Privacy Policy
Effective date: 12 May 2026 Last updated: 12 May 2026
This Privacy Policy explains how the LooksMax mobile application ("LooksMax", "the app", "we", "us", or "our") collects, uses, shares, and protects your information when you use the app. By using LooksMax you confirm that you have read this Policy. If you do not agree with it, do not use the app.
LooksMax is operated by Madni Aghadi (the "Operator"). You can contact us at any time at support@looksmaxapp.com.
1. Summary in plain English
- We never ask for your name, email, phone number, or social profile. You use LooksMax under an anonymous device-bound session.
- We send the two selfies you capture (front and side) to a third-party AI provider so the AI can return a face-rating result. You explicitly consent to this transfer before your first scan.
- The selfies are also stored on our encrypted private cloud storage (only your session can read them) so you can view your scan history later.
- Your scan results, routine completions, and subscription state are stored on our secure application backend.
- Local face-landmark detection runs entirely on your device using your phone's built-in face detection. Those landmarks never leave your phone.
- We do not sell your data, share it with advertisers, or use it to train AI models.
- You can delete all of your data at any time from inside the app (Settings → "Delete my data") or by emailing support@looksmaxapp.com.
The rest of this document is the formal version.
2. Information we collect
We deliberately collect the minimum data needed to run the service.
2.1 You provide directly
| Data | When |
|---|---|
| Two selfie images (front, side) | Each time you run a scan |
| Optional gender selection | During onboarding |
| Routine task completions (which routine items you check off) | When you tap a task as complete |
| Custom routine tasks you add | When you add a task |
2.2 We collect automatically
| Data | Purpose |
|---|---|
| Anonymous device identifier (random UUID, generated locally and stored in your device's Keychain / Keystore) | Identify your session across app launches and reinstalls |
| Locale and language preference | Render the app in your language |
| App version, OS version, device model | Diagnose crashes and compatibility issues |
| App-event timestamps (scan started, task completed, scan opened, etc.) | Service operation and basic anti-fraud (preventing infinite free credits) |
| Subscription receipts and entitlement state from Apple/Google | Verify Pro access |
2.3 Data we do not collect
- We do not collect your name, email address, phone number, or government ID.
- We do not collect your contacts, calendar, microphone audio, exact GPS location, or browsing history.
- We do not embed analytics SDKs that build advertising profiles.
- We do not use facial-recognition templates to identify who you are; the AI returns descriptive scores only.
3. How we use your information
We use your information to:
- Run your face-rating scan and return scores, labels, and a personalised routine.
- Show you your scan history.
- Generate and remember your daily routine and streak.
- Process and verify subscriptions (Pro).
- Prevent abuse of free scan credits.
- Diagnose crashes and improve the app.
- Comply with legal obligations.
We do not use your data for:
- Advertising or marketing profiles.
- Selling or sharing with data brokers.
- Training, fine-tuning, or evaluating AI models (ours or anyone else's).
- Identifying you to other LooksMax users.
4. The selfies: how AI processing works
This section satisfies Apple App Review Guideline 5.1.2(i) (third-party AI disclosure).
When you tap "Run my scan" for the first time, LooksMax presents an explicit consent screen that names the AI services we use. The scan does not start until you tap I agree.
4.1 What happens to each selfie
- The image is captured locally on your device.
- On-device face detection computes face landmarks locally using your phone's built-in face detection. These landmarks never leave your device.
- The image, encoded as a base64 data URL, is sent over HTTPS to our backend.
- Our backend forwards the image to a third-party AI provider for analysis.
- The model returns a JSON object containing scores and labels.
- Our backend returns the result to your app and persists the image (private) and the result for your history.
4.2 Retention
- Selfies and scan history: retained while your account is active. Deleted within 30 days of you tapping Settings → Delete my data (or sooner — usually immediately).
- Anonymous device IDs and basic event logs: retained up to 12 months after your last app open, then automatically purged.
- Subscription receipts: retained for 7 years as required by tax and financial-reporting laws in some jurisdictions.
4.3 Training and re-use by third parties
- We do not use your selfies to train, fine-tune, or evaluate AI models.
- Our AI processing provider's published terms state that requests are not used for training by default and that input data is not used to train models without explicit opt-in. We do not opt in.
- We will update this policy if our provider changes their terms.
