Home

Privacy Policy

Last updated: 14 April 2026

1. Who We Are

ProfilePics (profilepics.app) is operated by Nira Labs. We provide AI-powered professional headshot generation services. This policy explains how we collect, use, and protect your information.

2. Information We Collect

Account information: Email address and name when you sign up via Google OAuth or email.

Photos you upload: Selfies and reference images you provide for headshot generation.

Generated images: AI-generated headshots created from your photos.

Payment information: Processed by Stripe. We never see or store your card number.

Usage data: Pages visited, features used, and session data via PostHog analytics.

3. How We Use Your Photos

Your photos are used solely to generate headshots for you. We do not use your photos to train general AI models. Your photos are not shared with other users. Uploaded photos and generated images are stored in AWS S3 (ap-south-1 region) and are accessible only to your account.

4. Third-Party Services

We use the following services to operate ProfilePics:

  • Supabase — authentication and database
  • fal.ai / Replicate — AI image generation (your photos are sent to generate headshots)
  • AWS S3 — photo storage
  • Stripe — payment processing
  • PostHog — analytics (anonymized usage data)
  • Vercel — frontend hosting
  • Render — backend hosting

5. Data Retention

Your uploaded photos and generated images are retained for as long as your account is active. You can request deletion of your data at any time by contacting us. Upon account deletion, your photos and generated images will be permanently removed within 30 days.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Download your generated images at any time
  • Opt out of analytics tracking

7. Cookies

We use essential cookies for authentication and session management. PostHog uses cookies for anonymous analytics. We do not use advertising or tracking cookies from third parties.

8. Security

We use HTTPS encryption for all data in transit. Photos are stored in encrypted S3 buckets. Authentication is handled via Supabase with JWT tokens. Payment data is handled entirely by Stripe (PCI-DSS compliant).

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or a notice on our website.

10. Contact

Questions about this policy? Contact us at support@profilepics.app