1. Introduction
Welcome to Selfie Bump ("we," "our," or "us"). We are committed to protecting your privacy and being transparent about how we handle your personal information.
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service"). Please read this policy carefully. By using Selfie Bump, you agree to the collection and use of information in accordance with this policy.
🔒 Our Privacy Promise: Your photos are processed in real-time and are NOT permanently stored on our servers. When you close or refresh the page, your uploaded and generated images are deleted.
2.1 Information You Provide
- Account Information: Email address, display name, and password when you create an account
- Profile Information: Any additional information you add to your profile
- Photos: Selfies and images you upload for AI processing
- Payment Information: When you purchase credits, payment details are processed by Stripe (we do not store your full card number)
- Communications: Messages you send to us for support
2.2 Information Collected Automatically
- Usage Data: How you interact with our Service (pages visited, features used, generations created)
- Device Information: Browser type, operating system, device type
- IP Address: Used for security, rate limiting, and fraud prevention
- Cookies: Session cookies to keep you logged in
2.3 Information from Third Parties
- Google Sign-In: If you sign in with Google, we receive your email and profile name from Google
3. How We Use Your Information
We use your information to:
- Provide the Service: Process your photos with AI, generate images, and enable editing
- Manage Your Account: Create and maintain your account, track credits
- Process Payments: Handle credit purchases through Stripe
- Communicate: Send service-related emails (account verification, password reset)
- Improve the Service: Analyze usage patterns to improve features
- Security: Protect against fraud, abuse, and unauthorized access
- Legal Compliance: Comply with applicable laws and regulations
4. How We Handle Your Photos
This is important: We understand your photos are personal. Here's exactly what happens to them:
4.1 Upload & Processing
- When you upload a photo, it is sent to Google's Gemini AI for processing
- The AI generates your studio-quality portrait
- For logged-in users, images are stored securely in your account for 30 days
4.2 Storage for Logged-In Users
🔒 30-Day Retention: Your generated images are stored securely in your account for 30 days so you can access your history, download, and share them. After 30 days, images are automatically and permanently deleted.
- Your History: View all your generations from the past 30 days
- Secure Access: Only YOU can access your images — they are protected by your account
- Download Anytime: Download your images before they expire
- Early Deletion: You can delete any image from your history at any time
- Automatic Cleanup: After 30 days, images are permanently deleted from our servers
4.3 What We DON'T Do
- ❌ We do NOT store your photos beyond 30 days
- ❌ We do NOT use your photos to train AI models
- ❌ We do NOT share your photos with third parties (except Google Gemini for processing)
- ❌ We do NOT allow anyone else to access your photos
- ❌ We do NOT sell or monetize your photos in any way
4.4 Google Gemini Processing
Your photos are processed by Google's Gemini AI. Google's use of this data is governed by Google's Privacy Policy. According to Google's AI policies, data sent through the Gemini API is not used to train their models.
5. Third-Party Services
We use the following third-party services:
| Service |
Purpose |
Data Shared |
| Google Gemini AI |
Image processing & generation |
Photos you upload |
| Supabase |
Authentication & database |
Account info, credits |
| Stripe |
Payment processing |
Payment details |
| Google Fonts |
Typography |
IP address (automatic) |
Each third party has their own privacy policy governing their use of your data.
6. Data Retention
| Data Type |
Retention Period |
| Account Information |
Until you delete your account |
| Uploaded Photos |
30 days, then automatically deleted |
| Generated Images |
30 days, then automatically deleted |
| Edited Images |
30 days, then automatically deleted |
| Generation History (metadata) |
Until you delete your account |
| Payment Records |
As required by law (typically 7 years) |
| Usage Logs |
90 days |
Note: You can delete your images at any time before the 30-day period expires by visiting your generation history.
7. Your Rights
You have the right to:
- Access: Request a copy of the personal data we hold about you
- Correction: Update or correct inaccurate information
- Deletion: Delete your account and associated data
- Portability: Receive your data in a portable format
- Objection: Object to certain processing of your data
- Withdraw Consent: Withdraw consent where processing is based on consent
To exercise these rights, contact us at the email provided below or use the account deletion feature in your profile settings.
8. GDPR Rights (European Economic Area Users)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):
8.1 Legal Basis for Processing
We process your personal data under the following legal bases:
- Contract: Processing necessary to provide the Service you requested
- Consent: Where you have given explicit consent (e.g., marketing emails)
- Legitimate Interests: For security, fraud prevention, and service improvement
- Legal Obligation: To comply with applicable laws
8.2 Your GDPR Rights
- Right of Access: Obtain confirmation of whether we process your data and access to it
- Right to Rectification: Correct inaccurate personal data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time
- Right to Lodge a Complaint: File a complaint with your local data protection authority
8.3 International Data Transfers
Your data may be transferred to and processed in countries outside the EEA, including the United States. We ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the European Commission
- Processing by services certified under recognized frameworks
8.4 Data Protection Officer
For GDPR-related inquiries, contact us at the email address provided in the Contact section below.
9. CCPA Rights (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
9.1 Your CCPA Rights
- Right to Know: Request information about what personal data we collect, use, disclose, and sell
- Right to Delete: Request deletion of your personal data
- Right to Correct: Request correction of inaccurate personal data
- Right to Opt-Out: Opt out of the sale or sharing of your personal data
- Right to Non-Discrimination: Not be discriminated against for exercising your rights
- Right to Limit Use of Sensitive Personal Information: Limit use of sensitive data
9.2 Categories of Personal Information Collected
| Category |
Examples |
Collected |
| Identifiers |
Email, name, IP address |
Yes |
| Commercial Information |
Purchase history, credits |
Yes |
| Internet Activity |
Browsing history, interactions |
Yes |
| Biometric Information |
Facial features in photos |
Temporarily* |
| Geolocation Data |
General location from IP |
Yes |
*Photos containing biometric data are processed in real-time and not stored permanently.
9.3 Sale of Personal Information
We do NOT sell your personal information. We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration.
9.4 How to Exercise Your Rights
To exercise your CCPA rights:
- Email us at the address below with "CCPA Request" in the subject line
- We will verify your identity before processing your request
- We will respond within 45 days (may be extended by an additional 45 days if necessary)
9.5 Authorized Agents
You may designate an authorized agent to make a request on your behalf. We will require verification of both your identity and the agent's authority.
10. Children's Privacy
Age Requirement: Selfie Bump is intended for users who are at least 13 years old (or 16 in the EU/EEA). We do not knowingly collect personal information from children under these ages.
10.1 Photos of Children
Our Service may be used to process photos of children (e.g., family portraits). If you upload photos of minors:
- You must be the parent, legal guardian, or have explicit permission from them
- You are responsible for ensuring appropriate consent
- The same privacy protections apply (no permanent storage, session-only processing)
10.2 Parental Rights
If you believe we have collected information from a child under the applicable age without proper consent, please contact us immediately. We will promptly delete such information.
11. Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption: Data transmitted over HTTPS
- Access Controls: Limited access to personal data
- Secure Authentication: Password hashing, optional two-factor authentication
- Rate Limiting: Protection against abuse and attacks
- Regular Updates: Security patches and updates
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
Your continued use of the Service after changes constitutes acceptance of the updated policy.
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:
- Email: privacy@selfiebump.com
- Subject Line: "Privacy Inquiry" or "GDPR Request" or "CCPA Request"
We aim to respond to all requests within 30 days.
For EU/EEA residents: You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.