Skip to main content

Privacy Policy

Last updated: May 2026

1. Information We Collect

Photos you upload: You upload selfies for AI model training. These images are processed ephemerally and stored only until automatic deletion (30 days after order completion).

Account data: Email address, hashed password, and Stripe payment identifiers. We never store raw credit card numbers.

Biometric data: Our AI processes facial features (eye spacing, jawline, skin tone) solely to generate headshots. We do not create biometric profiles, perform facial recognition, or share biometric data with third parties. All biometric feature vectors are deleted within 30 days per our automatic purge policy.

Usage data: Page views, feature interactions, and conversion events via Vercel Analytics and optional PostHog. No personal data is tied to analytics events.

2. How We Use Your Data

  • Train a custom LoRA AI model to generate your headshots
  • Deliver your generated headshots via email and dashboard
  • Process payments and issue refunds through Stripe
  • Send order confirmations and delivery notifications
  • Improve our service quality through aggregated analytics

3. Data Retention & Deletion

All uploaded photos, trained AI models, and generated headshots are automatically and permanently deleted 30 days after your order is completed. You may request earlier deletion by contacting hello@truzot.com. Stripe retains payment records for 7 years per financial regulations.

4. Third-Party Processors

  • fal.ai — AI model training and image generation. Images are processed in-memory and not retained.
  • Stripe — Payment processing. Truzot never sees your full card number.
  • Supabase — Database and file storage (encrypted at rest).
  • Resend — Transactional email delivery.
  • Vercel — Hosting and edge functions.

5. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the right to access, correct, delete, or port your data. To exercise these rights, email hello@truzot.com. We respond within 30 days.

6. Cookies

We use essential cookies for authentication and session management. Optional analytics cookies (PostHog) are set only if you consent. No advertising or tracking cookies are used.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). We enforce row-level security in Supabase to isolate user data. Our AI processing occurs in isolated environments and no user data is used for training our public models.

8. Contact

For privacy inquiries: hello@truzot.com