← BACK TO STUDIO

Privacy Policy

Last updated: 1 January 2025

1. Who We Are

Neon Portrait Studio is operated as a sole trader business in the United Kingdom. We are the data controller for personal data collected through this website.

Contact: hello@neonportraits.co.uk

2. What Data We Collect

We collect and process the following personal data:

  • Photos you upload — processed temporarily to generate your AI portrait prompt. Not stored after processing.
  • Payment information — name, email, billing address and card details. Card details are processed entirely by Stripe and never stored on our servers.
  • Email address — collected by Stripe for receipt delivery.
  • Technical data — IP address, browser type, pages visited (via cookies, with consent).

3. Legal Basis for Processing (UK GDPR)

  • Contract performance — to deliver the digital product you purchased (Article 6(1)(b)).
  • Legal obligation — to comply with UK tax and accounting requirements (Article 6(1)(c)).
  • Legitimate interests — to prevent fraud and maintain site security (Article 6(1)(f)).
  • Consent — for analytics cookies, where you have given consent.

4. How We Use Your Data

  • To generate your AI portrait prompt (photos processed in real-time, not stored)
  • To process your payment via Stripe
  • To send order confirmation and receipt emails
  • To comply with UK tax obligations (HMRC)
  • To prevent fraud and maintain security

5. Third-Party Processors

We use the following sub-processors, each bound by appropriate data protection agreements:

ProcessorPurposePrivacy Policy
Anthropic (Claude AI)AI prompt generation from uploaded photosanthropic.com/privacy
Stripe Payments UK LtdPayment processingstripe.com/gb/privacy
Vercel Inc.Website hostingvercel.com/legal/privacy-policy
Coinbase Commerce (opt.)Bitcoin/crypto paymentscoinbase.com/legal/privacy

6. Photo Processing & AI

Photos you upload are sent to Anthropic's Claude AI API solely to generate your portrait prompt. We do not store your photos on our servers. Photos are processed in memory during your session only and permanently deleted after the prompt is generated. We do not use your photos to train AI models. Anthropic's data processing is governed by their privacy policy and enterprise data handling commitments.

7. Data Retention

  • Uploaded photos: Deleted immediately after prompt generation
  • Payment records: Retained 7 years (UK HMRC requirement)
  • Transaction logs: Retained 2 years for fraud prevention
  • Cookie data: See Cookie Policy

8. Your Rights (UK GDPR)

You have the following rights regarding your personal data:

  • Right of access — request a copy of data we hold about you
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing based on legitimate interests

To exercise any right, email hello@neonportraits.co.uk. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

9. International Transfers

Some of our processors (Anthropic, Vercel, Coinbase) are based in the United States. Where data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or reliance on the UK-US Data Bridge framework.

10. Security

We implement appropriate technical and organisational measures to protect your data, including SSL/TLS encryption, access controls, and minimal data collection principles. Stripe is PCI DSS Level 1 certified — the highest standard of payment security.

11. Contact Us

For any privacy-related enquiries: hello@neonportraits.co.uk

We aim to respond to all data requests within 30 calendar days.