Effective date: April 18, 2026 · Last updated: April 18, 2026
This Privacy Policy describes how Free Looksmaxx AI ("we", "us", or "our") collects, uses, shares, and protects information when you use our mobile application (Android package com.looksmaxx.app) and our website at looksmaxxing-f025c.web.app (collectively, the "Service"). This policy applies to both authenticated users and guest visitors.
Photos. When you use the scoring feature, you upload a facial photo (from your camera, gallery, or paste). Photos are processed for analysis as described in section 4.
Account information (optional). If you sign in with Google or email, we receive your email address, display name, and profile photo from the identity provider. You can use the Service as a guest without an account.
Self-reported gender. Optionally provided to improve the accuracy of tier labels.
Feedback. If you submit in-app feedback or rate the app, we receive the content you enter and a page identifier.
Information collected automatically
Guest identifier (IP-based). When you use the Service as a guest, we assign you an anonymous identifier derived from your IP address (anon_<ip>) so we can apply rate limits and — if you choose to save — associate analyses with a persistent identifier. We do not attempt to re-identify you from this value.
Usage analytics. Page views, feature usage, errors, and conversion events via Firebase Analytics and Google Analytics for Firebase. Used in aggregate to improve the Service.
Traffic source. UTM parameters and HTTP Referer at landing, to understand which ads and referrers brought you to the Service.
Approximate location. We derive country and city from your IP address (via a third-party IP geolocation service) for analytics. We do not collect precise GPS location.
Affiliate link clicks. When you tap an Amazon product link inside the Service we log the product, category, and timestamp so we can report on which recommendations are helpful.
2. How we use your information
Provide the core scoring feature (analyze your photo, return a score and tips).
Maintain your score history if you have an account.
Detect and prevent abuse (rate limiting, fraud, spam).
Improve the Service, prioritize new features, and diagnose errors.
Measure the effectiveness of advertising campaigns.
Communicate product updates, security notices, or respond to support requests.
We do not sell your personal information. We do not use your photos to train AI models, and we do not share your photos with advertisers.
3. Who we share data with
We share data only with service providers that help us operate the Service, and only to the extent needed:
Google Firebase (Authentication, Hosting, Analytics) — maintains user accounts and captures aggregate analytics. Subject to Google's privacy terms.
Amazon Web Services (Lambda, S3, DynamoDB) — hosts our API, stores photos you save, and stores analysis records. Subject to AWS's privacy terms.
Anthropic (Claude Vision API) — receives your photo temporarily to produce an analysis. Anthropic does not train on our API traffic. See Anthropic's privacy policy.
Amazon Associates — when you tap affiliate links, Amazon receives the click through their standard tracking. Purchases on Amazon are governed by Amazon's privacy notice.
freeipapi.com — receives IP addresses to return approximate geolocation for analytics.
We do not share data for cross-context behavioral advertising.
4. AI processing & photos
Where photos go. Your photo is sent over HTTPS to our AWS Lambda function, which forwards it to Anthropic's Claude Vision API for analysis. The analysis result (numeric scores + text descriptions) is returned to the app.
When we keep photos. If you are signed in and your device requests to save the result, we upload the photo to a private Amazon S3 bucket linked to your account. Guests' photos are not permanently stored on our servers; they pass through Lambda in memory only.
What AI does with photos. Claude performs a one-off vision inference. Per Anthropic's API policy, API inputs are not used for model training.
No biometric identification. We do not run face-recognition matching against any database. Photos are scored as a single image; no identity matching happens.
5. Data retention & deletion
Photos (guests): discarded at the end of the API call (not persisted).
Photos (signed-in users who save a result): retained until you delete the analysis or your account.
Analysis records: retained as long as the associated photo — deleted together.
Analytics & traffic logs: retained up to 26 months (Firebase/Google Analytics default), then deleted or aggregated.
Feedback: retained up to 24 months.
How to delete your data:
Signed-in: open History, swipe / tap the trash icon on any analysis to delete it. To delete your entire account and all stored data, email us at the address below.
Guests: because guest analyses are stored against an IP-based identifier (no personal info), we cannot locate individual records from user request. If you saved an analysis while guest-mode, email us the approximate date/time and we will remove it.
All traffic between the app/website and our servers is encrypted in transit with TLS 1.2+ (HTTPS).
Photos saved to S3 are stored in a private bucket; access is granted through short-lived pre-signed URLs (7-day expiry) tied to your account.
Accounts authenticate via Firebase Authentication with Google-hardened token issuance.
We apply least-privilege IAM roles on our AWS Lambda functions and DynamoDB table.
No security system is perfect — please notify us immediately if you discover a vulnerability.
7. Children's privacy
The Service is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. The app includes an age-gate flow and a general-wellness mode with limited analysis for users who self-identify as minors. If you believe a child has submitted personal information to us, please contact us and we will delete it promptly.
8. Your rights (GDPR / CCPA)
Depending on your jurisdiction you may have the right to:
Access the personal information we hold about you;
Request correction or deletion of your data;
Object to, or restrict, certain processing activities;
Receive your data in a portable format;
Opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising; this right is automatically honored);
Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at the address in section 10. We will respond within 30 days.
9. Changes to this policy
We may update this policy to reflect changes to the Service or to our legal obligations. When we do, we update the "Last updated" date at the top. For material changes, we will notify signed-in users by email or an in-app notice before the change takes effect.
10. Contact us
Data controller: Free Looksmaxx AI (Miguel Hulyalkar, sole operator)