Your photo,
your data, yours.

Lookz collects the data we need to generate your beauty preview and run the service: the selfies you upload, the previews you generate, your account information, and privacy-preserving usage data.

Specifically: selfies and reference photos you upload, generated previews stored in your in-app library, account identifiers from Sign in with Apple or Google (a stable ID plus the email address you share), device information (model, OS version, language), and anonymous usage data (feature usage counts, crash reports, performance metrics).

The selfies and reference photos you upload contain your face. Lookz uses these images only as the visual input needed to render the cosmetic preview you request. Lookz does not perform facial recognition, does not create or store a faceprint or biometric template, and never uses your face to identify or authenticate you. We do not derive biometric identifiers of any kind from your photos.

We use your data only to operate the Lookz service: to generate the previews you ask for, keep your library in sync across devices, improve reliability and performance, and provide customer support when you reach out.

We do not use your data for advertising, profiling, or unrelated commercial purposes. We do not sell it.

Uploaded selfies and reference photos are transmitted over TLS (HTTPS) and stored in encrypted cloud storage scoped to your account, where they stay in your private in-app library until you delete them or delete your account. To render a preview, your image is shared with a trusted third-party AI image-generation provider over a short-lived signed link valid for one hour, solely to produce the result you asked for. That provider is contractually restricted from retaining your image beyond the request or using it to train models. Access is limited to authorised engineers and audited regularly.

We do not sell, trade, or rent your personal data. We share it with third parties only in these specific cases:

• With your consent, when you explicitly ask us to (for example, sharing a preview to social media uses the platform's own native share sheet; we do not post on your behalf).
• With trusted service providers we rely on to operate Lookz (cloud hosting, AI inference, payment processing). They are contractually bound to use your data only to deliver the service to you.
• For legal compliance when required by a valid legal request, court order, or to protect rights and safety.
• In a business transfer, if Lookz is acquired or merged. You will be notified before any transfer of personal data takes place.

We do not train public or general-purpose AI models on your selfies. Your photo is used only to generate the preview you asked for. If we ever evaluate using anonymised, opted-in data to improve our own beauty-preview models, we will ask for your explicit consent first and let you opt out anytime.

Depending on where you live, you have the right to:

• Access the data we hold about you.
• Correct inaccurate data.
• Delete your data. Full account deletion handles this.
• Export your data in a portable format.
• Object to processing or withdraw consent for anything we process on consent grounds.
• File a complaint with your local data protection authority.

To exercise any of these rights, contact us at the address in section 17. Most requests are handled within 30 days.

California residents have additional rights under the CCPA and CPRA, including the right to know what personal information is collected, to request deletion, to opt out of any sale or sharing of personal information (Lookz does not sell), and to receive equal service and pricing for exercising those rights.

For users in the European Economic Area, the United Kingdom, and Switzerland, our lawful bases for processing are: contract (to deliver the previews you request), legitimate interest (to keep the service secure and reliable), consent (for optional features like marketing communications), and legal obligation (to comply with applicable law).

Lookz is intended for visitors aged 13 and over (16+ in the EU and the UK to align with GDPR / UK GDPR). Users aged 13 to 17 should use Lookz with the permission of a parent or guardian. If we learn that a younger user has created an account, we will delete it.

The Lookz website uses essential cookies only (locale and theme preferences). Analytics on the website is cookieless. The mobile app does not use web cookies. We do not use third-party advertising trackers anywhere in the Lookz product surface.

Lookz operates on top of a small set of trusted infrastructure providers, each bound by contract to process your data only to deliver the Lookz service:

• AI image generation — a third-party AI provider that receives your uploaded photo over a short-lived signed link (valid one hour) solely to render the preview, and is contractually restricted from retaining it beyond the request or using it to train models.
• Cloud hosting and storage — with processing infrastructure in the European Union and the United States.
• Crash and performance reporting — anonymous diagnostics only.
• Payments — handled entirely by Apple (App Store) and Google (Play Store); Lookz never receives your card details.

Uploaded selfies and reference photos: stored in your private in-app library and retained until you delete them inside the app or delete your account. During each generation they are shared with our third-party AI provider over a one-hour signed link and are not retained by that provider beyond the request.

Generated previews: kept until you delete them or delete your account.

Account information: deleted within 30 days of account deletion, except where retention is required by law (for example, transaction records for tax). Anonymous usage data may be retained indefinitely.

In the unlikely event of a data breach that affects your personal data, we will notify you and the relevant supervisory authorities within 72 hours of becoming aware, per GDPR Article 33.

Lookz uses processing infrastructure in the European Union and the United States. Where required, standard contractual clauses and equivalent approved mechanisms are used to protect personal data on transfer outside the EEA and the UK.

Lookz is the data controller for your personal data. Contact details are in section 17.

We may update this policy as the product evolves or the law requires. Material changes will be flagged in the app and on this page. The "Last updated" date at the top of the page always shows when the current version took effect.

Privacy questions, support, or anything else: lookzteam@gmail.com

Lookz