Effective Date: December 29, 2025
Last Updated: December 29, 2025
PortraitAI ("we," "our," or "us") operates the website myfamilyphotos.ai (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered family portrait generation service. By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
We collect personal information that you voluntarily provide to us when you register for an account, make a purchase, or otherwise interact with our Service. This information may include:
Account Information: Your name, email address, and authentication credentials (provided through Google OAuth or other third-party authentication providers).
Payment Information: Payment card details, billing address, and transaction history. Payment information is processed securely through Stripe, our third-party payment processor. We do not store complete payment card numbers on our servers.
Profile Information: Any additional information you choose to provide in your user profile.
Uploaded Images: When you upload photographs to generate AI portraits, we collect and temporarily store these images. Uploaded images are stored securely in encrypted cloud storage (Amazon S3 or equivalent) and are used solely for the purpose of generating your requested portraits.
Generated Portraits: AI-generated portrait images created from your uploads are stored in your account gallery and remain accessible to you unless you choose to delete them.
Usage Data: We automatically collect information about your interaction with the Service, including IP address, browser type, device information, operating system, pages visited, time spent on pages, access times, and referring website addresses.
Cookies and Tracking Technologies: We use cookies, web beacons, and similar tracking technologies to enhance user experience, analyze usage patterns, and deliver personalized content. You may disable cookies through your browser settings, though this may limit certain features of the Service.
Analytics Data: We use analytics services to collect aggregated, anonymized data about Service usage, including page views, user flows, and feature engagement metrics.
We use the collected information for the following purposes:
Service Delivery: To process your orders, generate AI portraits, deliver digital products, and provide customer support.
Account Management: To create and maintain your user account, authenticate your identity, and manage your subscription or purchase history.
Payment Processing: To process transactions, prevent fraud, and maintain financial records in compliance with applicable laws.
AI Model Processing: To input your uploaded images into our AI generation models for the sole purpose of creating your requested portraits. We do not use your images to train or improve our AI models without your explicit consent.
Communication: To send you transactional emails (order confirmations, generation completion notifications, account updates) and, with your consent, promotional communications about new features or special offers.
Service Improvement: To analyze usage patterns, identify technical issues, optimize performance, and develop new features based on aggregated, anonymized data.
Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, and to enforce our Terms of Service.
Security and Fraud Prevention: To detect, prevent, and address technical issues, fraudulent activity, and violations of our Terms of Service.
Uploaded Images: Original uploaded images are retained for thirty (30) days after portrait generation, after which they are automatically and permanently deleted from our servers unless you explicitly request earlier deletion.
Generated Portraits: AI-generated portraits remain in your account gallery indefinitely unless you delete them or close your account.
Account Information: Account data is retained for as long as your account remains active. Upon account closure, personal information is deleted within ninety (90) days, except where retention is required by law.
Transaction Records: Payment and transaction records are retained for seven (7) years to comply with financial record-keeping requirements and tax regulations.
Analytics Data: Aggregated, anonymized analytics data may be retained indefinitely for statistical and research purposes.
We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:
Service Providers: We engage trusted third-party service providers to perform functions on our behalf, including cloud hosting (AWS/S3), payment processing (Stripe), authentication services (Google OAuth), email delivery, and analytics. These providers have access to personal information only as necessary to perform their functions and are contractually obligated to maintain confidentiality and security.
AI Processing Partners: Uploaded images are processed through our AI generation infrastructure, which may utilize third-party AI model providers. These providers are bound by strict data processing agreements and are prohibited from using your images for any purpose other than generating your portraits.
Legal Requirements: We may disclose your information if required to do so by law, court order, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to government requests.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections outlined in this Policy.
With Your Consent: We may share your information for any other purpose with your explicit consent.
We implement industry-standard security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols. Uploaded images and generated portraits are encrypted at rest using AES-256 encryption.
Access Controls: Access to personal information is restricted to authorized personnel who require access to perform their job functions and are bound by confidentiality obligations.
Secure Infrastructure: Our servers and databases are hosted in secure, SOC 2 compliant data centers with physical and network security controls.
Regular Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security risks.
Payment Security: Payment information is processed through PCI-DSS compliant payment processors and is never stored on our servers in unencrypted form.
Despite our security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, and you acknowledge that you provide information at your own risk.
Depending on your jurisdiction, you may have the following rights regarding your personal information:
Access: You may request a copy of the personal information we hold about you.
Correction: You may request correction of inaccurate or incomplete personal information.
Deletion: You may request deletion of your personal information, subject to legal retention requirements.
Portability: You may request a machine-readable copy of your personal information for transfer to another service.
Objection: You may object to certain processing of your personal information, including for direct marketing purposes.
Restriction: You may request restriction of processing in certain circumstances.
Withdrawal of Consent: Where processing is based on consent, you may withdraw consent at any time.
To exercise these rights, please contact us at [email protected]. We will respond to your request within thirty (30) days. We may require verification of your identity before processing your request.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share personal information.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell personal information.
Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.
To exercise your CCPA rights, contact us at [email protected] or call 1-800-XXX-XXXX.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):
Legal Basis for Processing: We process your personal information based on (1) your consent, (2) performance of a contract with you, (3) compliance with legal obligations, or (4) our legitimate interests in providing and improving the Service.
Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at [email protected].
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority.
International Transfers: We transfer personal data from the EEA to the United States and other countries. We rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection.
The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at [email protected], and we will delete such information from our systems.
The Service may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services before providing them with personal information.
We reserve the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting the updated Policy on the Service. We will notify you of material changes via email or prominent notice on the Service. Your continued use of the Service after changes constitutes acceptance of the updated Policy. We encourage you to review this Policy periodically.
The Service is operated from Florida, United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in Florida, United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to Florida, United States.
Some web browsers transmit "Do Not Track" (DNT) signals. We do not currently respond to DNT signals, as there is no industry standard for how to interpret and respond to such signals.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: [email protected]
Acknowledgment: By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.