Lookism

Legal

Privacy Policy

Last updated: February 8, 2026

1. Introduction

Lookism (“we,” “us,” or “our”) is operated by a company registered in France. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the “Service”). We serve users globally, with a primary focus on users in the United States.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address used for authentication. We use passwordless sign-in; we do not collect passwords.
  • Payment information: Processed entirely by Stripe, Inc. We never receive or store your credit card number, Apple Pay, or Google Pay credentials.

2.2 Biometric Data (Face Photos)

When you use our face scan feature, you submit a facial photograph for analysis. Important:

Illinois Residents (BIPA Notice): We collect biometric information (facial geometry) solely for the purpose of providing you with a facial analysis. This data is processed transiently and not stored beyond the analysis session. By using the face scan feature, you consent to this limited collection and processing. You may request deletion of any associated data by contacting us at privacy@lookism.xyz.

2.3 Automatically Collected Information

  • Device information: Device type, operating system version, and a randomly generated device identifier (not tied to hardware IDs).
  • Usage data: Features accessed, scan frequency, and app interaction patterns (anonymized and aggregated).
  • Error reports: Crash logs and performance data via Sentry for service improvement.

2.4 Information We Do NOT Collect

  • Location data
  • Contacts or address book
  • Microphone or camera access beyond the face scan
  • Browsing history
  • Data from other apps on your device

3. How We Use Your Information

  • To provide and maintain the Service, including facial analysis
  • To generate personalized improvement plans based on your scan results
  • To process payments via Stripe
  • To send transactional emails (verification codes, receipts)
  • To improve and optimize the Service
  • To prevent fraud and abuse

We do not sell your personal data. We do not use your data for targeted advertising. We do not share your data with data brokers.

4. Data Sharing

We share data only with the following service providers:

  • Amazon Web Services (AWS): Cloud hosting and data storage (US-East-1 region)
  • Stripe: Payment processing
  • Sentry: Error monitoring (anonymized)

We may disclose information if required by law, regulation, or legal process.

5. Data Retention

  • Scan results and plans: Retained while your account is active
  • Account data: Retained until you request deletion
  • Payment records: Retained for 7 years as required by French tax law

6. Your Rights

6.1 For All Users

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data in a portable format

6.2 EU/EEA Residents (GDPR)

Under the General Data Protection Regulation, you have additional rights including:

  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority (in France: CNIL)

Legal basis for processing: We process your data based on (a) your consent for biometric data, (b) performance of a contract for account and service data, and (c) legitimate interests for security and service improvement.

6.3 California Residents (CCPA/CPRA)

Under California law, you have the right to:

  • Know what personal information is collected and why
  • Request deletion of your personal information
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your privacy rights

Categories of personal information collected: Identifiers (email), biometric information (processed transiently), internet/electronic activity (usage data), commercial information (purchase history).

6.4 Illinois Residents (BIPA)

We collect biometric identifiers (facial geometry) solely for transient processing to deliver our facial analysis service. This biometric data is:

  • Not stored beyond the analysis session
  • Not sold, leased, or traded
  • Not used for any purpose other than providing your analysis
  • Protected by industry-standard security measures during transmission

7. Data Security

We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, and access controls via AWS IAM. However, no method of transmission over the Internet is 100% secure.

8. International Data Transfers

Your data is processed in the United States (AWS US-East-1). For EU/EEA users, data transfers are protected under Standard Contractual Clauses (SCCs) as provided by our service providers.

9. Children’s Privacy

The Service is not directed to children under 16. We do not knowingly collect data from children under 16. If you believe we have collected data from a child, contact us at privacy@lookism.xyz.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy with an updated date and, where appropriate, notifying you via email.

11. Contact Us

For privacy inquiries or to exercise your rights:
Email: privacy@lookism.xyz
Data Protection Officer: privacy@lookism.xyz
Supervisory Authority (EU): CNIL (Commission Nationale de l’Informatique et des Libertés), France