HeadshotKit

Privacy Policy

Last updated: May 2026

HeadshotKit handles biometric data — your face. We've built every layer of the app with that responsibility in mind. Here's exactly what we collect, why, and what we never do.

What we collect

Selfies you upload. The 15-20 photos you submit to generate a headshot pack. Stored in our private storage during generation, then deleted within 24 hours of the job completing.
Generated headshots. The outputs we produce. Linked to your account so you can re-download them from any device. Available for 90 days; you can delete them sooner from the Gallery tab.
Account. Sign in with Apple gives us an opaque identifier (Apple's "sub" claim) and, if you choose, your name and email. We never see your Apple ID password.
Profile. Your gender and Fitzpatrick skin-tone band — used to calibrate lighting per pack. Stored as numeric values, not free text.
Subscription state. Transaction identifiers from Apple so our backend can verify Pro entitlement. We never see your card details.

What we never do

Train AI models on your selfies. The image-generation model we use is general-purpose; your photos are inputs, not training data.
Sell or share your photos with anyone — including the AI model provider beyond the single API call needed to generate your headshots.
Ship third-party tracking SDKs.
Retain your selfies after 24 hours from generation completion.

How long we keep things

Input selfies: 24 hours after generation completes. Generated headshots: 90 days, then auto-purged unless you've explicitly saved them to your Photos library (which is just iCloud — outside our system). Account record: until you sign out.

Service providers

We use Apple for App Store, push notifications, and authentication. We use a single image-generation API to produce the actual headshots — your selfies are sent to that provider only during generation and not retained by them per their API terms. Backend infrastructure is hosted on Cloudflare.

Children

HeadshotKit is not for users under 17 — generated portraits could be misused. We don't knowingly accept accounts from children.

Your controls

Sign out from Settings to revoke our token. Email hello@headshotkit.app to request full deletion of all data associated with your account; we respond within 30 days.

Contact

hello@headshotkit.app