Privacy Policy
Last updated: June 2026
Summary
LiftLooks generates AI-based physique projections from photos you upload. We collect the minimum data needed to deliver your results: your photo(s) and the stats you enter. We do not sell your data and we do not use your photos to train AI models.
This policy covers both the LiftLooks website and the LiftLooks iOS app. Where they differ, we call it out. The iOS app does not require an account, a name, or an email address to use.
Who we are
LiftLooks is operated from the United States. If you have any privacy question or request, email support@liftlooks.app.
What we collect
- Photos you upload, to generate your transformation.
- Body stats (sex, age, height, weight, training experience, goal).
- A device-generated app user ID (iOS). The app assigns an anonymous identifier to track your token balance and purchases. It is not linked to your name, email, or Apple ID.
- Email address (website only) for receipt delivery and sending your results. The iOS app does not collect your email.
- Purchase metadata. On iOS, purchases are made through Apple In-App Purchase and managed via RevenueCat; we receive a transaction/product identifier and your anonymous app user ID, never your card details. On the website, payment is handled by Stripe and we receive only a Checkout session id — card numbers never touch our servers.
- Basic request metadata (IP, timestamp, user agent) for rate limiting and abuse prevention.
How we use it
- To generate your transformation images.
- To email your results and your receipt.
- To detect abuse, fraud, or policy violations.
- To fulfill legal obligations (tax, law-enforcement requests we are compelled to honor).
Sub-processors
We share the minimum data required with these vendors:
- Supabase — stores your photos and session row (private bucket, signed URLs).
- fal.ai — our primary image-generation provider. Your photo is sent to fal.ai to render your transformation. fal.ai's handling of your data is governed by its own privacy policy.
- Google Gemini API — fallback image-generation provider, used when the primary provider is unavailable. Outputs may carry Google's SynthID watermark.
- Apple In-App Purchase (iOS) — processes payment for token purchases.
- RevenueCat (iOS) — manages purchases and entitlements. Receives your anonymous app user ID and purchase records.
- Stripe (website) — processes payment. We receive only a Checkout session id.
- Resend (website) — sends your results email.
- Vercel — hosts and routes traffic.
- Google Cloud Vision — moderates uploaded images for safety. Photos are sent for content classification only.
AI & photo processing
To produce your projection, your uploaded photo is sent to a third-party AI image-generation provider — primarily fal.ai, with Google's Gemini API used as a fallback. Before generation, your photo is also screened by Google Cloud Vision for content safety.
Face data. Your uploaded photo may include your face. LiftLooks does not perform facial recognition and does not create, derive, or store a faceprint, face template, or any other biometric identifier. Your face is processed only as part of the image used to generate your physique projection, and only by the providers named above for that purpose — never to identify you, and never for advertising or profiling. We do not use your face data to train any model of our own.
LiftLooks does not use your photos to train any model of its own. For the Google Gemini API, Google states that paid-tier prompts and outputs are not used to train Google models. fal.ai's use of submitted data is governed by its own privacy policy; we do not authorize use of your photos to train models, but you should review fal.ai's terms for details on how it handles input and output data.
We only share your photo with the providers named above, and only to generate your results. Each is bound by its own terms and data-protection commitments to handle your data with protections comparable to those described in this policy, and we do not authorize them to use your photo for any other purpose.
Projections are estimates. They are not a prediction, diagnosis, or medical recommendation.
Retention
- Photos and generated images. We keep your uploaded photo and generated images so you can access your results, and you can delete them at any time — see “Your rights & data deletion” below. On the iOS app your results are also saved on your device until you remove them there. We don't keep data longer than we need to provide the service.
- Abandoned / unpaid sessions (no purchase made): purged within 7 days.
- Email + payment records: retained as long as required for tax/accounting (typically 7 years).
Your rights & data deletion
You can request access to or deletion of your data at any time by emailing support@liftlooks.app. We respond within 30 days. If you're in the EU/UK, you have rights under GDPR; if you're in California, under CCPA/CPRA. We honor those requests.
iOS app: the app does not create an account, so there is nothing to log into. To delete your uploaded photos and generated images, email us from any address and include the app user ID shown in the app's Profile screen. We will delete all data associated with that ID. Website: include your session id or the email used at checkout.
Age restriction
LiftLooks is for people aged 17 and over only. We do not knowingly collect data from anyone under 17. If you believe someone under 17 has used the service, email us and we'll purge the data.
Security
Data in transit is TLS 1.2+. Uploaded photos are stored in a private Supabase bucket and served via short-lived signed URLs. We apply rate limiting, content moderation, and deny-all database access for unauthenticated clients.
Changes
If this policy changes materially we'll update the date above and, where required, notify recent customers by email.