Privacy Policy
Last Updated: November 15, 2025
1. Introduction
Welcome to TeamShotsPro (“we,” “our,” or “us”). We operate teamshotspro.com and photoshotspro.com (collectively, the “Services”).
We are committed to protecting your data. This policy outlines how we handle your personal and biometric information. We operate under strict data protection principles aligned with the Swiss Federal Act on Data Protection (FADP) and the GDPR.
2. Information We Collect
A. Account & Team Data
Identity: Name, email address, password (hashed), and language preference.
Team Data: For teamshotspro.com users, we store team names, roles, and member email addresses managed by Team Admins.
B. Biometric & Image Data
Important: By uploading photos to our Service, you provide explicit consent for us to process your biometric data (facial features) as required under GDPR Article 9 for special category data. This processing is necessary to provide the AI headshot generation service you have requested.
Input Data: We collect the photos (“Selfies”) you upload for the purpose of generating professional headshots.
Process Data: Our AI analyzes facial features in your uploads to map them onto professional styles. We do not use your photos to train any AI models. Your images are processed solely to generate your specific outputs and are not used for model improvement or training.
Output Data: We store the resulting AI-generated images. All generated images are AI-created and are not real photographs.
Content Moderation: Uploaded photos are automatically scanned using AI to detect and reject inappropriate content. This includes, but is not limited to: nudity, sexually explicit material, violent imagery, hate symbols, and content depicting minors. This moderation happens before processing and no inappropriate images are stored.
C. Financial Data
We use Stripe for payment processing. We do not store your credit card details. We only retain a transaction ID and customer reference number to manage your purchases.
3. Infrastructure & Data Transfer
To provide high-performance AI services, your data flows through specific top-tier providers across different jurisdictions. By using the Service, you consent to these transfers:
| Data Type | Provider | Location | Purpose |
|---|---|---|---|
| Hosting & Storage | Hetzner Online GmbH | Germany (EU) | Secure storage of photos and database. |
| AI Processing | Google Cloud (Vertex AI) | USA | Image generation. |
| Payments | Stripe | USA/Global | Payment processing. |
| Emails | Resend | USA | Transactional emails. |
| Analytics | PostHog | EU/USA | Usage analytics. |
For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as implemented by our service providers:
4. Cookies & Tracking
We use the following cookies and tracking technologies:
Essential Cookies: Session and authentication cookies required for the Service to function (Auth.js).
Analytics: We use PostHog to understand how users interact with our Service and improve the user experience.
Payment: Stripe sets cookies necessary for secure payment processing.
5. Data Retention Policy
All uploaded selfies and generated photos are retained as long as your account exists. You may request account deletion at any time, at which point all your data will be permanently deleted within 30 days of your request.
6. Your Rights
Under GDPR and FADP, you have the following rights regarding your personal data:
- Access & Export: Request a copy of your photos and personal data we hold about you.
- Rectification: Update or correct inaccurate account information.
- Erasure (“Right to be Forgotten”): Request deletion of your account and all associated data.
- Restriction: Request that we limit how we process your data in certain circumstances.
- Data Portability: Receive your data in a structured, commonly used, machine-readable format.
- Objection: Object to processing of your personal data in certain circumstances.
- Withdraw Consent: Withdraw your consent for biometric data processing at any time by deleting your account.
How to Exercise Your Rights: Contact us using the details in Section 8. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.
7. Security
We employ enterprise-grade security measures including:
- Encryption in Transit: All data transmitted to and from our servers is protected using SSL/TLS encryption.
- Encryption at Rest: Stored data is encrypted using industry-standard AES-256 encryption.
- Access Controls: Strict role-based access controls limit who can access your data.
- Secure Infrastructure: Our hosting provider (Hetzner) maintains ISO 27001 certification.
While we strive for maximum security, no internet transmission is completely invulnerable. In the event of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
8. Contact
For privacy concerns, please contact us at:
- Teams: [email protected]
- Individuals: [email protected]
See also: Terms of Service