Privacy Policy

1. Introduction

Welcome to HeroKids ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our AI portrait generation service.

HeroKids is a UK-based service that transforms children's photos into superhero and fantasy character portraits using artificial intelligence.

2. Information We Collect

2.1 Photos You Upload

When you use our service, you upload photos to be transformed. These photos are:

• Processed by our AI system to generate portrait images
• Stored securely in our encrypted cloud storage
• Automatically deleted after 30 days
• Never used to train our AI models
• Never shared with third parties

2.2 Email Address

We collect your email address to:

• Send you the generated portrait images
• Send order confirmation and download links
• Provide customer support if needed

2.3 Payment Information

Payment processing is handled securely by Stripe. We never see or store your complete payment card details. Stripe may collect:

• Card number (last 4 digits visible to us)
• Billing address
• Transaction details

2.4 Technical Information

We automatically collect:

• Browser type and version
• Device information
• IP address (anonymized)
• Pages visited and time spent

3. How We Use Your Information

We use your information to:

• Provide our service: Process photos and generate portraits
• Deliver your order: Email high-resolution images and download links
• Process payments: Complete transactions via Stripe
• Provide support: Respond to your questions and issues
• Improve our service: Analyze usage patterns (anonymized data only)
• Legal compliance: Meet legal and regulatory requirements

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely using Supabase (cloud infrastructure hosted in the EU) with:

• End-to-end encryption
• Secure HTTPS connections
• Access controls and authentication
• Regular security audits

4.2 How Long We Keep Your Data

• Uploaded photos: Automatically deleted after 30 days
• Preview images: Deleted after 30 days
• Final images: Download links expire after 7 days, files deleted after 30 days
• Email addresses: Retained for customer support and legal compliance (7 years)
• Order records: Retained for accounting and legal purposes (7 years)

4.3 Data Security Measures

We protect your data using:

• Encrypted storage (AES-256)
• Secure transmission (TLS 1.3)
• Access controls and authentication
• Regular security updates
• Intrusion detection systems

5. Third-Party Services

We use the following trusted third-party services:

5.1 Stripe (Payment Processing)

Handles all payment transactions. See Stripe's Privacy Policy.

5.2 Supabase (Data Storage)

Provides secure cloud storage for uploaded photos and generated images. See Supabase's Privacy Policy.

5.3 Resend (Email Delivery)

Sends order confirmation emails with download links. See Resend's Privacy Policy.

6. Children's Privacy

Our service is designed for adults to create portraits of children. We:

• Require that users be at least 18 years old
• Require parental consent for processing children's photos (given when you use the service)
• Never knowingly collect data directly from children under 13
• Delete children's photos within 30 days
• Never use children's photos for AI training

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate personal data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing of your data
• Withdraw consent: Withdraw consent at any time (for future processing)

To exercise any of these rights, email us at support@herokids.co.uk.

8. Cookies and Tracking

We use minimal cookies and tracking:

• Essential cookies: Required for the service to function (session management)
• LocalStorage: Temporarily stores your cropped photo during the creation process (deleted when you complete or leave)
• No third-party tracking: We do not use Google Analytics, Facebook Pixel, or similar tracking tools

9. AI and Machine Learning

Zero-Train Policy: We are committed to your privacy:

• Your photos are NEVER used to train, improve, or fine-tune our AI models
• Our AI models are pre-trained and remain static
• We use your photos ONLY to generate your specific portraits
• Photos are permanently deleted after 30 days

10. Data Breaches

In the unlikely event of a data breach that affects your personal data, we will:

• Notify the UK Information Commissioner's Office (ICO) within 72 hours
• Notify affected users by email without undue delay
• Provide information about what data was affected
• Take immediate steps to secure the system

11. International Transfers

Your data is primarily stored within the EU/UK. If we need to transfer data outside the UK, we ensure:

• Adequate safeguards are in place (e.g., Standard Contractual Clauses)
• Compliance with UK GDPR requirements
• Data is protected to UK standards

12. Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will:

• Update the "Last updated" date at the top
• Notify you by email if you're a customer
• Display a prominent notice on our website

13. Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us:

14. Complaints

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the UK supervisory authority: