This Privacy Policy ("Policy") for LooksLab ("we," "us," or "our") describes how and why we access, collect, store, use, and share ("process") your personal information when you use our services ("Services"), including when you:
Download and use our mobile application (LooksLab) on iPhone
Visit our website at lookslab.de or related domains
Join our waitlist (e.g. via GetWaitlist)
Engage with us in other related ways, including support requests or marketing
Questions or concerns? Contact us at info@lookslab.de. If you do not agree with our policies, please do not use our Services.
2. Table of Contents
3. Summary of Key Points
What we process: Account data, profile data (gender, age, skin type, etc.), facial images for analysis, chat messages, usage data, and payment data (when applicable via RevenueCat).
Facial images: Images are processed locally on your device or temporarily via our Edge Functions for analysis. No images are stored on our servers. Only the resulting numerical scores, metrics, and ratios are stored in our database. We do not use facial images to train AI models or for marketing.
Consent and user confirmation: Before analysis, users must confirm they either use their own face photo or have explicit permission, and must consent to facial image and derived-data processing.
Intended use: LooksLab is designed for personal self-improvement and self-care insights. It is not intended for judging or rating other people.
Face Harmony: Facial landmark analysis runs on your device (MediaPipe). Only the resulting numerical scores and metrics are stored in the cloud. Images remain on your device.
Third parties: We use Supabase (auth, database), third-party AI providers via Supabase Edge Functions (including OpenAI), RevenueCat (payments), and analytics. No images are stored with any third party. We do not sell your data.
Your rights: Access, correction, deletion, data portability, and objection where applicable (GDPR, CCPA, etc.). Contact us at info@lookslab.de to exercise these rights.
4. What Information Do We Collect?
4.1 Information You Provide
Account data: When you sign up (e.g. anonymously via Supabase Auth), we store your user ID and session information.
Profile data: During onboarding or in settings, you may provide: gender, age, skin type, and other preferences to personalize app features. Sensitive data such as ethnicity is processed locally on your device only and is not stored on our servers.
Facial images: Photos you capture for Face Harmony Scan, Skin, Teeth, or Hair analysis. These images are processed locally on your device and not stored on our servers. Only the resulting numerical scores, metrics, and ratios are stored server-side.
Chat messages: Messages you send in the Chat Coach feature.
Waitlist: If you join our waitlist on the website, we receive your email address and any other information you provide via the GetWaitlist widget.
4.2 Sensitive Information
Facial images are processed locally on your device and not uploaded to or stored on our servers. Only the derived numerical analysis results (e.g. scores, proportions, metrics) are stored server-side to provide your scan history, personalized Daily Task Plan, and analysis results. These results are not used for facial recognition, identification, or marketing. We treat this data with heightened care and comply with applicable data protection laws.
Usage data: Screen views, feature usage, paywall interactions (e.g. paywall shown, plan selected, purchase completed) for analytics.
Technical data: IP address, timestamps, and similar identifiers when you use our Services.
5. How Do We Process Your Information?
We process your information to:
Provide Face Harmony, Skin, Teeth & Hair analysis
Create and manage your account
Generate your personalized Daily Task Plan
Store your scan history and analysis results
Power the Chat Coach feature
Process payments and manage subscriptions (via RevenueCat when applicable)
Improve our Services and analytics
Respond to support requests and communicate with you
Legal bases (where applicable, e.g. GDPR): We process your data based on (a) your consent, (b) explicit consent for special category data where applicable (Art. 9(2)(a) GDPR), (c) performance of our contract with you, (d) our legitimate interests (e.g. improving the app, security), or (e) legal obligations.
6. Facial Image & Biometric Processing
Consent flow in app: Before starting analysis, users must explicitly confirm photo authorization (own photo or explicit permission) and accept facial image/derived data processing as described in this policy.
Use limitation: Face data is processed only to deliver personal self-care and self-improvement features to the account owner. It must not be used to judge, harass, or target other people.
When you use our scan features:
Your photos are processed locally on your device and remain there
No images are uploaded to or stored on our servers
Only the derived numerical results (scores, metrics, proportions) are transmitted securely (HTTPS/TLS) and stored in our database
Results are not used for facial recognition, identification, or training AI models
Results are not shared with third parties for marketing or advertising
Used only for your own personal self-improvement features in the app
6.1 Face Harmony Scan
Face Harmony analysis uses facial landmark detection that runs entirely on your device (e.g. via MediaPipe). Only the resulting numerical scores and metrics are stored in our database. Images remain locally on your device.
6.2 Skin, Teeth & Hair Analysis
For Skin, Teeth, and Hair analysis, images are sent to our Supabase Edge Functions (e.g. analyze-skin, analyze-teeth, analyze-hair) for AI-powered analysis. Images are compressed before transmission and are used solely to generate analysis results. After processing, images are not stored on our servers — only the resulting analysis data is saved in our database.
You can delete individual scan results or your entire account at any time. Contact us at info@lookslab.de to request deletion.
