Privacy Policy

LAST UPDATED: MARCH 2026

1. What We Collect

LuxShot collects face reference photos you upload, your email address (via Clerk authentication), and payment information processed by Stripe. Face photos are encrypted at rest (AES-256) and accessible only via time-limited signed URLs.

2. How We Use Your Data

Your face photos are used solely for AI portrait generation within your account. They are never shared with third parties, used for model training, or accessed by other users. Generated images are stored on Cloudflare R2 and served via signed URLs.

3. Third-Party Processors

We use the following services to operate LuxShot: Clerk (authentication), Stripe (payments), fal.ai (AI inference), Cloudflare R2 (image storage), and Resend (email). Each processor handles only the minimum data necessary for their function.

4. Data Retention

Generated portraits are stored for the duration of your plan's retention period (7 days free, 90 days Creator). Face reference photos are deleted within 24 hours of account deletion. Consent records are retained for 6 years per GDPR and BIPA requirements.

5. Your Rights

You can delete your account and all associated data at any time from your profile settings. For data export requests or questions about your data, contact privacy@luxshot.app.

6. Consent

Before storing any face photos, we require explicit affirmative consent via an in-app checkbox. This consent is logged with a timestamp, IP address, and consent text hash. You may withdraw consent by deleting your photos, which permanently removes them from our storage.

Privacy questions? Contact us at privacy@luxshot.app