Privacy Policy
Last updated: 14 July 2026
LOOKSMAXBRO scores your face on your iPhone. There is no account, no login, and no LOOKSMAXBRO server — so your photos are never uploaded, because there is nowhere to upload them to. They sit in the app's encrypted private storage, are left out of your iCloud backup, and leave your phone only if you tap Share.
What does leave your phone, automatically, is anonymous product analytics: how far you got through the app, and a rounded bucket of your score. No photo, no facial map, no name, no email — we don't have those to send. Everything below says the same thing in more words, and names the exact events.
This policy explains what the LOOKSMAXBRO iOS app (the "App") collects, what it does with it, and what choices you have. The App is operated by LOOKSMAXBRO ("we", "us"). By using the App you agree to this policy.
1How the App is built — and why that is the policy
Most face-scoring apps work by sending your selfie to a server, scoring it there, and sending a number back. LOOKSMAXBRO does not. The scoring model is compiled into the app and runs on your iPhone's own Neural Engine, through Apple's Vision and Core ML frameworks.
The App contains no network client of our own. There is no LOOKSMAXBRO API, no backend, no cloud storage, and no account system. You can put the phone in airplane mode and the scan still works — that is the simplest way to check that we are telling the truth. Everything in this policy follows from that one architectural fact.
2What we collect
Photos of your face
The App takes two photos per scan — front and side — using your front camera. It does not read your photo library at all (iOS would have to ask your permission for that, and the App never does).
Your photos are saved on your device only, inside the App's private sandbox storage, with Apple's full file protection (encrypted, and unreadable while the phone is locked). They are:
- never uploaded to us or to anyone else;
- never written to your camera roll;
- excluded from your iCloud and iTunes device backup, so they do not travel to a new phone either;
- never used to train our model, and never sold;
- kept until you erase them in Settings, or delete the App (see section 7).
The App keeps your scan photos so it can show you your Progress gallery and your before / after comparison. They are not "processed and discarded" — they are stored, on your phone, for you.
Your face scan
To score a face the App measures it. On device, and only on device, it computes: a face bounding box, a 76-point landmark map (eyes, brows, nose, lips, jaw contour), your head pose, an image-quality score, and — on Face ID-capable iPhones — a coarse depth sample. (The depth sample is there to tell a real face from a photograph of one. In the current build it is measured but not yet enforced, so it does not reject anything.)
None of that is stored. The landmarks, the pose, the depth samples and the model's raw output exist in memory for the second it takes to compute your score, and are then gone. Nothing resembling a faceprint is saved, and none of it is ever transmitted.
Face data, plainly stated
Because some laws treat measurements of a face as a special category, we will be precise rather than reassuring. The App does measure the geometry of your face — that is literally what a face-scoring app does, and any app in this category that tells you otherwise is not being straight with you. What matters is what happens next:
- we do not perform facial recognition — we never attempt to identify you, match you against anyone, or link your face to a name;
- we do not create or store a faceprint, biometric template, or any durable representation of your face;
- the measurements are not stored, not transmitted, and not shared with any third party;
- they are used for exactly one thing: producing your score, on your device.
Your scores and your answers
Stored locally on your device: your Overall and Potential scores, the eight metric scores, scan dates, your daily check-ins, your streak, and the optional answers you gave in the onboarding quiz (your goal, your self-rating, and your age if you chose to enter it). None of this is sent to us.
One honest detail: unlike your photos, this local database is included in your own iPhone backup, so if you back up your phone to iCloud, your scores and check-ins go into that backup. That backup is Apple's, is encrypted, and belongs to you — we have no access to it and never see it. It is how your history survives a new phone.
Product analytics
This is the one thing that automatically leaves your device. We use Amplitude to understand whether the App actually works — where people get stuck, whether anyone comes back for a second scan. It is anonymous: there is no account, so there is no name, email, or phone number to attach to it.
Here is every event the App sends, and everything it carries:
| Event | What it carries |
|---|---|
| Onboarding & quiz | That you started onboarding and finished the quiz. Your answers are not sent — not your age, not your goal, not your self-rating. |
| Scan completed | Your lifetime number of scans (1, 2, 3…). Never the photo, never the landmarks. |
| Score distribution | Your Overall rounded into a half-point bucket (e.g. "6.5–7.0"), so we can see the spread of scores the model actually produces and check it is calibrated. |
| Re-scan delta | How much your score changed between two scans (e.g. +0.3). |
| Scan refused | That a scan was rejected and the reason category ("no face", "bad pose", "too dark"). No measurements of your face are attached. |
| Liveness | A one-word verdict on whether the depth check thought it was seeing a live face. The measurements behind it stay on your phone. |
| Scorer fallback | Whether the main model failed and a simpler one had to score instead, and why. |
| Paywall & purchase | Which paywall you saw and which plan was bought. Never any payment detail — we never receive one. |
| Check-in, streak, notifications, time-lapse | Counters: how many habits you ticked, how long a streak ran, whether you allowed notifications, whether you opened a reminder, how many frames were exported. |
| Screen views & sessions | That you reached your results screen, and when an app session started and ended (the Amplitude SDK records the latter automatically). |
No photo, no landmark, no facial measurement, and no image data of any kind is ever attached to an analytics event. The App does not have the code to do so.