7. Feature-Specific Data Processing
7.1 Daily Task Plan
Your Daily Task Plan is generated based on your scan results, profile data, and preferences. The generate-daily-tasks Edge Function processes this data to create personalized recommendations. Task data is stored in our database.
7.2 Chat Coach
The Chat Coach feature sends your messages and context (e.g. goals, session info) to our chat-coach Edge Function. Responses are generated using AI and stored in our database to maintain conversation history.
7.3 Analytics
We track events such as paywall interactions, premium state changes, and feature usage via our analytics-track Edge Function. This helps us improve the app and understand usage patterns. Data is anonymized where possible.
7.4 Payments (RevenueCat)
When you subscribe or make in-app purchases, RevenueCat processes payment and subscription data. We receive subscription status and related identifiers to unlock premium features. We do not store full payment card details.
7.5 App Permissions (iOS)
Our app may request the following permissions:
Camera: To capture scan photos for facial analysis.
Photo Library: To upload images from your gallery.
Notifications (optional): For reminders, updates, and progress notifications.
You can revoke or change permissions at any time in iOS settings. Without camera/photo permissions, some core features are not available.
8. When and With Whom Do We Share Your Information?
We may share information with:
Supabase: Auth and database (hosting of your account, profile, scan results, chat, and analysis data). No images are stored with Supabase. Supabase is a service provider that processes data on our behalf. Privacy policy: supabase.com/privacy.
AI/analysis providers: Our Edge Functions may use third-party AI services (including OpenAI, for example for skin, teeth, hair analysis and chat) as needed to provide the service. Images are processed temporarily to generate analysis results but are not stored permanently. These providers act as processors under our instructions and contractual safeguards, and are required to provide data protection standards that are the same as or equivalent to our own.
RevenueCat: Payment and subscription processing. RevenueCat's privacy policy applies to their processing: revenuecat.com/privacy.
GetWaitlist: If you join our waitlist, your email and related data are processed by GetWaitlist according to their privacy policy: getwaitlist.com/privacy-policy.
Google Fonts: Our website loads webfonts from Google, which may process your IP address. Privacy policy: policies.google.com/privacy.
Cloudflare CDN: Font Awesome assets are loaded via Cloudflare CDN. Privacy policy: cloudflare.com/privacypolicy.
Analytics: Anonymous or pseudonymous usage data to improve the app.
We do not sell your personal information. Face data is shared only with processors required to operate the app features described in this Policy and under contractual safeguards. We may disclose information if required by law, to protect our rights, or in connection with a merger or acquisition.
9. How Long Do We Keep Your Information?
We keep your information for as long as your account is active or as needed to provide the Services. When you delete your account:
Your user profile, scan results, chat sessions, and all related database records are fully deleted
We may retain anonymized or aggregated data that no longer identifies you
Analysis data retention: Numerical analysis results (scores, metrics, proportions) are retained while your account is active to provide scan history and features. Images are not stored on our servers and remain exclusively on your device. If you delete scans or delete your account, all associated results are removed from the database. Backup data is overwritten/deleted in normal operation.
In addition, we generally apply these retention periods:
Waitlist records without confirmed sign-up: deleted within 90 days.
Support requests: deleted or anonymized within 12 months unless legal retention applies.
Analytics events: stored for up to 24 months.
Technical backups: overwritten or deleted within 30 days in normal operation.
You can request deletion of your account and data at any time via the app settings or by contacting us at info@lookslab.de.
10. How Do We Keep Your Information Safe?
We use industry-standard security measures to protect your data, including:
Encryption in transit (HTTPS/TLS)
Secure storage with access controls
Authentication via Supabase Auth
Limited access to personal data by authorized personnel only
No internet transmission is 100% secure. We cannot guarantee absolute security but we take reasonable steps to protect your information.
11. What Are Your Privacy Rights?
Depending on your location, you may have the following rights:
EU/UK (GDPR): Access, rectification, erasure, restriction of processing, data portability, objection, and the right to lodge a complaint with a supervisory authority.
California (CCPA/CPRA): Right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell personal information.
Other regions: Similar rights may apply under local laws (e.g. Australia, Canada).
To exercise these rights, contact us at info@lookslab.de. We will respond within the timeframe required by applicable law. You may also have the right to withdraw consent where processing is based on consent.
Automated decision-making: We do not carry out solely automated decision-making that produces legal or similarly significant effects on you within the meaning of Art. 22 GDPR.
Do-Not-Track: Some browsers offer a "Do Not Track" signal. We do not currently respond to DNT signals, but we limit tracking to what is described in this Policy.
12. Children's Privacy
Our Services are not directed to individuals under 16 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us at info@lookslab.de and we will delete it promptly.
13. International Data Transfers
Your data may be processed in countries outside your residence (e.g. EU data may be processed in the US by Supabase or other providers). We ensure appropriate safeguards (e.g. Standard Contractual Clauses, adequacy decisions) where required by law.
14. Updates to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the latest version. Material changes may be communicated via the app or email. We encourage you to review this Policy periodically.
15. Contact Us
For questions, to exercise your rights, or to report a concern: