Privacy Policy

Effective Date: [May 2nd, 2025]

Last Updated: [May 18th, 2025]

1. Data Controller

The data controller is Kairos AI, registered in France. For full legal details, see our Legal Notice. For privacy inquiries, contact support@animephotoai.com.

2. Personal Data We Collect

  • Uploaded Photo: Your photo is temporarily stored on Vercel to enable the AI generation process. It is deleted from Vercel after the generation is complete (whether successful or failed) or by a periodic cleanup job. See Section 5 for more details on data retention.
  • Email Address: Collected to deliver your portrait.
  • Payment Information: Processed by Stripe; we do not store payment card data.
  • Usage Data: Automatic tracking via Vercel Analytics (page views, visits) and Stripe Dashboard (conversion metrics).

3. Purposes and Legal Basis

  • Service Delivery (contract): Processing your photo and payment to generate and email the portrait.
  • Consent: You consent by uploading your photo and providing your email.
  • Legitimate Interest: Basic analytics to improve the Service.

Section 4: Data Sharing with Third Parties

We share your personal data with third-party service providers, including:

  • A US-based AI service provider for processing uploaded photos to generate AI portraits.
  • Stripe for payment processing.
  • Resend for email delivery.
  • Vercel for website hosting, analytics, temporary photo storage, and temporary metadata storage.

Data transfers to third parties outside the EU, such as the AI service provider and Vercel, are conducted in compliance with GDPR requirements, including the use of appropriate safeguards like Standard Contractual Clauses.

5. Data Retention

  • Uploaded Photos: Your uploaded photo is stored temporarily in Vercel. It is automatically deleted by our system once the AI generation process is completed (either successfully or if it fails). Additionally, a fallback automated cleanup job runs periodically (every day) to delete any files older than an hour, ensuring no photo is retained longer than necessary. We do not store your photo persistently.
  • Generated Images: The AI-generated portrait is not stored by us. It is generated and sent directly to your email.
  • Temporary Metadata: We temporarily store metadata in Vercel, linking your session to the uploaded photo's temporary location and your email. This data has a Time-To-Live (TTL) and is automatically deleted after a short period, or when the processing is complete.
  • Email & Analytics Data: Retained as necessary to fulfill the Service and for compliance, then anonymized or deleted in accordance with GDPR.
  • Payment Records: Retained by Stripe per its policy.

6. Security Measures

We implement HTTPS everywhere, server-side API calls, environment-variable secret management, input validation, and rate limiting to protect your data.

7. Your Rights under GDPR

You have the right to:

  • Access and obtain a copy of your data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to processing.
  • Portability of your data.
  • Withdraw consent at any time (without affecting processing prior to withdrawal).

To exercise any right, contact support@animephotoai.com. You may also lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés).

8. Changes to This Policy

We may update this Privacy Policy; changes will be published here with a revised date.

9. Contact Information

Email: support@animephotoai.com

Legal Details: See Legal Notice