Política de Privacidade
Data de Vigência: May 2, 2025
This comprehensive document establishes the framework for the Privacy Policy governing AIPHOTOBOOTH's data processing activities, technological implementations, and associated operational activities.
By utilizing the Service, you acknowledge that you have read this comprehensive Privacy Policy document, understand it, and agree to be bound by its terms and conditions.
Comprehensive Data Processing Framework
Our data processing infrastructure encompasses multiple categories of processing activities, including but not expressly limited to:
- User-provided content and associated metadata structures
- Service-generated content, algorithmic outputs, and computational derivatives
- Technical operation parameters, performance metrics, and system analytics
- Research and development data aggregates and associated analytical outputs
- Biometric Data Processing: Photographic imagery containing facial recognition data as defined under Article 9(1) of GDPR
Biometric Data Processing
Pursuant to Article 9 of GDPR, the Service processes special categories of personal data, specifically biometric data in the form of photographic imagery containing facial features and physiological characteristics. Such processing is undertaken for the purpose of uniquely identifying natural persons and generating AI-enhanced photographic transformations.
Legal Framework and Processing Foundations
We maintain and implement multiple legal bases for data processing activities:
- Legitimate Interests: Service optimization, research and development, security measures
- Contractual Necessity: Processing operations integral to service provision
- Legal Obligations: Compliance with applicable regulatory frameworks
- Consent-Based Processing: Where explicitly mandated by applicable regulations
Data Retention Framework
Biometric Data - Source Images:
Retained for up to 48 hours from upload, unless you maintain an active account.
Generated Outputs - AI-Processed Images:
- Authenticated Users: Duration of active account + 30 days
- Anonymous Users: Up to 7 days
Account Data:
Duration of active account + 3 years following termination.
Financial Records:
Retained per fiscal legislation requirements, typically 7 years.
Data Sharing Framework
Data sharing protocols may be established with technical service providers, payment processors, and regulatory authorities. International transfers are protected by:
- Adequacy decisions by competent regulatory authorities
- Standard contractual clauses approved by the European Commission
- Binding corporate rules where applicable
Your Rights
Subject to applicable regulations, you may exercise the following rights:
- Right to access your personal data
- Right to rectify inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right not to be subject to automated decision-making
Security Measures
We implement appropriate technical and organizational measures:
- Encryption for data in transit and at rest
- Access control mechanisms and authentication protocols
- System monitoring and security incident detection
- Regular security assessments and vulnerability management
- Personnel security training
Contact
For inquiries regarding our Privacy Policy or data processing activities, please contact us at: [email protected]
By utilizing our Service, you acknowledge that you have read this Privacy Policy, understand it, and agree to be bound by its terms.
Last Updated: May 2, 2025