Privacy Policy
Looksmaxxing Streak is offline‑first by design. We don't run an account system, we don't store your glow-up data on our servers, and we do not sell your personal information. This policy explains the limited subscription, pseudonymous product analytics, and paid-ad conversion data that can leave your device.
1. Who we are
"Looksmaxxing Streak", "we", "us", and "our" refer to BinaryBears LLC, a limited liability company registered in the State of Wyoming, United States, the developer and publisher of the Looksmaxxing Streak iOS application (the "App").
Contact: privacy@binarybears.com
2. Information stored on your device
Your detailed glow-up data lives exclusively on your iPhone. Only the limited subscription, product-analytics, and advertising-attribution data described in Section 3 leaves your device.
- Profile information you enter during onboarding, including age range, goals, experience level, skin type, and routine preferences.
- Your individual daily ritual completions, full streak history, routine, XP history, and achievements. PostHog receives only your current level and current streak as pseudonymous product properties, not the underlying history.
- Selfies you take through the in‑app camera. They are stored only in your App's private directory and used only for your own progress comparison view. They are never uploaded.
- Your notification preferences.
We do not have a backend server that mirrors this data. Uninstalling the App permanently deletes all of it.
3. Information processed by third parties
The App uses limited third-party services for subscription processing, pseudonymous product analytics, and advertising attribution: RevenueCat, Inc., PostHog Inc., AppsFlyer Ltd., integrated advertising partners including TikTok, and, when enabled, Meta Platforms, Inc. None receives your selfie photos, face scan images, raw face scores, profile answers, or daily completion history. PostHog receives only coarse technical Face Scan status as described below, never images or facial measurements.
3.1 RevenueCat subscription processing
RevenueCat processes subscription receipts on our behalf so we can verify entitlement to premium features.
What RevenueCat receives:
- A randomly generated, pseudonymous app-user ID (UUID) created on your device at first launch. It is not linked to your name, email, or Apple ID.
- Your subscription receipt issued by Apple (which contains the transaction ID, product ID, purchase date, expiration date, and the App Store environment).
- Your AppsFlyer installation ID and Apple's Identifier for Vendor (IDFV), so RevenueCat can send subscription conversion events to AppsFlyer without using IDFA.
- When Meta Ads measurement is enabled, Meta's anonymous app-events ID is shared with RevenueCat so RevenueCat can send subscription conversion events to Meta.
RevenueCat acts as our data processor under a Data Processing Agreement. Their privacy policy is available at revenuecat.com/privacy.
3.2 PostHog product analytics
PostHog helps us understand the conversion funnel: which onboarding steps users reach, where they abandon, which paywall stage they see, and whether purchase or restore attempts succeed, fail, are cancelled, or remain pending. We use this to improve the App's onboarding and paywall, not for advertising or cross-app tracking.
What PostHog receives:
- The same randomly generated app-user ID used by the App. This ID is not your name, email, Apple ID, IDFA, or device advertising identifier.
- Product events such as app launch/background, onboarding step viewed/completed/back/exit candidate, Face Scan started/completed/failed, paywall viewed/plan selected, purchase started/completed/cancelled/pending/failed, and restore started/completed/failed.
- Funnel metadata such as app version, build number, platform, onboarding step name/index/progress, time spent on a step, generated routine count, premium status, current level, current streak, paywall context/stage, selected plan, product ID, and error type.
- Coarse Face Scan process metadata: whether the scan was usable and a confidence bucket. This does not include a photo, facial landmarks, raw scores, assessment answers, or any value capable of identifying you.
What PostHog does not receive from us: age range, skin type, selected goal names or goal count, experience level, daily time budget, routine-time preference, selfie photos, camera images, Face Scan images, raw jawline/skin/symmetry scores, exact assessment answers, contacts, advertising identifiers, or session replay recordings. We disable PostHog autocapture, element-interaction capture, session replay, surveys, and automatic screen-view capture in the App. PostHog's privacy policy and DPA are available at posthog.com/privacy and posthog.com/dpa.
3.3 AppsFlyer and TikTok advertising attribution
AppsFlyer measures app installs, sessions, campaign attribution, and paid conversion performance. It can process an AppsFlyer installation ID, IDFV, IP address and approximate region inferred from it, app and device technical information, event timestamps, and campaign/ad-interaction information. RevenueCat sends AppsFlyer subscription conversion events containing product, price, currency, and transaction timing.
