Cheap Professional Headshots ("the app", "we", "us") is operated by Richard Morgan. This policy explains what we collect, why, who we share it with, how long we keep it, and your choices. By using the app you agree to this policy and to the in-app face-data consent you give before your first scan. Contact: silkyrich@gmail.com.
When you create a "look", the app uses your device's TrueDepth camera to capture a short guided scan (still images and on-device facial geometry such as head pose and eye state). This is biometric information.
Stored on our backend for up to 30 days so you can download them across sessions, then automatically deleted. Copied to your iCloud (under your Apple ID, which we cannot access) and saved to your Photos when you choose to keep an image.
If you use Sign in with Apple, we receive the identifier Apple provides (and, only if you choose to share it, an email — which may be Apple's private relay). If you sign in with email, we store your email address for authentication.
Headshot packs are Apple in-app purchases. Apple processes payment; we never receive your card or payment details. We receive an Apple-signed receipt, which we verify to credit your account, and we keep a record of your credit balance and usage.
If you allow notifications, we store a push token for your device so we can tell you when a headshot pack is ready. Invalid tokens are deleted.
We do not collect analytics or advertising data.
We do not knowingly collect data from anyone under 16. The app is not directed to children.
To keep the service safe, reference photos are automatically screened by an AI moderation system before generation. We do not review your photos manually except where required to investigate abuse or comply with law.
| Provider | What they handle | Where |
|---|---|---|
| Apple | Sign in with Apple, in-app purchases, push delivery, iCloud storage of your headshots | Per Apple's terms |
| Supabase | Authentication, credits ledger, temporary storage/delivery of generated headshots | EU (France) |
| OpenAI | AI image generation and reference-photo moderation | United States |
Reference photos are sent to OpenAI in the United States at the moment of generation. This international transfer relies on Standard Contractual Clauses and OpenAI's API data policy, under which API inputs and outputs are not used to train their models. We do not sell personal data or share it with advertisers or data brokers.
| Data | Retention |
|---|---|
| Live face scan / depth data | Never leaves your device; not retained by us |
| Reference photos | On your device until you delete them; not retained on our servers after generation |
| Generated headshots (our backend) | Up to 30 days, then automatically deleted |
| Generated headshots (your iCloud / Photos) | Kept by you, under your control |
| Account + credits ledger | Until you delete your account |
| Push token | Until it expires or you disable notifications |
Depending on where you live (e.g. EU/UK under GDPR, California under CCPA/CPRA, Illinois under BIPA), you may have rights to access, correct, delete, port, or object to the processing of your data, and to withdraw consent. To exercise these, contact us. Legal basis (EU/UK): we process your face/biometric data on the basis of your explicit consent, given in the app before your first scan and withdrawable at any time; we process account, purchase, and delivery data to perform our contract with you.
Headshots are encrypted in transit and at rest, access is restricted to your own account, our AI provider's key is held only on our server (never in the app), and purchases are verified with Apple-signed cryptographic receipts. No system is perfectly secure, but we work to protect your data and limit what we collect.
We may update this policy as the app evolves, posting the new version with a revised effective date and, for material changes affecting biometric data, seeking your consent again where required.
Questions or requests: silkyrich@gmail.com.