Amplitude does attach a random device identifier (derived from Apple's "identifier for vendor", which is scoped to us, is not the advertising ID, and resets when you delete the App), plus the App version, your device model, OS version and language. We have switched off Amplitude's IP-address and location lookup, so no location — not even a city — is collected.
Purchases
Subscriptions are sold and processed by Apple through the App Store. Apple tells the App whether you have an active subscription; that is all we learn. We never see your Apple ID, your card, or your billing address.
3What we never collect
- No name, email address, phone number, or password — there is no account.
- No advertising identifier (IDFA). The App shows no ads and contains no ad SDK.
- No tracking of you across other apps or websites. iOS never shows you the "Allow tracking?" prompt for LOOKSMAXBRO, because there is nothing to allow.
- No location — not precise, not approximate, not by IP.
- No contacts, microphone, health data, or photo library access.
- No sale of personal data, to anyone, ever.
4Who else is involved
Two companies, and neither of them ever receives your face:
- Apple — distributes the App, processes subscriptions, and provides the on-device Vision and Core ML frameworks the scan runs on (these run locally; nothing is sent to Apple to score your face).
- Amplitude — product analytics, as itemised in section 2. Amplitude never receives photos, landmarks, facial measurements, or anything that identifies you.
That is the complete list. There is no crash reporter, no attribution SDK, no advertising network, no remote config service, and no third-party AI provider — because the model is on your phone.
5When your photo does leave your phone
Only when you send it. There are exactly two ways:
- The Compare card. Your before/after card, which you can share. Your photo is switched off by default — the card shows only your numbers unless you deliberately turn your face on.
- The time-lapse. A video of your scans over time. It is your face by definition, so there is no "off" switch — it simply never leaves the device until you tap Share and choose where to send it.
In both cases iOS hands the file to whichever app you pick. Once you have sent it somewhere, that destination's rules apply, not ours.
6How we use what we collect
- To produce your score and your metric breakdown (on your device).
- To build your Glow Cycle plan, your check-ins, your streak, and your progress history.
- To unlock what you have paid for.
- To understand, from anonymous aggregate analytics, whether the App works — and to fix it when it doesn't.
- To send you the local reminders you have allowed (see section 9).
We do not use your photos or your scores to train our model. The model is trained on public research datasets before the App ships, and it does not learn from you — your face never becomes training data for anything.
7Keeping and deleting your data
Your photos, scores and history stay on your phone for as long as you keep them. We hold no copy, so there is nothing for you to ask us to delete — and nothing we could hand over if someone demanded it.
You have two ways to erase everything:
- In the App: Settings → Erase all data. This permanently deletes every photo, scan, score, check-in and streak from your device. It cannot be undone.
- Delete the App: iOS removes the App's entire sandbox with it — photos and database included.
Neither of these cancels an App Store subscription. Cancel that in your Apple account settings (Settings → your name → Subscriptions).
Anonymous analytics events already sent cannot be traced back to you and therefore cannot be individually deleted; they are retained in aggregate for as long as they are useful for improving the App. Apple keeps purchase records under its own policies and for as long as tax law requires.
8Your rights
Depending on where you live (for example, under the GDPR or the CCPA) you may have rights to access, correct, export, or delete the personal data a company holds about you, and to object to its processing.
In our case the honest answer is that we hold almost nothing to give you: no account, no name, no email, no photos, no server-side profile. Your data is in your hands, on your device, and section 7 is your delete button. If you believe we hold something about you and you want it, or you simply want to ask, write to support@looksmaxbro.com and we will answer.
9Notifications
Reminders are generated on your phone, by the App, from your own cycle. We do not use push servers, we have no push token, and we cannot send you anything remotely — if the App reminds you to check in, it is because your phone decided to, not because we did. You can turn them off in iOS Settings at any time.
10Children
LOOKSMAXBRO is rated 16+ and is not directed at children. You must be at least 16 to use the App. Do not scan the face of anyone under 16. If you believe a child has used the App, delete it — that removes everything, because everything is local.
11Security
Your photos are stored with Apple's complete file protection: encrypted at rest and unreadable while your device is locked. The strongest security property of this App, though, is not a control we implemented — it is that we never receive your face in the first place. There is no database of user photos to breach, because there is no database of user photos.
12Changes
If we change this policy we will update the date at the top. If we ever change the App so that it sends more than what section 2 lists — a backup service, a cloud feature, anything that carries your face off the device — we will say so clearly in the App before it happens, not quietly in a document you have already read.
13Contact
LOOKSMAXBRO — support@looksmaxbro.com. We answer privacy questions from a human.