Privacy Policy

Who we are

Lookr ("we", "us") is an iOS app that helps you detect and replace risky details in photos before you share them. Lookr is operated from Germany by Savas Koc.

Data we collect

Lookr does not require an account. The app collects only what's needed to work and to keep getting better.

1. Anonymous usage analytics (TelemetryDeck)

We use TelemetryDeck to measure anonymous events - such as app launches, scans started, scans completed, and feature taps - so we can understand how the app is used and where it can improve. TelemetryDeck is designed to be privacy-first: it does not collect IP addresses, and user identifiers are derived using a one-way hash. See TelemetryDeck's privacy policy.

2. Subscription and purchase data (RevenueCat)

When you start a free trial or buy a subscription, Apple handles the payment. We use RevenueCat to validate App Store receipts and track subscription status so that your entitlements work across your devices. RevenueCat receives an anonymous app user ID generated on your device, along with subscription metadata. It does not receive your name, email, or payment details. See RevenueCat's privacy policy.

3. AI processing (Google Gemini via OpenRouter and AIProxy)

When you scan a photo, the image is sent to Google Gemini to detect risky regions and generate replacement content. Requests leave your device through AIProxy, which protects our API credentials and forwards the request without linking it to your identity, and are then routed by OpenRouter to Google Gemini. Google processes the image to produce the result and, under the Gemini API terms for paid usage, does not use it to train its models. See AIProxy's privacy policy, OpenRouter's privacy policy, and Google's Gemini API terms.

4. Photos you import

Photos you pick from your library are loaded into the app to be scanned and cleaned. The original and cleaned versions of each scan are stored locally on your device (inside the app's sandbox) so you can revisit your history. They are not uploaded to any server we control. Deleting a scan from your history removes it from your device.

Face data

Lookr does not perform facial recognition, identity verification, face matching, or biometric template extraction. The app does not build, maintain, or query any database of faces or faceprints, and it never associates a face with a person's identity.

When you scan a photo, Google Gemini (accessed via AIProxy and OpenRouter, as described above) detects regions in the image that you might want to remove before sharing - for example, license plates, screens, documents, tattoos, or, in some photos, the faces of bystanders. The model returns only the bounding-box coordinates and a category label for each region. Lookr never receives or stores a face template, embedding, faceprint, or any biometric identifier.

Those bounding boxes are used solely to (1) draw selectable region overlays on top of your photo so you can choose what to remove, and (2) for each region you tap to remove, send the relevant portion of the photo back to Google Gemini to generate a replacement patch (inpainting). Lookr makes no other use of any face that may appear in your photo.

No face data is shared with any third party because none is collected. The photo itself is transmitted transiently to Google Gemini through AIProxy and OpenRouter for processing only, and under the paid Gemini API terms is not used to train Google's models. Lookr operates no backend, and no photo, region, bounding box, or any data derived from a face is stored on any server controlled by Lookr. The original and cleaned photos remain on your device until you delete them or uninstall the app - retention on Lookr's side is zero.

How we use your data

• To provide the core feature - scanning and cleaning photos.
• To validate and restore your subscription status.
• To understand which features people use, so we can prioritize improvements.
• To diagnose crashes and fix bugs.

We do not sell your data. We do not use your data for advertising.

Third-party services

Lookr relies on these third-party services to function. Each has its own privacy policy, linked below.

• TelemetryDeck - anonymous analytics - privacy policy
• RevenueCat - subscription management - privacy policy
• Google Gemini - AI image analysis and generation - API terms
• OpenRouter - model routing to Gemini - privacy policy
• AIProxy - secure proxy for AI requests - privacy policy
• Apple - App Store purchases - privacy policy

Data retention

Scans you save are kept on your device until you delete them or uninstall the app. Anonymous analytics events are retained by TelemetryDeck for as long as they remain useful for product analysis. Subscription receipts are retained by RevenueCat for as long as needed to manage your entitlements. Photos sent to Google Gemini via AIProxy and OpenRouter are processed transiently to deliver results and are not retained for training.

Children

Lookr is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us data, contact us and we will delete it.

Your rights

Depending on where you live - for example under the EU GDPR, UK GDPR, or California's CCPA - you may have rights to access, correct, export, or delete personal data we hold about you. Because Lookr does not require an account and stores scans on your device, most of these rights you can exercise directly by deleting scans or uninstalling the app. For anything else, email us at s.wie.savas@gmail.com and we'll help.

International transfers

Some of our service providers are based outside the European Economic Area. When data is transferred, those providers use standard safeguards such as Standard Contractual Clauses to protect it.

Changes to this policy

If we make material changes, we'll update the date at the top of this page and, where appropriate, notify you in the app. Continued use of Lookr after an update means you accept the revised policy.

Contact

Questions about privacy? Email s.wie.savas@gmail.com.