Privacy Policy for Loru: Looksmax AI Face Rating
Last updated: May 22, 2026
This Privacy Policy describes how Loru ("the App", "we", "us", or "our"), operated by Oleksandr Tretiakov ("the Developer"), collects, uses, and shares information when you use the Loru: Looksmax AI Face Rating mobile application.
By using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.
1. Information We Collect
1.1 Facial Photographs (Face Data)
The App collects photographs of your face that you voluntarily provide through:
- Your device's camera, or
- Your device's photo library
What this data is: Standard photographic images (e.g., JPEG/HEIC files) that contain your face. We do not collect, generate, or store any biometric identifiers, faceprints, face embeddings, ARKit face tracking data, or facial recognition templates. We do not attempt to identify you from the photo.
How it is collected: Only when you actively choose to take a photo or select one from your library and tap the "Analyze" button after providing explicit consent.
1.2 Account Information
If you choose to sign in, we use Sign in with Apple. We receive only the data Apple provides:
- A unique anonymous user identifier
- Optionally, your name and email (you can choose to hide your real email via Apple's private relay)
We do not receive your Apple ID password or any other personal information from Apple.
1.3 Purchase Information
When you purchase a subscription or a lifetime purchase, the transaction is processed by Apple through the App Store. We do not receive or store your payment card details. We use RevenueCat to manage and verify your subscription status (see Section 3).
1.4 Analytics and Crash Data
We collect anonymous analytics and crash reports to improve the App, including:
- App usage events (screens viewed, features used, buttons tapped)
- Device type, operating system version, app version, language
- Crash logs and performance data
- Anonymous device identifier (IDFV)
This data is not linked to your real identity and is used solely to improve App stability and user experience.
1.5 Locally Stored Data
Your history of face ratings (previous photos and their analysis results) is stored only on your device. We do not upload, sync, back up, or transmit this history to our servers or to any third party. If you delete the App, this history is permanently deleted along with it.
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Facial photographs | Sent to OpenAI for one-time AI analysis to generate a rating and recommendations |
| Apple Sign In identifier | Authenticate you and link your purchases to your account |
| Purchase data | Verify subscription/lifetime purchase status and unlock paid features |
| Analytics & crash data | Improve App performance, fix bugs, understand feature usage |
| Local rating history | Allow you to view your past results on your device |
We do not use your data for:
- Advertising or marketing profiling
- Training AI models (ours or anyone else's)
- Selling to third parties
- Identifying you outside the App
3. Third-Party Services
The App uses the following third-party services. Each provides protection of your data equivalent to what is described in this Privacy Policy.
3.1 OpenAI (AI Analysis)
What is shared: Your facial photograph. Purpose: AI-powered face rating and aesthetic analysis using OpenAI's large language model with vision capabilities. How it is shared: The photo is transmitted directly from the App to OpenAI's API over an encrypted HTTPS connection. We do not store the photo on our own servers before, during, or after the transmission.
OpenAI's data handling (per their official policy):
- OpenAI retains API inputs and outputs for up to 30 days for abuse monitoring, after which the data is automatically deleted, unless OpenAI is legally required to retain it longer.
- Data submitted via the OpenAI API is not used to train OpenAI's models.
- Access to API data within OpenAI is limited to authorized personnel and specialized contractors bound by confidentiality obligations, solely for the purpose of reviewing potential abuse and ensuring legal compliance.
OpenAI's privacy policy: https://openai.com/policies/privacy-policy OpenAI's enterprise privacy commitments: https://openai.com/enterprise-privacy/
You must consent before any photo is sent. The App displays a clear consent screen before transmitting any image to OpenAI. You can decline, in which case no photo is sent.
3.2 Apple (Sign In with Apple, App Store)
Used for authentication and purchase processing. Governed by Apple's Privacy Policy: https://www.apple.com/legal/privacy/
3.3 RevenueCat (Subscription Management)
What is shared: Your anonymous user identifier and purchase events. Purpose: Manage subscription status, verify entitlements, and prevent fraud. Privacy policy: https://www.revenuecat.com/privacy/
3.4 Firebase (Analytics & Crash Reporting)
What is shared: Anonymous usage events, device info, crash logs. Purpose: Analytics and crash diagnostics. Privacy policy: https://firebase.google.com/support/privacy
4. Data Retention
| Data | Where Stored | Retention Period |
|---|---|---|
| Facial photographs | Not stored by us; sent to OpenAI | We: 0 seconds. OpenAI: up to 30 days for abuse monitoring, then deleted |
| Rating history | Locally on your device | Until you delete it or uninstall the App |
| Apple Sign In identifier | RevenueCat (linked to purchases) | Until account deletion request |
| Purchase records | Apple, RevenueCat | As required by law and Apple's policies |
| Analytics & crash data | Firebase | Up to 14 months (Firebase default) |
5. Your Rights and Choices
You have the right to:
- Withdraw consent at any time by not using the AI rating feature.
- Delete your local history by clearing it within the App or uninstalling the App.
- Request deletion of any data associated with your Apple Sign In account by contacting us at the email below.
- Access information we hold about you.
- Object to or restrict certain processing.
Depending on your jurisdiction (e.g., GDPR for the EU/UK, CCPA for California), you may have additional rights, including the right to lodge a complaint with a data protection authority.
To exercise any of these rights, contact: alextretyakov001@gmail.com
We will respond within 30 days.
6. Children's Privacy
The App is not intended for children under the age of 13 (or under the minimum age required in your country). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
7. Data Security
We use industry-standard security measures to protect data in transit:
- All communication with OpenAI, RevenueCat, Firebase, and Apple uses HTTPS/TLS encryption.
- API keys and credentials are not exposed in the client application.
- Locally stored rating history is protected by your device's standard sandboxing.
No method of transmission over the internet is 100% secure, but we take reasonable steps to protect your data.
8. International Data Transfers
OpenAI, RevenueCat, Firebase, and Apple may process data in the United States or other countries. By using the App, you understand that your data may be transferred to and processed in countries other than your own. These providers offer protections equivalent to those described in this Privacy Policy and comply with applicable international transfer mechanisms (e.g., Standard Contractual Clauses for GDPR).
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date above and, where appropriate, through an in-app notice. Continued use of the App after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact:
Oleksandr Tretiakov Email: alextretyakov001@gmail.com
This Privacy Policy is provided in English. If you require a translation, please contact us.