4.4 Revoking AI consent
You can revoke AI data-sharing at any time from Settings → Manage AI data sharing. With consent revoked, the scan button is disabled. Existing scan history remains until you separately tap Delete my data.
5. Third parties we share data with
Listed by name so you know exactly where your data goes.
| Category | What they receive | Why |
|---|---|---|
| Third-party AI provider | Selfie images + analysis prompt | Run face-rating inference and return a JSON result |
| Application backend provider | All app data: anonymous user ID, scan results, routine, subscription state | Our application backend and database |
| Object storage provider | Selfie images + result-card images (private bucket) | Encrypted private storage of your scan images |
| Subscription management provider | Anonymous user ID + App Store subscription receipts | Verify Pro entitlement |
| Product analytics provider | Anonymous event logs (no images, no PII): screens viewed, paywall events, scan started/completed counts, scores as numbers. Also: screen-flow recordings with every image and every text field masked so faces and any typed content never leave your device. | Product analytics + masked session replay — understand which screens convert and where users drop off |
| Apple Inc. (when you purchase via App Store) | Standard Apple IAP receipt | Process payment, deliver subscription |
On-device face detection runs locally on your phone using your operating system's built-in vision frameworks. Those frameworks never receive or transmit your data.
We never sell your personal information. We do not share it with advertising networks. On written request to support@looksmaxapp.com we will identify the specific sub-processor names for any of the categories above where you have a legal right to that information (for example, GDPR Article 28 requests).
6. International data transfers
If you use LooksMax from outside the United States or China, your data will be transferred to those countries for processing as described in Section 5. We rely on Standard Contractual Clauses or the receiving party's published terms for these transfers where required by GDPR / UK GDPR.
7. Your rights
We give all users the same rights regardless of where they live.
You may:
- Access the data we hold about your session.
- Delete all your data via Settings → Delete my data in the app, or by emailing support@looksmaxapp.com.
- Withdraw consent to AI data sharing via Settings → Manage AI data sharing.
- Export your scan history on request to support@looksmaxapp.com (we'll send a JSON file).
- Object to processing where lawful.
- Complain to your local data protection authority (EU users: your national DPA; UK users: ICO; California users: California Privacy Protection Agency).
We aim to respond to all requests within 30 days.
7.1 Specific rights for EU / UK users (GDPR, UK GDPR)
- Identity of controller: Madni Aghadi, contactable at support@looksmaxapp.com.
- Lawful basis: Consent (selfie processing) and contract (delivery of the Pro subscription).
- Right to lodge a complaint: with your national supervisory authority.
- Automated decision-making: the AI returns scores. Those scores are informational only and do not produce legal or similarly significant effects on you.
7.2 Specific rights for California users (CCPA / CPRA)
- We do not sell or share your personal information.
- Categories of personal information we collect: photographs and visual content (selfies), identifiers (anonymous device ID), commercial information (subscription state), internet activity (app event logs), and inferences (scan scores).
- Right to know, right to delete, right to correct, right to limit use of sensitive personal information — all exercisable via support@looksmaxapp.com or in-app.
- We do not knowingly collect personal information from California consumers under 16.
8. Security
- All network traffic between the app and our backend services is encrypted in transit using TLS.
- Selfie images are stored in a private bucket. Requests are gated by your session token; no public URLs are issued.
- Anonymous session tokens are stored in your device's secure storage (iOS Keychain, Android Keystore).
- We do not store credit-card numbers or bank details — payments are handled entirely by Apple and Google.
- No system is perfectly secure. If we discover a breach affecting your data, we will notify you and applicable authorities as required by law.
9. Children
LooksMax is not directed to children. We do not knowingly collect data from minors. If you believe a child has used the app, please contact support@looksmaxapp.com and we will delete any data on file.
10. Not medical or diagnostic
LooksMax provides entertainment-grade face-rating scores. The scores are not medical, dermatological, psychological, or cosmetic advice. They are not suitable for, and must not be used for, hiring, dating, lending, insurance, legal, or any other decision-making about an individual.
11. Changes to this Policy
We may update this Policy as the app evolves or laws change. Material changes (for example, a new AI provider, a new category of data, or a change to retention) will be presented to you as an in-app notice the next time you open the app and you will be asked to consent to the changes before continuing.
The Effective date at the top of this document indicates the current version.
12. Contact
For any privacy question, data request, or complaint, write to:
— LooksMax / Madni Aghadi