jeelous ← Back to home

Legal

Privacy Policy

Last updated: 11 July 2026 · Effective: 11 July 2026

Jeelous lets you upload one photo and one voice recording of yourself and generate AI portraits, voices and lip-synced videos of you at every age. Because that means we handle your face and voice — sensitive biometric data — we hold ourselves to a high standard. This policy explains, in plain language, what we collect, why, who touches it, how long we keep it, and the control you have.

The short version

1Who we are

Jeelous ("Jeelous", "we", "us") provides the Jeelous service at jeelous.com and app.jeelous.com. For users in the European Economic Area (EEA) and the United Kingdom, Jeelous is the data controller for the personal data described here. Questions, requests and complaints can be sent to privacy@jeelous.com.

This policy is written to reflect the EU/UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), the Illinois Biometric Information Privacy Act (BIPA) and comparable biometric laws, and the transparency obligations of the EU AI Act. Where a specific law gives you more rights, that law controls.

2What we collect

We collect only what the service needs:

  • Account data — your email address and display name, and (if you sign in through a provider) the identifier it returns.
  • Biometric data you upload — the photo(s) of your face and the voice recording(s) you provide, plus the AI-derived facial and voice models generated from them. See §3.
  • Content you create — the age-altered portraits, cloned voice versions, scripts and lip-synced videos you generate, and the prompts/ideas you enter.
  • Transaction data — your credit balance and purchase history. Card payments are processed by Stripe; we do not receive or store your full card number.
  • Technical data — IP address, device/browser information, and server logs, used for security, abuse prevention and reliability.
  • Consent records — the specific permissions you granted and when.

3Biometric data — how we treat your face and voice

Your uploaded face image and voice recording, and the facial/voice models we derive from them, are biometric identifiers and biometric information. We treat them as sensitive/special-category data:

  • Explicit consent first. We do not store or process your face or voice until you give clear, affirmative, timestamped consent — separately for (a) storing your photo and generating age-altered portraits, (b) creating and age-shifting a clone of your voice, and (c) generating lip-synced videos of your likeness.
  • Purpose limitation. Your biometric data is used only to deliver the content you ask us to create. We do not use it for identification, surveillance, advertising, or profiling.
  • No sale, no profit from biometrics. We never sell, lease, trade or otherwise profit from your biometric identifiers or information.
  • No model training. Neither we nor our providers use your face or voice to train, fine-tune or improve any AI model (see §5).
  • Retention schedule & destruction. We retain your biometric data only for as long as your account is active or as needed to provide the service, and we destroy it on the schedule in §7 — at the latest when you delete your account or withdraw consent, and otherwise in line with applicable biometric-retention limits.
You may only upload media of yourself. Uploading anyone else's face or voice — including friends, family or public figures — is prohibited (see our Terms). Friends features work by sending a request the other person must approve from their own account and consent; we never generate a person's likeness without their own consent.

4How we use your information & our legal bases

PurposeLegal basis (GDPR)
Create, store and deliver your AI portraits, voices, scripts and videosPerformance of our contract with you; and, for biometric data, your explicit consent
Process your face and voice specificallyYour explicit consent (Art. 9(2)(a) GDPR)
Take payment and maintain credit balancesPerformance of contract; legal obligation (tax/accounting)
Security, abuse and fraud prevention, service reliabilityOur legitimate interests
Respond to your requests and provide supportPerformance of contract; legitimate interests
Comply with law and enforce our TermsLegal obligation; legitimate interests

We do not use your content for advertising, and we do not sell or "share" your personal information as those terms are defined under the CCPA/CPRA.

5AI generation, labelling & no-training commitment

Every portrait, voice clip and video Jeelous produces is synthetic (AI-generated). Outputs may contain artifacts and do not depict real events. In line with the EU AI Act's transparency rules and good practice, AI-generated content in the service is disclosed as such, and downloadable media may carry machine-readable provenance markers (e.g. SynthID / C2PA-style signals) applied by our generation providers.

We do not train on your data. Your uploads and generated content are not used to train, fine-tune or evaluate our models or our providers' models. We contractually require our AI providers to process your media solely to perform the requested generation and not to retain it for training.

6Who processes your data (sub-processors)

We do not sell your data. To run the service we share the minimum necessary with vetted providers acting as our processors, each bound by a data-processing agreement:

ProviderPurposeData it receives
SupabaseAccounts & databaseAccount & metadata
Cloudflare (R2 / CDN)File storage & deliveryUploaded & generated media
Google (Gemini)Photo age transformation, scripts, speechYour photo / prompts
ElevenLabsVoice cloning & speechYour voice sample
HeyGen / video providersLip-synced videoYour portrait & audio
GroqScript text generationYour prompts
StripePaymentsBilling details (card handled by Stripe)
ResendTransactional emailEmail address

We may also disclose data if required by law, to protect our rights or users' safety, or in connection with a merger or acquisition (in which case this policy continues to apply). This list may change; the current list is maintained here and material changes are notified per §13.

7Data retention & deletion

  • While your account is active, we keep your media and generated content so the service works.
  • On withdrawal of consent for a given use, we stop that processing and delete the associated biometric data.
  • On account deletion, we delete your account, uploaded media, derived facial/voice models, voice clones held at our providers, and generated content within 30 days, except limited records we must keep by law (e.g. payment/tax records), which are retained only as long as legally required and then deleted.
  • Backups are purged on a rolling basis shortly thereafter.

To delete your data, use in-app deletion or email privacy@jeelous.com from your account address.

8Your rights

EEA / UK (GDPR): you have the right to access, rectify, erase, restrict, and port your data, to object to processing based on legitimate interests, and to withdraw consent at any time (without affecting prior processing). You may lodge a complaint with your local data-protection authority.

California (CCPA/CPRA): you have the right to know, access, correct and delete your personal information, to limit the use of sensitive personal information, and to opt out of sale/sharing. We do not sell or share your personal information, and we do not use your sensitive personal information for anything beyond providing the service. We will not discriminate against you for exercising your rights.

Illinois (BIPA) & similar: we obtain written consent before collecting biometric identifiers, disclose our retention/destruction schedule (§7), and never sell or profit from your biometric data.

To exercise any right, email privacy@jeelous.com. We verify requests against your account and respond within the timeframe the applicable law requires. You may use an authorised agent where the law permits.

9Security

All traffic is encrypted in transit (TLS). Media is stored in access-controlled object storage; database rows are protected by row-level security so only your authenticated session can read your data. Service credentials and API keys are held server-side only. Access to production data is limited, logged and reviewed. No system is perfectly secure, but we work to protect your data and will notify you and regulators of a breach as required by law.

10International data transfers

We and our providers may process data in the United States and other countries. Where we transfer personal data out of the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum) or an adequacy decision, so your data keeps an equivalent level of protection.

11Children

Jeelous is strictly for adults. You must be 18 or older to use it. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it. The "child" and "baby" outputs are AI age-regressions of an adult user's own face — not images of real children.

12Cookies & analytics

We use strictly necessary cookies to keep you signed in and to secure the service. We keep analytics minimal and privacy-respecting; where required, we ask for consent before setting non-essential cookies. We do not use third-party advertising cookies.

13Changes to this policy

We may update this policy as the service and the law evolve. We will post the new version here with a revised "Last updated" date and, for material changes, give prominent notice (and, where required, seek renewed consent) before they take effect.

14How to reach us

Privacy questions and rights requests: privacy@jeelous.com. General contact: hello@jeelous.com. See also our Terms of Service.