📸OneTake
← Back to home

Privacy Policy

Last updated: July 8, 2026

OneTake (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and AI headshot generation service (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

  • Account Information: When you sign up via Clerk, we receive your email address and name from the authentication provider. We do not receive your password — authentication is handled entirely by Clerk.
  • Photos You Upload: To generate AI headshots, you upload photos of yourself. These photos are transmitted securely to our AI processing pipeline.
  • Payment Information: When you make a purchase, your payment details (credit card number, billing address) are collected and processed by our payment processor. We never see or store your full credit card number.
  • Communications: If you contact us via email, we receive your email address and any information you include in your message.

1.2 Information Collected Automatically

  • Usage Data: We may collect information about how you access and use the Service, including your IP address, browser type, pages visited, and time spent on pages.
  • Cookies: We use essential cookies for authentication (Clerk session management) and preference storage. We do not use third-party advertising or tracking cookies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: To process your uploaded photos through our AI pipeline, generate headshots, and deliver the results to you.
  • Authentication: To authenticate your identity via Clerk and maintain your account session.
  • Payment Processing: To process your payment and fulfill your order.
  • Communication: To send you order confirmations, delivery notifications, and respond to your inquiries.
  • Improvement & Security: To monitor and improve the Service, detect and prevent fraud, and comply with legal obligations.

We do not sell, rent, or trade your personal data. We do not use your uploaded photos for any purpose other than generating your headshots.

3. Third-Party Service Providers

We share your information with the following service providers, each of which has its own privacy policy:

ProviderPurposeData Shared
ClerkAuthentication & user managementEmail, name
Payment ProcessorPayment processingPayment details, billing address
ReplicateAI model inferenceUploaded photos
NeonDatabase hostingAll stored data (encrypted)
VercelApplication hostingUsage data, logs
ResendTransactional emailEmail address, order details

Each processor is contractually obligated to protect your data and use it only for the specified purpose. Replicate does not use customer data for model training.

4. Data Storage & Security

  • Database: User data and order records are stored in Neon PostgreSQL, encrypted at rest and in transit (TLS).
  • Generated Images: AI-generated headshots are stored in Cloudflare R2 with encryption at rest.
  • Uploaded Photos: Photos are transmitted to Replicate over HTTPS. We do not retain uploaded photos on our servers longer than necessary (typically 7 days after order completion).
  • Payment Data: We do not store full credit card numbers. All payment processing is handled by our PCI-compliant payment processor.

We implement appropriate technical and organizational measures to protect your personal data. However, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Data Retention

  • Account Data: Retained for the lifetime of your account. You may delete your account at any time via Clerk.
  • Generated Headshots: Retained for 90 days after your last order to allow you to download your results.
  • Uploaded Source Photos: Deleted within 7 days of order completion.
  • Order Records: Retained for legal and accounting purposes as required by applicable law.

You may request deletion of your data at any time by contacting us at support@tryonetake.com. We will respond to deletion requests within 30 days.

6. Your Data Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion:Request deletion of your personal data (“right to be forgotten”).
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at support@tryonetake.com. We will verify your identity before processing your request.

8. Children’s Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States where our hosting infrastructure (Vercel) and AI processing (Replicate) are located. We ensure appropriate safeguards are in place, including standard contractual clauses, to protect your data during such transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@tryonetake.com.