ioomm logoTry Free Preview
Legal

Privacy Policy

Last updated: 17 April 2026

1. Introduction

Alvento Ltd (we, us, our) operates ioomm, an AI-powered professional headshot generation service. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.

2. Information We Collect

2.1 Images You Upload

When you use our Service, you upload a selfie photograph. This image contains your personal data (your facial features). We process this image solely to generate professional portrait photographs for you.

2.2 Technical Data

We collect:

  • IP address (for rate limiting and abuse prevention)
  • Browser type and version
  • Device information
  • Session data (temporary; unpaid sessions expire after 24 hours, paid sessions retained up to 30 days)

2.3 Payment Information

Payment processing is handled by Stripe. We do not store your credit card details. Stripe collects and processes payment information according to their own privacy policy.

2.4 Usage Data

We collect anonymous analytics data to improve our Service, including page views, feature usage, and error rates. This data cannot be used to identify you personally.

3. How We Use Your Information

We use your information to:

  • Provide the Service: Generate professional portraits from your uploaded selfie
  • Detect quality issues: Analyze your photo for face detection, lighting, and composition
  • Prevent abuse: Enforce rate limits and detect malicious usage
  • Process payments: Via Stripe for paid packages
  • Improve our Service: Analyze usage patterns and fix bugs (using anonymized data)
  • Comply with legal obligations: Respond to lawful requests from authorities

We rely on your explicit consent for the processing of images containing biometric data (if applicable) for headshot generation.

4. Data Retention and Deletion

Image Retention: Unpaid sessions are automatically and permanently deleted after 24 hours. Paid sessions are retained for up to 30 days to allow downloads and support. We do not keep backups of your images beyond these periods.

Session Data: Metadata about your generation request is retained for up to 24 hours for unpaid sessions and up to 30 days for paid sessions, then deleted.

Payment Records: For accounting and legal compliance, we retain minimal payment transaction records (amount, date, package purchased) for 7 years as required by UK tax law. These records do not include your images.

5. Who We Share Your Data With

5.1 AI Service Providers

We use Google’s Gemini AI and Google Vision API to process your images. Your uploaded photo is sent to Google’s servers for:

  • Face detection and image quality analysis (Google Vision)
  • Portrait generation (Google Gemini)

Google processes your images according to their privacy policy. We have configured our services to ensure Google does not use your images to train their AI models.

5.2 Payment Processor

Stripe processes all payments and handles payment card data. We do not receive or store your full payment card details.

5.3 Hosting Provider

Our Service is hosted on secure cloud infrastructure. Hosting providers may have access to encrypted data for operational purposes only.

5.4 No Sale of Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

6. Data Security

We implement industry-standard security measures including:

  • HTTPS encryption for all data transmission
  • Secure cloud storage with encryption at rest
  • Access controls and authentication
  • Regular security audits and updates
  • Automatic data deletion (24 hours for unpaid sessions, up to 30 days for paid sessions)

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights Under UK GDPR

You have the right to:

  • Access: Request a copy of your personal data (note: images are deleted after 24 hours for unpaid sessions or up to 30 days for paid sessions)
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data (images auto-delete after 24 hours for unpaid sessions or up to 30 days for paid sessions)
  • Object: Object to processing of your data
  • Data Portability: Receive your data in a structured, machine-readable format
  • Withdraw Consent: Withdraw consent at any time (images auto-delete after 24 hours for unpaid sessions or up to 30 days for paid sessions)
  • Lodge a Complaint: File a complaint with the UK Information Commissioner’s Office (ICO)

To exercise these rights, contact us at hello@ioomm.app.

8. Children’s Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If you are a parent and believe your child has used our Service, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EEA, including the United States (where Google’s servers are located). We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses with service providers
  • Privacy Shield/adequacy frameworks where applicable
  • Contractual obligations for data protection

10. Cookies and Tracking

We use minimal cookies for:

  • Essential: Session management (temporary, expires after 24 hours)
  • Analytics: Anonymous usage statistics to improve our Service

You can disable cookies in your browser settings, but this may affect Service functionality.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice on our website. Continued use after changes constitutes acceptance of the updated policy.

12. Legal Basis for Processing

Under UK GDPR, we process your data based on:

  • Consent: You explicitly consent by uploading images
  • Contract: Processing is necessary to provide the Service you requested
  • Legitimate Interests: Fraud prevention, security, and Service improvement
  • Legal Obligation: Compliance with tax and financial regulations

13. Contact Us

For privacy-related questions, requests, or complaints:

Alvento Ltd
Data Protection Officer
Email: hello@ioomm.app
Support: hello@ioomm.app

Supervisory Authority:
Information Commissioner’s Office (ICO)
Website: ico.org.uk
Telephone: 0303 123 1113