Privacy Policy

Last updated: May 20, 2026

Welcome to OmniPhoto. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our AI photo generation services. Because OmniPhoto processes facial photographs, we take your privacy especially seriously and are committed to full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1. Data Controller

For data protection purposes, the data controller responsible for your personal data is:

NEXLIMIT LLC
30 N Gould St, Sheridan, WY 82801, United States
Filing Number: 2025-001832049 (Wyoming, US)

For privacy-related inquiries, please contact us at: [email protected]

2. Data Processing Principles

We are committed to processing your data in accordance with the following principles:

  • Lawfulness, fairness, and transparency — We process personal data lawfully, fairly, and in a transparent manner.
  • Purpose limitation — We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
  • Data minimization — We ensure that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
  • Accuracy — We take reasonable steps to ensure that personal data is accurate and kept up to date.
  • Storage limitation — We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
  • Integrity and confidentiality — We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
  • Accountability — We are responsible for and able to demonstrate compliance with these principles.

3. Information We Collect

3.1 Information you provide to us

  • Account information — When you create an account, we collect your name, email address, and password.
  • Payment information — To process orders, we collect payment details, which are securely handled by our third-party payment processors (Stripe, PayPal). We do not store your full credit card information on our servers.
  • Uploaded photos — To provide our AI photo generation service, we collect the photographs you upload. These photos may contain biometric data, including facial features. They are used solely to generate your requested output and for no other purpose.
  • Communications — If you contact us for support or other inquiries, we may receive additional information such as the contents of your message and any attachments.

3.2 Information we collect automatically

  • Usage data — We collect anonymous data about your interactions with our platform, such as pages visited, tools used, and time spent on the site.
  • Device and connection information — We collect information about the device you use to access our service, including IP address, browser type, and operating system.
  • Cookies — We use cookies and similar tracking technologies to operate and personalize our service. You have control over cookie settings through your browser.

4. How We Use Your Data

We use your information for the following purposes:

  • To provide and maintain our service — to process your uploaded photos and generate your AI portraits and headshots.
  • To process transactions — to handle your payments securely and prevent fraudulent activity.
  • To communicate with you — to send service-related notifications such as order confirmations and support responses. With your consent, we may also send marketing communications.
  • To improve our services — to analyze usage patterns and develop new features. Only anonymous and aggregated data is used for this purpose.
  • For security and legal compliance — to protect our platform, prevent abuse, and comply with legal obligations.

5. Facial Data and Biometric Information

Because OmniPhoto processes photographs that may contain facial features, we apply the following additional protections:

  • No biometric profiling — We do not create biometric profiles, facial recognition databases, or identity graphs from your photos.
  • No AI training without consent — We do not use your uploaded photos or generated outputs to train, fine-tune, or improve any AI model without your explicit, opt-in consent.
  • Processing for generation only — Your photos are processed solely to generate the output you requested. They are not analyzed, indexed, or used for any other purpose.
  • Automatic deletion — Uploaded photos and generated outputs are automatically deleted from our servers within 30 days of generation, unless you have saved them to your account.
  • No third-party facial data sharing — We do not share, sell, or license your facial data to any third party under any circumstances.

6. Data Sharing and Third Parties

We do not sell your personal data. We only share your information under the following circumstances:

  • Service providers — We share information with third-party vendors who perform services on our behalf, such as cloud hosting (AWS, Google Cloud), payment processing, and customer support. These partners are provided only with the information necessary to perform their service and are contractually obligated to protect your data.
  • Legal requirements — We may disclose your information if required by law or in response to valid requests by public authorities.
  • Business transfers — In the event of a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.
  • With your consent — We may share your information with any other third party with your explicit consent.

7. Data Retention

  • Uploaded photos — Stored for up to 30 days to allow for re-generation and customer support, then permanently deleted.
  • Generated photos — Stored for up to 30 days so you can access and download them, then permanently deleted.
  • Account data — Retained as long as your account is active. If you request account deletion, your data will be permanently erased within 7 days, unless a longer retention period is required by law (e.g., for financial records).

8. Your Data Protection Rights

As a user, you have the following rights regarding your personal data:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data under certain conditions.
  • Right to restriction of processing — Request that we restrict the processing of your data under certain conditions.
  • Right to data portability — Receive your data in a structured, machine-readable format.
  • Right to object — Object to our processing of your personal data, particularly for direct marketing.
  • Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

9. Data Security

We implement the following technical and organizational security measures:

  • Encryption — All data is encrypted in transit (TLS/SSL) and at rest.
  • Access controls — Access to personal data is strictly limited to authorized personnel on a need-to-know basis.
  • Secure connections — All data transfers between your device and our servers use secure protocols.
  • Regular audits — We conduct regular security reviews of our infrastructure and practices.

While we implement commercially reasonable security measures, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security.

10. International Data Transfers

Your information may be transferred to and processed on servers located outside your country of residence. Where such transfers occur, we ensure compliance with applicable data protection laws using appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Children's Privacy

Our service is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data without verifiable parental consent, we will take immediate steps to delete it.

12. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage patterns, and optimize our services. You can control cookie settings through your browser preferences, although disabling certain cookies may limit some features of our platform.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we will provide notice via email or a prominent notice on our platform at least 14 days before the change takes effect.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].