicable) to measure relevant advertising.

You can manage cookies through your browser settings. Restricting cookies may affect functionality.

11AI pictures.

Your uploaded selfies, the private model trained from them and the generated portraits are stored on our secure EU servers and used solely to fulfil your order. They are never used to train any general-purpose AI and never shared with third parties for advertising or model training.

Automatic deletion after 30 days. No later than 30 days after your order is completed, we permanently delete all selfies, generated portraits and the trained model adapter from our servers via an automated daily job. You will receive a courtesy email reminder 10 days and 1 day before deletion. The trained model adapter is additionally discarded at our EU GPU provider under their own retention policy.

You can also delete everything immediately at any time from your studio. After deletion, only a minimal anonymised order record remains (no images, no biometric data) for accounting and refund-audit purposes as required by tax law.

12Corporate customers and teams.

During registration or at payment completion, a separate data processing agreement is concluded with the corporate customer.

When you order headshots for teams, you can invite employees via email. By providing the email address of your employee(s) or uploading their images, you declare that you are authorized to do so in compliance with applicable regulations, especially data-protection law, and hold professional-headshots.ai harmless in this regard.

← Back to home