Privacy Policy

Blindspot Studio LLC (“Company,” “we,” “us,” or “our”) operates Blindspot (the “Service”), an AI-powered headshot generator. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Because Blindspot processes facial photos, we take your privacy especially seriously. By using the Service, you consent to the data practices described below. If you do not agree, please discontinue use of the Service.

a. Information You Provide

• Account information: Email address used for authentication and account management.
• Uploaded photos: Reference photos of your face that you upload as input to generate headshots.
• Onboarding inputs: Optional information such as gender and selected style, used solely to improve generation quality.
• Payment information: Billing details provided during checkout. Payment card details are processed directly by Stripe and are never stored on our servers.

b. Information Collected Automatically

• Usage data: Browser type, device information, pages visited, and general interaction patterns with the Service, collected via Mixpanel for product analytics.
• Authentication tokens: Session data used to keep you signed in securely.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate AI headshots from your uploaded photos in the style you select
• Process payments and manage your purchases
• Send transactional emails (e.g. authentication codes, payment confirmations, generation status)
• Detect, prevent, and address fraud, abuse, or technical issues
• Understand aggregate product usage to improve the Service
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your photos for advertising or marketing.

We use the following third-party services to operate Blindspot. Each processes data only as necessary to provide their respective functionality:

Each third-party service is subject to its own privacy policy. We encourage you to review their policies for more information on how they handle data.

Photos you upload are sent to our AI provider (fal.ai) for the sole purpose of generating your headshots. We do not use facial-recognition matching, identity verification, or any biometric identifier extraction on your photos.

We do not sell, share, or license your photos to advertisers, data brokers, or other third parties. Your photos are used only to deliver the Service to you.

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Uploaded photos and generated headshots are stored in your account so you can re-download them. They are deleted when you delete your account, or upon your written request to hello@blindspot.studio.
• Account data is retained until you delete your account.
• Payment records are retained as required by applicable tax and financial regulations, even after account deletion.
• Usage data is retained in aggregated, anonymized form for analytics purposes.

When you delete your account or request photo deletion, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of data at rest
• Secure, token-based authentication
• Limited access to personal data on a need-to-know basis

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security.

Blindspot uses essential cookies and local storage for authentication, session management, and product analytics via Mixpanel. We do not use third-party advertising cookies, ad pixels, or cross-site behavioral tracking.

Depending on your location, you may have the following rights regarding your personal data:

For all users

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your uploaded photos, generated headshots, or your entire account.
• Data portability: Download your generated headshots at any time from the Service.

For California residents (CCPA)

• Right to know what personal information is collected and how it is used.
• Right to request deletion of your personal information.
• Right to opt out of the sale of personal information. Note: we do not sell personal information.
• Right to non-discrimination for exercising your privacy rights.

For EEA/UK residents (GDPR)

• All rights listed above, plus the right to restrict processing and the right to object to processing.
• Our legal basis for processing your data is (a) your consent when you create an account and upload photos, (b) contractual necessity to provide the Service, and (c) legitimate interests in improving and securing the Service.
• You may withdraw consent at any time by deleting your account.

To exercise any of these rights, contact us at hello@blindspot.studio. We will respond within 30 days.

Your data may be processed and stored in the United States and other countries where our third-party service providers operate. By using the Service, you consent to the transfer of your data to these locations, which may have data protection laws that differ from those in your jurisdiction.

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information or photos from children under 16. If we learn that we have collected data from a child under 16, we will take steps to delete that information promptly. You also agree not to upload photos of any minor under 16, including yourself if you do not meet this age requirement.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: