Privacy Policy

Last updated: February 2026

1. Who we are

PortraitLuxe AI ("we," "us," or "our") is a premium studio-photography service. PortraitLuxe is operated by NextGenOra. This Privacy Policy describes how we collect, use, store, and protect your information when you use our website and services.

2. Information we collect

We collect information you provide and information generated by your use of our services:

  • Account information: When you create an account, we collect your email address and, if you provide it, your name. This is stored and managed through our authentication provider (Supabase).
  • Payment information: Payments are processed by Stripe. We do not store your full card number on our servers. We may store billing-related identifiers (e.g., last four digits, payment status) necessary to fulfill orders and provide support.
  • Photos and generated images: When you upload a reference photo or receive generated portraits or cards, we store these in secure cloud storage (Supabase) so we can deliver your images and, where applicable, display them in your account (e.g., dashboard, order history).
  • Order and usage data: We store order details (e.g., package type, number of images, date), support messages you send, and technical data (e.g., IP address, browser type) as needed to operate the service, prevent abuse, and improve our systems.

3. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve our portrait and card services
  • Process payments and fulfill orders
  • Authenticate your account and communicate with you (e.g., order confirmations, password reset, support)
  • Respond to support requests and resolve issues
  • Comply with legal obligations and enforce our terms
  • Analyze usage in an aggregated, non-personally-identifying way to improve our product

4. Storage and security

Your data is stored using industry-standard cloud services. We use Supabase for our database and file storage, and Stripe for payment processing. We take reasonable measures to protect your information against unauthorized access, loss, or misuse. No method of transmission or storage is 100% secure; we encourage you to use a strong password and keep your account credentials private.

5. Third parties

We work with the following types of third parties:

  • Stripe: Payment processing. Stripe's privacy policy applies to payment data they collect and process.
  • Supabase: Database and file storage, and authentication. Data is stored in their infrastructure under our account.
  • Email and hosting: We may use service providers for sending transactional emails and hosting our website. They process data only as necessary to provide those services.

We do not sell your personal information to third parties. We may disclose information if required by law or to protect our rights, users, or safety.

6. Cookies and similar technologies

We use cookies and similar technologies (e.g., local storage) to keep you signed in, remember your preferences (such as theme), and understand how the site is used. You can control cookies through your browser settings. Disabling certain cookies may affect your ability to use some features (e.g., staying logged in).

7. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability (where applicable)

To exercise these rights or ask questions about your data, contact us at info@nextgenora.com. You can also delete your account or request deletion through our support channels; we will process such requests in line with our policies and legal obligations.

8. Data retention

We retain your account data, orders, and generated images for as long as your account is active or as needed to provide the service and comply with legal obligations (e.g., tax, dispute resolution). If you delete your account, we will delete or anonymize your personal data in accordance with our retention practices, except where we must retain it for legal or operational reasons.

9. Children

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us and we will take steps to delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy. For material changes, we may provide additional notice (e.g., by email or a notice on the site).

11. Contact us

For privacy-related questions, requests, or complaints, contact NextGenOra at info@nextgenora.com or by phone at (323) 577-4935. We will respond to your request as required by applicable law.