Privacy Policy

This Privacy Policy explains how Impossible Labs AI LLC, a California limited liability company ("Impossible Labs," "we," "us," or "our"), collects, uses, shares, and protects information when you use LuminaFace.ai. LuminaFace.ai is designed to minimize data collection: no account is required, and uploaded and generated images are automatically deleted after 24 hours.

We collect the information needed to generate and deliver your headshots:

• Uploaded selfies or portrait images that you provide for generation.
• Generated images and temporary processing metadata related to your order.
• Your email address so we can deliver results, receipts, and support responses.
• Payment and transaction information processed by Stripe. We do not store full card numbers.
• IP address, device, browser, and request information used for rate limiting, fraud prevention, abuse detection, security logging, and basic service diagnostics.
• Messages you send to us, including refund or support requests.

We use your information to:

• Generate, process, store temporarily, and deliver your AI headshots.
• Send download links, order confirmations, receipts, updates, and support replies.
• Process payments, refunds, disputes, tax records, and accounting obligations.
• Prevent abuse, enforce rate limits, detect fraud, secure the service, and troubleshoot technical issues.
• Comply with applicable legal obligations and enforce our Terms of Service.

Uploaded images and generated images are automatically deleted after 24 hours. This retention window gives us enough time to process your generation, deliver results, support failed jobs, and handle basic troubleshooting. After deletion, we may no longer be able to recover, regenerate, or inspect the images associated with your order.

We share information only with providers that help us operate LuminaFace.ai:

• OpenAI, for AI image generation and related processing.
• AWS S3 and DynamoDB, in the us-west-1 region, for temporary image storage and service records.
• Stripe, for payment processing, fraud checks, refunds, receipts, disputes, and payment records.
• Resend, for email delivery of results and service messages.

These providers process information under their own terms and privacy practices. We do not authorize them to use your information for their own advertising.

Payments are handled by Stripe. When you pay for a generation, Stripe may collect card details, billing information, transaction identifiers, fraud signals, and other information needed to process the payment. We receive limited payment status, receipt, refund, and dispute information from Stripe.

We do not sell your personal information, uploaded images, or generated images. We do not use your photos for third-party advertising. We do not create accounts or profile you across unrelated services.

Images are retained for no more than 24 hours. Email addresses, transaction records, refund records, abuse-prevention logs, support messages, and legal/accounting records may be retained for longer where necessary for receipts, tax obligations, fraud prevention, dispute handling, customer support, legal compliance, and business records.

If you ask us to delete information, we will honor the request where required by law, subject to records we must keep for legitimate business or legal reasons.

We use reasonable administrative, technical, and organizational safeguards designed to protect information, including encrypted transport, access controls, temporary storage, limited retention, provider-level security controls, and abuse monitoring. No internet service can guarantee absolute security, but our default design limits how long sensitive images remain in the system.

LuminaFace.ai uses minimal cookies or similar technologies for functional purposes such as session handling, basic preferences, payment flow continuity, fraud prevention, and security. We do not use cookies to sell personal information.

Depending on where you live, including under California privacy laws such as the CCPA/CPRA and under GDPR-style privacy laws, you may have rights to request access, correction, deletion, portability, restriction, or objection to certain processing. You may also have the right to opt out of sale or sharing of personal information, though we do not sell personal information.

To exercise a privacy right, email hello@mzo.tv. We may need to verify your request before acting on it.

LuminaFace.ai is not intended for anyone under 18. We do not knowingly collect personal information from children or knowingly process images submitted by children. If you believe a child has provided information to us, contact us and we will take appropriate steps.

LuminaFace.ai creates AI-generated headshots from user-submitted images. Impossible Labs follows applicable AI transparency requirements, including California requirements as they apply to services like ours. We currently deliver clean output files and plan to add C2PA or similar provenance disclosures if LuminaFace.ai reaches the user thresholds where those measures become required.

LuminaFace.ai is operated from the United States. If you use the service from outside the United States, your information may be processed in the United States and by providers in other locations where privacy laws may differ from those in your country.

We may update this Privacy Policy from time to time. The "Last Updated" date above reflects the latest version. Material changes will be posted on this page.

Questions or privacy requests can be sent to hello@mzo.tv.