Privacy Policy

Name: Kaptura.ai AI Headshots
Brand: Kaptura.ai
Availability: InStock

Last updated: March 9, 2026

1. Data Controller

kaptura.ai (“we”, “our”, “us”) is an AI headshot generation service based in New York, United States. For any questions about data protection or this privacy policy, you can reach us at hello@kaptura.ai, which also serves as our data protection contact point.

2. Information We Collect

We collect the following types of information:

Account Information: Your email address, used for authentication and to send you notifications about your headshot orders.

Photos You Upload (including biometric data): The selfies you provide are used to train a personalized AI model that learns your facial features. This constitutes biometric data processing under applicable privacy laws. By uploading your photos and confirming at checkout, you provide explicit consent for this processing.

Payment Information: Payment processing is handled entirely by Stripe. We do not store your credit card details on our servers.

Usage Data: If you accept cookies, we collect analytics data via Google Analytics (GA4) to understand site traffic and improve our service. We also use Vercel Analytics, which is cookieless and collects anonymous performance data.

3. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

Consent: For processing your facial photographs and biometric data to train AI models and generate headshots. You may withdraw consent at any time by contacting us, though this will prevent us from providing the service.

Contract performance: For processing your email address, payment, and delivering the headshot generation service you purchased.

Legitimate interest: For anonymous analytics (Vercel Analytics) and essential security measures.

Consent: For non-essential cookies (Google Analytics), which are only loaded if you accept via our cookie banner.

4. How We Use Your Information

We use your information to provide and deliver our AI headshot generation service, send you email notifications about your order status (via Resend), process payments through Stripe, improve our service and user experience, and respond to your support requests.

5. Photo Data, Biometric Processing & AI

Your uploaded photos are used to train a personalized AI model (LoRA fine-tuning) that learns your facial features to generate professional headshots. This process involves biometric data processing — specifically, analysis of your facial geometry and characteristics. Your photos are processed through our AI partner (Astria) for model training and image generation. Your photos are not shared with other users or used to train general-purpose AI models. Your uploaded selfies are automatically deleted from our storage once your headshots are generated. The AI model trained on your photos is deleted by our AI partner within 30 days. All generated headshots are created using artificial intelligence, as indicated on the results page.

6. Data Storage & Security

Your data is stored securely using industry-standard cloud infrastructure. We implement appropriate security measures to protect your personal information. All data transmission is encrypted using HTTPS/TLS. Photos are temporarily stored on Vercel Blob (encrypted at rest) during processing.

7. International Data Transfers

Your data is processed by service providers located in the United States, including Vercel (hosting and blob storage), Supabase (database and authentication), Astria (AI image generation), Stripe (payment processing), and Resend (email delivery). If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with data transfer restrictions, your data will be transferred to the United States. These transfers are necessary for the performance of our contract with you (Art. 49(1)(b) GDPR) and are made with your explicit consent (Art. 49(1)(a) GDPR). Each provider maintains appropriate security measures and data processing standards.

8. Data Retention

Your uploaded selfies are automatically deleted from our storage once your headshots are generated. Our AI processing partner (Astria) retains training data and AI models for up to 30 days after generation, after which they are automatically deleted. Your generated headshots remain available for download through your account. Your account information (email) is retained for as long as your account is active. You may request deletion of all your data at any time by contacting us.

9. Third-Party Services

We use the following third-party services to provide our service: Stripe (payment processing — privacy policy), Supabase (authentication and database — privacy policy), Astria (AI image generation — privacy policy), Vercel (hosting and file storage — privacy policy), Resend (transactional emails — privacy policy), and Google Analytics (website analytics, only with your consent — privacy policy).

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.

Rectification: Request correction of inaccurate data.

Erasure: Request deletion of your data (“right to be forgotten”).

Withdraw consent: Withdraw your consent for biometric data processing at any time.

Data portability: Receive your data in a portable format.

Lodge a complaint: If you are in the EEA, you have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at hello@kaptura.ai. We will respond within 30 days.

11. Cookies

We use essential cookies for authentication and session management (these are necessary for the service to function). We use Google Analytics (GA4) for website traffic analysis — this is only loaded if you accept cookies via our cookie consent banner. We use Vercel Analytics for anonymous performance metrics (this is cookieless and does not require consent). We do not use advertising cookies or sell your data to advertisers.

12. Age Restriction

Our service is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If you are under 18, please do not use our service. If we learn that we have collected data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the “Last updated” date. For material changes affecting your biometric data processing, we will seek renewed consent.

14. Contact

If you have questions about this privacy policy, your data, or wish to exercise your rights, please contact us at hello@kaptura.ai.