AI HEADSHOT

Privacy Policy

Last updated: April 18, 2026

AI Headshot does not collect personal data, does not create user profiles, and does not use any tracking or analytics tools.

1. Data Controller

Kojalytics
Farzad Khojazada, sole proprietorship
Am Diggen 40i, 21077 Hamburg, Germany
Email: support@kojalytics.com
Website: kojalytics.com

2. What Data Is Processed?

AI Headshot only processes data strictly necessary for generating AI portraits:

  • Reference Photos: The photos you select (max 10) are transmitted to our server and forwarded to the third-party AI service Google Gemini API for generation.
  • Portrait Settings: Your chosen style options (style, framing, background).
  • Purchase Data: Transaction IDs for in-app purchases are stored locally on your device. Payment processing is handled exclusively by Apple.

Important: Before your photos are transmitted to the AI service for the first time, the app will ask for your explicit consent. Without your approval, no photos will be sent to third parties.

3. What Is NOT Collected?

  • No user accounts or registration required
  • No email addresses, names, or phone numbers
  • No location data
  • No analytics or tracking (no Google Analytics, Firebase, etc.)
  • No advertising or ad networks
  • No data sharing with third parties for marketing

4. How Are Your Photos Processed?

  • Encrypted HTTPS/TLS transmission to our server (Supabase, EU region).
  • Third-Party AI Service: Your reference photos are forwarded to the Google Gemini API (Google Ireland Limited) for image generation.
  • Legal basis: Art. 6(1)(a) and Art. 9(2)(a) GDPR (explicit consent).
  • After generation, reference photos are deleted from both our server and Google.
  • Generated portraits are provided via time-limited, signed URLs.

5. Data Storage

On Your Device:

  • Generated portraits and previews in app storage
  • Purchase receipts and settings in encrypted iOS Keychain
  • Vault data with automatic expiration (24 hours to 30 days per package)

On Our Server:

  • Reference photos are deleted after processing
  • Generated portraits stored temporarily, accessible only via time-limited URLs
  • Job metadata (status, timestamps) — without personal reference

6. Third-Party Services

  • Google Gemini API: AI image generation. Your photos are transmitted for generation only after your consent. Google processes data per the Google Privacy Policy. Photos are deleted at Google after processing.
  • Supabase: Backend infrastructure for secure data processing. Servers in the EU (Frankfurt).
  • Apple StoreKit: For in-app purchases. Apple processes payment data per the Apple Privacy Policy.

7. Data Security

  • All data transfers encrypted via HTTPS
  • Local data encrypted in iOS Keychain
  • Access to portraits only via time-limited, signed URLs
  • Protection through unique, non-guessable job IDs

8. Your Rights (GDPR)

As an EU user, you have the following rights:

  • Access: Information about stored data
  • Deletion: Deletion of your data
  • Objection: Object to processing
  • Data Portability: Data in a common format

Since AI Headshot doesn't use user accounts, no personal data is stored permanently. For inquiries, contact: support@kojalytics.com

9. Device Permissions

  • Photo Library (Read): To select reference photos
  • Photo Library (Write): To save generated portraits

No additional permissions required (no camera, microphone, location, or contacts access).

10. Children

AI Headshot is not directed at children under 16. We do not knowingly collect data from children.

11. Changes to This Privacy Policy

We reserve the right to update this policy. The current version is always available at this URL.

12. Contact

For privacy-related questions: support@kojalytics.com

Privacy questions?

support@kojalytics.com