Security & Privacy

1. Infrastructure & Encryption

HeadshotUp runs on a secure, globally distributed cloud infrastructure. We employ AES-256 encryption for all data at rest and TLS 1.3 for all data in transit. Our database and file storage systems are isolated within private networks, inaccessible from the public internet except through strictly controlled API gateways.

2. Facial Data & AI Privacy

We take the handling of biometric data extremely seriously.

• Zero Training Policy: We do NOT use your photos to train public foundational models. Your specific AI model (LoRA) is isolated to your account.
• Auto-Deletion: Original uploaded photos are automatically deleted from our servers after your model is successfully trained (typically within 24 hours).
• Model Retention: You have full control to delete your custom AI models at any time from your dashboard.

3. Payment Security

We do not store or process your credit card information directly. All payments are handled by Stripe, a PCI-DSS Service Provider Level 1 certified platform (the highest grade of payment processing security).

4. Compliance & Audits

Our internal processes are designed to align with SOC 2 Type II standards. We perform regular vulnerability scans and penetration testing to ensure our defenses remain robust against emerging threats.

5. Report a Vulnerability

If you believe you have found a security vulnerability in HeadshotUp, please contact our security team immediately at security@headshotup.com. We offer a bug bounty program for valid disclosures.