Privacy Policy
Last updated: April 1, 2026
Your privacy matters to us. This Privacy Policy describes how Jobfoto collects, uses, and protects your data.
1. What We Collect
Your Photos
When you upload selfies to create headshots, we use them as reference images to generate professional headshots that resemble you. We process this data to fulfill our contract with you (Art. 6(1)(b) GDPR). We do not sell your photos and do not use them for marketing without your consent.
Account Info
We collect your email address to manage your account and send transactional emails about your orders (e.g. order confirmations, generation status updates). We process this data to fulfill our contract with you (Art. 6(1)(b) GDPR). You sign in via Google or a magic link - we do not store passwords.
Payment Details
Payment information is handled by Stripe to fulfill our contract with you (Art. 6(1)(b) GDPR). We don't store your credit card details.
Usage Data
We collect basic analytics like page views and device info to improve our Service, based on our legitimate interest (Art. 6(1)(f) GDPR). To measure the effectiveness of our ads, we send a hashed (anonymized) version of your email and purchase amount to Google Ads server-side after a purchase, based on your consent (Art. 6(1)(a) GDPR). No third-party tracking cookies are placed on your device. You can ad conversion measurement at any time.
Security
All data is encrypted in transit. We use passwordless authentication (Google or magic link) and apply regular security updates to keep your data safe. These measures are taken in accordance with our obligation to ensure the security of processing (Art. 32 GDPR).
2. Service Providers
We work with trusted service providers to deliver our Service. Your data is shared only as needed for the stated purposes.
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Cloud compute and image storage | EU |
| Infomaniak | Cloud compute and backup storage | CH |
| Cloudflare | Web application firewall, image storage | EU |
| OpenAI | AI-powered photo quality analysis | US |
| fal.ai | AI image generation | US |
| Stripe | Payment processing | US |
| Brevo | Email delivery | EU |
| PostHog | Product analytics | EU |
| Pirsch Analytics | Privacy-focused web analytics | EU |
| Sentry | Bug tracking | EU |
| Google Ads | Ad conversion measurement | US |
For providers located outside Switzerland and the European Economic Area (EEA) - marked US above - we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.
3. Your Data & Rights
You are in control of your data at all times. Here is what you can do:
- Delete your selfies and generated headshots anytime
- Close your account (all data deleted within 30 days)
- product analytics and ad conversion measurement at any time
- Request a copy of all your personal data
How Long We Keep Data
All uploaded selfies and generated headshots are automatically deleted after 30 days - or immediately upon request. They may remain for up to 14 days in an encrypted backup system after deletion before being permanently removed.
Payment records are kept for 10 years to comply with tax regulations.
4. Legal Bases
We comply with the Swiss Federal Act on Data Protection (FADP) and the European General Data Protection Regulation (GDPR). Under these regulations, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data when it is no longer needed
- Restriction: Request that we limit how we process your data
- Portability: Receive your data in a standard format to transfer elsewhere
- Objection: Object to processing based on legitimate interests
- Withdraw consent: Revoke any previously given consent at any time
- Complaint: File a complaint with a data protection authority (in Switzerland: FDPIC)
To exercise any of these rights, email us at [email protected].
Jobfoto is for users 18 and older only.
5. Data Breach Notification
In the event of a data breach that affects your personal data, we will notify you within 72 hours of becoming aware of the incident. We will inform you which data was affected, the potential consequences, and the measures we are taking.
6. Changes to This Policy
For material changes, we will notify you by email. Continued use constitutes acceptance of the updated Policy.
7. Contact Information
Responsible for content and operation of this website:
Siegenthaler Informatik
Ackersteinstrasse 11
8049 Zürich
Switzerland
Owner: Loris Siegenthaler
Business type: Sole proprietorship
Company UID: CHE-234.330.548
VAT: Not VAT-liable per Art. 10 Swiss VAT Act
Contact
Email: [email protected]