Privacy Policy

Last updated: February 10, 2026

1. Information We Collect

We collect the following types of information:

  • Account information: Name, email address, and password when you create an account
  • Face photos: Selfie images you voluntarily upload for our face-swap visualization feature
  • Usage data: Prompts you enter, visualizations you create, goals and vision boards
  • Payment data: Processed securely by Stripe — we never store your full credit card number
  • Technical data: Device type, browser, IP address, and usage analytics

2. How We Use Your Information

Your data is used to:

  • Generate personalized AI visualizations with your face
  • Deliver daily affirmations and motivation (email, push, WhatsApp)
  • Process payments and manage your subscription
  • Improve the Service and fix issues
  • Send essential account-related communications

We do not sell your personal data. We do not use your face photos or visualizations for advertising.

3. Face Photo Processing

Your face photos are a sensitive category of data and receive special protection:

  • Face photos are used exclusively for generating your personalized visualizations via face-swap AI
  • They are stored securely in encrypted cloud storage (Supabase Storage)
  • They are never shared with third parties, sold, or used for any other purpose
  • They are not used to train AI models
  • You can delete your face photo at any time from your profile settings — deletion is permanent and immediate

4. Third-Party Services

We use the following third-party services to operate VisionMirror:

  • Supabase — Authentication and database hosting (EU-compliant)
  • Stripe — Payment processing (PCI DSS Level 1 certified)
  • Replicate — AI image generation (processes prompts and images)
  • Vercel — Application hosting
  • Cloudflare — Security and bot protection (Turnstile)

Each of these services has its own privacy policy and processes data according to their terms.

5. Cookies

VisionMirror uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Third-party services (Stripe, Cloudflare) may set their own cookies as necessary for their functionality.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

  • Your profile, face photos, and visualizations are permanently deleted
  • Payment records are retained as required by law (typically 7 years for tax purposes)
  • Anonymized usage analytics may be retained

7. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Rectification — Correct any inaccurate data
  • Erasure — Request deletion of your data ("right to be forgotten")
  • Portability — Receive your data in a structured, machine-readable format
  • Objection — Object to processing of your data
  • Restriction — Request limitation of processing

To exercise any of these rights, contact us at support@visionmirror.app. We will respond within 30 days.

8. Security

We implement industry-standard security measures to protect your data, including encrypted storage, rate limiting, device fingerprinting for fraud prevention, and CAPTCHA verification. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

9. Children

VisionMirror is not intended for children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

10. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at support@visionmirror.app.