Legal

Privacy Policy

Last updated: March 6, 2026

HyperReal Photo AI ("HyperReal," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and AI photo generation services (the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile information. If you sign up through a third-party provider (such as Google), we receive basic profile information from that provider.

Selfie Uploads (Training Images)

When you train an AI model, you upload photographs of yourself. These images are used exclusively to create your personalized AI model and are not shared with other users or used to train general-purpose models.

Generated Images

We store the AI-generated images you create through the Service, along with associated metadata such as prompts, model settings, and creation timestamps.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. We receive and store a Stripe customer ID, transaction history, and subscription status for account management purposes.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, generation counts, credit usage, IP addresses, browser type, device information, and referring URLs.

2How We Use Your Data

We use the information we collect for the following purposes:

  • Model Training. Processing your uploaded selfies to train a personalized AI model that generates photos resembling your likeness
  • Image Generation. Using your trained model to create AI-generated photographs based on your prompts and selected styles
  • Service Improvement. Analyzing aggregate, anonymized usage patterns to improve the quality, reliability, and performance of our Service
  • Account Management. Managing your account, processing payments, tracking credit balances, and communicating with you about your account
  • Support. Responding to your inquiries, troubleshooting issues, and providing customer support
  • Legal and Safety Compliance. Enforcing our Terms of Service, preventing abuse, and complying with applicable laws and regulations

3Third-Party Services

We use the following third-party services to operate the platform. Each service receives only the data necessary to perform its function:

fal.ai — AI Processing

We send your Training Images and generation prompts to fal.ai for AI model training and image generation. fal.ai processes this data on our behalf and does not retain your images beyond what is necessary to complete the requested operation.

Stripe — Payment Processing

We use Stripe to securely process all payments. When you make a purchase, your payment details (credit card number, billing address) are sent directly to Stripe and never touch our servers. Stripe's privacy policy governs the handling of your payment data.

Cloudflare — Hosting and Infrastructure

Our application is hosted on Cloudflare's global network. Cloudflare processes HTTP requests, provides DDoS protection, and stores your uploaded and generated images in Cloudflare R2 object storage. Cloudflare may collect basic request metadata (IP addresses, headers) as part of its standard operation.

4Data Retention

Data TypeRetention Period
Training Images30 days by default, then automatically deleted. You may request earlier deletion at any time.
Generated ImagesStored until you delete them or until your account is deleted.
AI ModelsStored until you delete them or until your account is deleted.
Account DataRetained until you delete your account. Upon deletion, all personal data is permanently removed within 30 days.

5Your Rights

We are committed to compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Delete

Request deletion of your personal data, including Training Images, Generated Images, and account data.

Right to Export

Request a portable copy of your data in a machine-readable format (data portability).

Right to Correct

Request correction of inaccurate or incomplete personal data we hold about you.

To exercise any of these rights, please contact us at support@hyperrealphoto.ai. We will respond to all legitimate requests within 30 days. We may ask for verification of your identity before processing your request.

6Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encrypted Storage. All data is encrypted at rest and in transit using TLS 1.2+ encryption
  • Presigned URLs. Training and generated images are accessed through time-limited, presigned URLs rather than publicly accessible links
  • No Plain-Text Credentials. API keys, secrets, and other credentials are stored securely using environment variables and secret management services, never in plain text or source code
  • Access Controls. Strict role-based access controls ensure only authorized personnel can access user data
  • Regular Audits. We regularly review and update our security practices to address emerging threats

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially reasonable measures.

7Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: support@hyperrealphoto.ai

Privacy Inquiries: privacy@hyperrealphoto.ai

We will make every effort to resolve your concerns in a timely manner. If you are located in the European Economic Area and believe we have not adequately addressed your data protection concern, you have the right to lodge a complaint with your local data protection supervisory authority.