At AiHeadshots, protecting customer data is a top priority. This page describes the safeguards we use to defend against unauthorized access, use, alteration, or disclosure of the data you trust us with. It should be read alongside our Terms of Service, Privacy Notice, and Data Management & Retention policy.
Incident response
We maintain formal procedures for security events, and staff are trained on them. Incidents trigger rapid escalation and team assembly; we conduct post-incident analyses and act on what we learn. If we verify a security breach affecting your data, we will provide prompt written notification to affected customers.
Encryption & data transfer
The service is delivered over HTTPS end to end. All data in transit is encrypted using industry-standard TLS. Sensitive data at rest is encrypted using AES-256. Your uploaded photos are transmitted and stored encrypted.
Infrastructure security
AiHeadshots runs entirely on cloud infrastructure — we operate no physical servers of our own. Customer data is stored in reputable cloud environments with strict logical separation between tenants, and we follow industry-standard hardening practices. Comprehensive backups support disaster recovery. See our Sub-processors page for the providers involved.
Authentication & access control
Access to production systems and developer tooling is protected with strong password requirements and two-factor authentication. Access to customer data is limited to a legitimate business need and is logged.
Build & deployment
Deployments are fully automated, which lets us ship security patches within minutes rather than days. Changes move through version control and review before reaching production.
Monitoring & logging
We actively monitor our applications for errors and anomalies so issues are identified and resolved quickly. Access to applications and production consoles is logged.
Payments
All payments are processed securely through Stripe. AiHeadshots never stores your full card details on its own systems.
Your responsibilities
As a customer, you help keep your account secure when you:
- Use a strong, unique password and keep your credentials private.
- Comply with our Terms of Service and applicable laws.
- Promptly report any compromised credentials or suspected security incident.
- Obtain written authorization before performing any security testing against the service.
Reporting a vulnerability
If you believe you have found a security vulnerability, please email hello@aiheadshots.ai with the details. We appreciate responsible disclosure and will investigate every report.