Privacy Policy

Last updated: June 11, 2026

1. Introduction

PortraitAI ("we", "our", "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using the Service, you agree to this policy.

2. Data We Collect

Account data

Name, email address, and password (hashed) when you create an account. If you sign in with Google, we receive your name, email, and profile photo from Google.

Photos you upload

Selfies and portrait photos you upload to train your character model. These are stored securely in encrypted cloud storage (Supabase) and are only accessible to you.

Generated images

AI-generated portraits produced by your character model, stored for your access in your gallery.

Usage data

Generation history, character model names, prompts you use, and feature usage to improve the Service and enforce plan limits.

3. How We Use Your Data

  • To provide the Service — training AI models, generating portraits, and displaying your gallery
  • To authenticate your account and maintain session security
  • To process payments via our payment provider (Paddle)
  • To send transactional emails (account confirmations, billing receipts)
  • To enforce usage limits on free and paid plans
  • To improve the Service and troubleshoot issues

We do not use your uploaded photos to train any shared AI model. Your photos are used exclusively to train your personal character model.

4. Third-Party Services

We use the following third-party processors to operate the Service:

  • Supabase — database, authentication, and file storage. Your photos and account data are stored on Supabase infrastructure.
  • Higgsfield AI— AI model training and image generation. Your uploaded photos and prompts are sent to Higgsfield to create your character model and generate portraits. Higgsfield's privacy policy governs their handling of this data.
  • Paddle — payment processing and subscription management. Paddle acts as the merchant of record and processes all payment data. We do not store your card details.
  • Google — optional OAuth login via Google Sign-In.

5. Data Retention

We retain your account data and generated images for as long as your account is active. If you delete your account, we delete your personal data and uploaded photos within 30 days, except where we are required to retain it for legal or financial compliance.

You can request deletion of your uploaded training photos at any time from your account settings without deleting your account.

6. Security

We use industry-standard security practices: encrypted storage, HTTPS for all data in transit, row-level security on the database, and private storage buckets for your photos. Despite these measures, no system is completely secure and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive a copy of your data)

To exercise these rights, email us at privacy@portraitai.app.

8. Cookies

We use only essential cookies required for authentication and session management (set by Supabase). We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not directed to anyone under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with their data, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you via email or an in-app notice for material changes. The "last updated" date at the top reflects the most recent revision.

11. Contact Us

For privacy questions or requests, contact us at privacy@portraitai.app.