Privacy Policy
Last Updated: April 2026
Studio10 ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI headshot generation service ("Service").
Please read this Privacy Policy carefully. By using the Service, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
Images: When you use our Service, you upload photographs. These images are processed to generate AI headshots. We store your original uploaded images and the generated images temporarily.
Photographs and AI Processing: When you upload a photograph, we store the image file and send it to third-party AI systems to generate your headshot. We do not extract, compute, or store biometric identifiers, biometric signatures, or facial geometry data. However, the third-party AI systems we use may internally analyze facial features as part of the image generation process. We only store the original photograph you upload and the AI-generated images. Should applicable laws or court interpretations expand the definition of biometric data to encompass this type of processing, we will update this policy accordingly.
Payment Information: When you make a purchase, our payment processor (Stripe) collects payment card details. We do not store your full payment card information on our servers. We receive only limited information such as the last four digits of your card and billing address for transaction records.
Email Address: If you provide an email address during checkout or sign-up, we collect and store it to:
- Send you download links for your generated images
- Provide customer support
- Send transactional communications
1.2 Information Collected Automatically
Usage Data: We automatically collect certain information when you use the Service, including:
- Browser type and version
- Device type
- Operating system
- Pages visited and time spent
- Referring website
- IP address
Cookies and Tracking: We use cookies and similar technologies to:
- Maintain your session
- Remember your preferences
- Analyze Service usage
- Improve our Service
2. How We Use Your Information
We use the information we collect to:
- Provide the Service: Process your uploaded images and generate AI headshots
- Process Payments: Complete transactions and send receipts
- Improve the Service: Analyze usage patterns and optimize performance
- Communicate: Send transactional emails, respond to inquiries, and provide customer support
- Ensure Security: Detect and prevent fraud, abuse, and security incidents
- Comply with Law: Meet legal obligations and respond to lawful requests
3. Data Sharing and Disclosure
3.1 Third-Party Service Providers
We share your information with third-party service providers who perform services on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database and file storage | Uploaded images, generated images, generation records |
| fal.ai | AI image generation | Uploaded images (temporarily for processing) |
| Stripe | Payment processing | Payment details, email, billing address |
| Vercel | Web hosting and analytics | Usage logs, IP addresses, page views, device information |
| Google (Gemini API) | AI image generation | Uploaded images and text prompts (temporarily for processing) |
| Anthropic (Claude API) | AI text analysis | Text prompts (no images) |
| Sentry | Error monitoring and performance | Error logs, browser information, IP addresses |
These providers are contractually obligated to protect your information and use it only for the purposes we specify.
3.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
3.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
3.4 With Your Consent
We may share your information for other purposes with your explicit consent.
4. Data Storage and Retention
4.1 Storage Location
Your data is stored on servers located in the United States through our service providers (Supabase and Vercel).
4.2 Retention Periods
| Data Type | Retention Period |
|---|---|
| Uploaded images | 30 days after generation, then deleted |
| Generated images (unpaid) | 7 days, then deleted |
| Generated images (paid) | 90 days, then deleted (download promptly) |
| Payment records | As required by law (typically 7 years) |
| Account information | Until you request deletion |
| Usage logs | 90 days |
4.3 Data Deletion
After the retention periods specified above, data is automatically deleted from our systems. You may request earlier deletion by contacting us (see Section 8).
5. Data Security
We implement appropriate technical and organizational measures to protect your information, including:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Access controls limiting who can access your data
- Regular security assessments
- Secure authentication for our systems
However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Your Privacy Rights
Depending on your location, you may have the following rights:
6.1 Access and Portability
You have the right to request a copy of the personal information we hold about you.
6.2 Correction
You have the right to request correction of inaccurate personal information.
6.3 Deletion
You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements).
6.4 Opt-Out
You may opt out of marketing communications at any time by clicking the "unsubscribe" link in our emails.
6.5 Do Not Track
Our Service does not currently respond to "Do Not Track" signals.
6.6 Exercising Your Rights
To exercise any of these rights, please contact us at support@studio10.ai. We will respond to your request within 30 days.
6.7 Image Removal (Third-Party Requests)
If your likeness has been uploaded without your consent, you may request removal by emailing support@studio10.ai. See our Terms of Service, Section 15, for the full removal process. Valid requests are processed within 48 hours.
7. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us.
8. International Data Transfers
If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers and service providers are located.
By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
9. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
- Right to Delete: You can request deletion of your personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
- Right to Opt-Out of Sale: We do not sell your personal information.
To exercise your CCPA rights, contact us at support@studio10.ai.
10. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
Our legal basis for processing your personal data includes:
- Consent: When you upload images and agree to our Terms
- Contract: To provide the Service you've requested
- Legitimate Interests: To improve our Service and ensure security
Special Category Data: Facial photographs may constitute special category data under GDPR Article 9 when processed by AI systems. While we do not extract or store biometric identifiers ourselves, we obtain your explicit consent (Article 9(2)(a)) via the consent checkbox before any image is uploaded, as a precautionary measure.
International Data Transfers: Your data is transferred to the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers.
Sub-processor Agreements: We maintain Data Processing Agreements (DPAs) with our sub-processors (Supabase, fal.ai, Stripe, Vercel, Google, Anthropic, Sentry) that include appropriate data protection obligations.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully.
To exercise your GDPR rights, contact us at support@studio10.ai.
11. Illinois Biometric Information Privacy Act (BIPA)
If you are an Illinois resident, we provide the following disclosures under the Illinois Biometric Information Privacy Act (740 ILCS 14):
What we collect: We collect and store photographs that you upload. We do not extract, compute, or store biometric identifiers, biometric signatures, or facial geometry data. Your photographs are sent to third-party AI systems for headshot generation, and those systems may internally analyze facial features as part of their processing.
Purpose: Your photographs are used exclusively to generate AI headshots through our Service. We do not use your photographs for any other purpose.
Disclosure to third parties: Your photographs are shared with our AI processing providers (see Section 3.1) solely for the purpose of generating your headshot. No other third parties receive your photographs.
Retention and destruction: Uploaded images follow the retention schedule in Section 4.2 and are permanently deleted 30 days after generation. You may request earlier deletion at any time by contacting support@studio10.ai.
No sale or profit: We do not sell, lease, trade, or otherwise profit from your photographs or any data derived from them.
Consent: Before uploading any image, you are required to provide informed consent via an explicit consent checkbox. You may withdraw consent at any time by contacting us, at which point we will delete your photographs and generated images.
Your rights: You have the right to request deletion of your photographs and generated images at any time. To exercise this right, contact support@studio10.ai.
12. Third-Party Links
Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
You are advised to review this Privacy Policy periodically for any changes. Changes are effective immediately upon posting.
14. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Studio10
Email: support@studio10.ai
For data deletion requests or privacy concerns, please include "Privacy Request" in the subject line of your email.
By using Studio10, you acknowledge that you have read and understood this Privacy Policy.