The AI Headshot Privacy Checklist
Resources
Before uploading your face to a headshot tool, check retention, deletion, training use, provider routing, staff access, and source-image handling.
- Date
- July 3, 2026
- Author
- Unexposed

AI headshot tools give you pose tips, clothing tips, lighting tips, and occasionally the jawline of someone who owns three venture funds. What they do not always give you is the privacy checklist.
Here is the checklist.
First: do they keep your source photos? This is the big one. Generated outputs are sensitive, but the source photos are often more sensitive because they show the real you, real rooms, real clothes, real friends, real workplaces, and real context. If the tool keeps them, ask how long and why.
Second: do they keep generated headshots? A saved gallery can be useful, but it is still retained face-linked content. Look for deletion controls, retention periods, and whether generated images are public, private to your account, visible to staff, or used for product review.
Third: are uploads used for training, evaluation, or improvement? “Not used for training” is good, but ask whether they are used for human review, safety review, quality review, or abuse monitoring. These are different activities. If the policy collapses them into one warm privacy smoothie, keep reading.
Fourth: where are the images processed? The product might run its own infrastructure or route images to outside model providers. The question is not whether outside providers are automatically bad. The question is whether you are told who receives the images and under which retention terms.
Fifth: who can access the content? Can support staff see uploaded photos? Can operators inspect generated outputs? Can engineers pull images from storage? A good product either prevents this architecturally or explains when access can happen and why.
Sixth: what happens when you delete? Deleting from your account should not secretly leave thumbnails, source files, prompt records, or support attachments behind as ordinary product state. Some operational records may remain, but they should not retain your face unless there is a clearly explained reason.
Seventh: what photos are you uploading? Avoid images with other people, work badges, house numbers, children, documents, or private interiors. The headshot tool may ask for variety. Do not interpret that as a request to upload your entire life like a scrapbook with cheekbones.
This checklist will not make every tool safe or unsafe. It will make the trade-offs visible. That is the point. Privacy is not about finding the purest possible button. It is about knowing what happens when you press it.
Further reading: How to evaluate private AI image tools, Your Data, and NIST’s overview of facial recognition technology.