We currently only have male Photofit faces. Please be patient, we are working on it.

Privacy Policy

Last updated: 8 April 2026

1. Data Controller

PhotofitMe is operated by Maggetti (“we”, “us”, “our”). Maggetti is the data controller responsible for your personal data processed through the PhotofitMe website and services (“the Service”).

If you have questions about how we handle your data, please contact us at privacy@photofitme.com.

2. What Data We Collect

We collect and process the following categories of personal data:

  • Email address — collected when you create an account or place an order. Used for account authentication (via magic link), order confirmation, and shipping notifications.
  • Face photographs and selfies — uploaded by you for the purpose of AI-assisted Photofit composite generation. Photographs are transmitted to our AI processor (Anthropic) for facial feature analysis and are not stored permanently unless you explicitly opt in to save your composite to your gallery.
  • Composite images — the Photofit composite portrait generated from your uploaded photograph. Stored in our database if you save, share, or add your composite to the gallery.
  • Order details — including delivery address, product selections, and payment reference. Payment card details are handled entirely by Stripe and are never seen or stored by us.
  • Usage data — including pages visited, time on site, browser type, and approximate location, collected via Google Analytics.
  • Account profile data — display name, biography, and profile link, if you choose to provide them when submitting to the gallery.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To generate your Photofit composite portrait using AI analysis of your uploaded photograph.
  • To fulfil and dispatch print orders placed through the Service.
  • To create and manage your account, including sending magic-link login emails.
  • To display your Photofit in the public gallery, where you have consented to this.
  • To analyse aggregate usage of the Service and improve it over time.
  • To comply with our legal obligations, including financial record-keeping.

4. Third-Party Data Processors

We share your data with the following third-party processors, each of whom processes data on our behalf under appropriate data processing agreements:

  • Anthropic — provides the Claude AI model used for face feature analysis. Your uploaded photograph is transmitted to Anthropic's API for processing. Anthropic's privacy policy is available at anthropic.com/privacy.
  • Supabase — provides our database and image storage infrastructure. Your account data, composite images, and gallery entries are stored on Supabase servers. Supabase is SOC 2 compliant.
  • Stripe — processes all payment transactions. Stripe is PCI-DSS compliant. We do not store or access your card details.
  • Prodigi — fulfils and ships print orders. Your delivery name and address are passed to Prodigi solely for the purpose of fulfilling your order.
  • Vercel — hosts the PhotofitMe web application. Vercel may process request data including IP addresses as part of normal server operation.
  • Google Analytics — provides usage analytics. Google Analytics uses cookies to collect anonymised data about how visitors use the Service. Data is processed in accordance with Google's privacy policy.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases for processing your personal data:

  • Contract — processing your order and account data is necessary to fulfil our contract with you.
  • Legitimate interests — we use Google Analytics to understand and improve how the Service is used. This analytics data is aggregated and anonymised.
  • Consent — adding your composite to the public gallery is entirely voluntary and based on your explicit consent, which you may withdraw at any time by removing your entry from the gallery via your account settings.
  • Legal obligation — we retain order and financial records to comply with UK tax and accounting law.

6. Data Retention

  • Account data — retained for as long as your account remains active. You may request deletion at any time.
  • Order data — retained for 7 years from the date of the order, as required by UK financial record-keeping law.
  • Face photographs — deleted immediately after your composite has been generated, unless you have opted in to save your composite to the gallery, in which case the composite image (not the original photograph) is retained.
  • Gallery entries — retained until you remove them via your account or request deletion.
  • Analytics data — retained by Google Analytics for up to 26 months, after which it is automatically deleted.

7. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request that we correct any inaccurate data we hold about you.
  • Right to erasure — you may request that we delete your personal data, subject to any legal retention obligations.
  • Right to data portability — you may request that we provide your data in a commonly used machine-readable format.
  • Right to object — you may object to processing based on legitimate interests, including analytics.
  • Right to withdraw consent — where processing is based on consent (e.g. gallery submissions), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@photofitme.com. We will respond within one calendar month. If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

8. Cookies

We use the following cookies on the Service:

  • Supabase session cookies (sb-*) — essential cookies used to maintain your authenticated session. These cookies are set when you sign in and expire at the end of your session or when you sign out.
  • Google Analytics cookies (_ga, _ga_*) — analytics cookies used to collect anonymised usage data. These cookies persist for up to 2 years.

For full details of our cookie practices, please see our Cookie Policy.

9. Contact Us

For any privacy-related queries or to exercise your rights, please contact us at:

Maggetti — PhotofitMe
Email: privacy@photofitme.com