Privacy Policy

Last updated: April 2026

Summary

LiftLooks generates AI-based physique projections from photos you upload. We collect the minimum data needed to deliver your results: your photo(s), the stats you enter, and your email. We do not sell your data and we do not use your photos to train AI models.

Who we are

LiftLooks is operated from the United States. If you have any privacy question or request, email support@liftlooks.app.

What we collect

• Photos you upload (front, optionally side and back).
• Body stats (sex, age, height, weight, training experience, goal).
• Email address for receipt delivery and sending your results.
• Payment metadata (amount, country, Stripe session id). Card numbers never touch our servers — they're handled by Stripe.
• Basic request metadata (IP, timestamp, user agent) for rate limiting and abuse prevention.

How we use it

• To generate your transformation images.
• To email your results and your receipt.
• To detect abuse, fraud, or policy violations.
• To fulfill legal obligations (tax, law-enforcement requests we are compelled to honor).

Sub-processors

We share the minimum data required with these vendors:

• Supabase — stores your photos and session row (private bucket, signed URLs).
• Google Gemini API — processes your photo to generate projections. Outputs may carry Google's SynthID watermark.
• Stripe — processes payment. We receive only a Checkout session id.
• Resend — sends your results email.
• Vercel — hosts and routes traffic.
• Google Cloud Vision — moderates uploaded images for safety. Photos are sent for content classification only.

AI & photo processing

Your uploaded photo is sent to Google's Gemini image API to produce a projection. Per Google's API terms, paid tier prompts and outputs are not used to train Google models. LiftLooks does not use your photos to train any model of its own.

Projections are estimates. They are not a prediction, diagnosis, or medical recommendation.

Retention

• Photos and generated images: up to 90 days from purchase, then deleted from our storage.
• Abandoned / unpaid sessions: purged within 7 days.
• Email + payment records: retained as long as required for tax/accounting (typically 7 years).

Your rights

You can request access to or deletion of your data at any time by emailing support@liftlooks.app with your session id or the email used at checkout. We respond within 30 days. If you're in the EU/UK, you have rights under GDPR; if you're in California, under CCPA/CPRA. We honor those requests.

Age restriction

LiftLooks is for adults 18 and over only. We do not knowingly collect data from minors. If you believe a minor has used the service, email us and we'll purge the data.

Security

Data in transit is TLS 1.2+. Uploaded photos are stored in a private Supabase bucket and served via short-lived signed URLs. We apply rate limiting, content moderation, and deny-all database access for unauthenticated clients.

Changes

If this policy changes materially we'll update the date above and, where required, notify recent customers by email.