Artifex AI
Back to home

Privacy Policy

Last updated: March 14, 2026

1. Data We Collect

We collect the following categories of personal data:

  • Account data: Email address, display name, hashed password
  • Biometric data: Facial photographs uploaded as reference images for AI headshot generation. These images are processed to extract facial features for model training.
  • Generated content: AI-generated headshots created from your reference photos
  • Payment data: Transaction records and credit balance (payment card details are processed directly by Stripe and never stored on our servers)
  • Usage data: Log data, generation history, and service interaction records

2. How We Use Your Data

Your personal data is used for the following purposes:

  • To provide and operate the AI headshot generation service
  • To process payments and manage your credit balance
  • To send transactional emails (verification, password reset, generation notifications)
  • To detect and prevent fraud and abuse
  • To improve our service quality and AI model performance (using anonymized, aggregated data only)

3. Data Retention Periods

  • Reference photos: Retained while your account is active. Deleted within 30 days of account deletion or deletion request.
  • Generated headshots: Retained while your account is active. Deleted within 30 days of account deletion.
  • AI training data: Temporary model weights are deleted after generation is complete. No persistent model of your likeness is retained.
  • Account data: Retained until account deletion. Post-deletion, anonymized records may be retained for legal compliance.
  • Payment records: Retained for 7 years as required by tax and financial regulations.

4. Third-Party Data Sharing

We share your data with the following categories of third parties:

  • Payment processor (Stripe): For processing credit card transactions
  • Cloud infrastructure (AWS): For photo validation services (AWS Rekognition) — images are processed transiently and not stored by AWS
  • AI generation (Replicate): For AI headshot generation — images are processed transiently per their data processing agreement
  • Email service (Resend): For sending transactional emails
  • Error tracking (Sentry): For monitoring service health — no personal images are shared

We do not sell your personal data. We do not share your data with third parties for marketing purposes.

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you
  • Right to rectification: Request correction of inaccurate personal data
  • Right to erasure: Request deletion of your personal data ("right to be forgotten"). We will process deletion requests within 30 days.
  • Right to data portability: Request your data in a machine-readable format
  • Right to restrict processing: Request limitation of how your data is processed
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for biometric data processing at any time

To exercise any of these rights, please contact our Data Protection Officer at the address provided below.

6. Cookies

We use essential cookies that are strictly necessary for the operation of our service, including:

  • Authentication session cookies
  • CSRF protection tokens

We do not currently use analytics, advertising, or tracking cookies. If this changes, we will update this policy and implement a cookie consent mechanism.

7. Contact Information

For any questions regarding this Privacy Policy or to exercise your data protection rights, please contact:

Data Protection Officer
[COMPANY NAME]
[ADDRESS]
Email: privacy@[DOMAIN]

You also have the right to lodge a complaint with your local data protection supervisory authority.