AppsFlyer can share configured attribution postbacks with integrated advertising partners. Our TikTok integration receives app-launch postbacks, including organic launches, and purchase postbacks attributed to TikTok, together with relevant technical and campaign fields. AppsFlyer's Aggregated Advanced Privacy setting limits data shared for iOS users without ATT consent to aggregated, privacy-preserving reporting.
We use AppsFlyer's Strict SDK, which removes IDFA collection and the AdSupport dependency. The App does not request App Tracking Transparency permission. Apple may also send privacy-preserving SKAdNetwork and AdAttributionKit postbacks for aggregate campaign measurement. AppsFlyer's privacy policy is available at appsflyer.com/legal/privacy-policy; TikTok's privacy policy is available at tiktok.com/legal/privacy-policy.
3.4 Meta Ads conversion measurement
When enabled, Meta helps us measure whether Meta advertising campaigns lead to paid conversions. We use Meta for ad conversion measurement, not to upload your glow-up profile or face data.
What Meta can receive:
- A Meta anonymous app-events ID generated by the Meta SDK.
- App activation and technical delivery data such as app version, bundle ID, device model, operating system version, IP address, language/region signals, and event timestamps.
- Standard subscription conversion events sent by RevenueCat, such as Subscribe or Purchase, product ID, price, currency, and event timestamp.
The App does not request Apple's App Tracking Transparency permission, does not access IDFA, and disables automatic Meta purchase logging so subscription revenue is not double-counted. What Meta does not receive from us: selfie photos, camera images, face scan images, raw face scores, display name, date of birth, gender, skin type, selected goals, daily completion history, contacts, precise GPS location, or session replay recordings. Meta's privacy policy is available at facebook.com/privacy/policy.
4. Payment processing
All payments are processed by Apple Inc. through the App Store. We never see your payment method, billing address, or full Apple ID. Apple's privacy practices apply to that transaction: apple.com/legal/privacy.
5. What we do NOT collect
We have intentionally chosen not to collect any of the following:
- Crash reports or device diagnostics collected by us.
- IDFA. The App does not request Apple's App Tracking Transparency permission and does not access the device advertising identifier.
- Retargeting audiences based on your selfies, face scan, profile answers, routine, streak, or daily completion history.
- Session replay, screen recordings, or tap-by-tap element interaction logs.
- Precise GPS location data. AppsFlyer may infer an approximate region from the IP address used to deliver attribution events.
- Contacts, calendar, microphone, or any data outside what you explicitly enter or capture in‑app.
- Email addresses or any login credentials (the App has no account system).
6. Face data
This section specifically and exhaustively describes how the App handles face data, in accordance with Apple App Store requirements.
6.1 What we mean by "face data"
The App processes two kinds of face data:
- Selfie photographs that you choose to capture inside the App.
- Derived facial measurements computed from a selfie: a jawline‑definition score, a bilateral‑symmetry score, and a skin‑tone‑uniformity score (each on a 0–100 scale), together with an image capture‑quality value and a head‑tilt (roll) angle. These are numerical values; they are not a face template, faceprint, biometric identifier, or anything that can be used to recognise or authenticate you.
6.2 How we collect and process it
Face data is created only when you actively take a selfie — either during the optional "Face Scan" step in onboarding (which you may skip entirely) or when you add a weekly photo to the Selfie Journal. The App requests camera access only at that moment. All image analysis is performed entirely on your device using Apple's built-in Vision framework. No selfie, facial landmark, or numerical facial score is ever transmitted off your device; only the coarse, non-identifying scan-status telemetry described in Section 6.5 is sent to PostHog.
6.3 Why we store face data (purpose)
- Selfies are stored so the App can display your own week‑by‑week visual progress in the Selfie Journal. This is the sole purpose.
- Derived measurements are stored once, as a starting baseline captured during onboarding, so your initial self‑assessment reflects your actual features rather than generic defaults.
We do not use face data for advertising, profiling, identification, authentication, or to train any machine‑learning model. We have no other purpose for it.
6.4 How long we store it, and why
Selfie images and numerical facial measurements are stored exclusively in the App's private storage area on your own device, under your sole control. We, the developer (BinaryBears LLC), never receive, transmit, back up, or retain a copy of those images or measurements on any server or in any system of ours.
It remains on your device only for as long as you choose to keep the photos and keep the App installed, because the Selfie Journal's progress‑comparison feature is only useful to you if your earlier photos remain available to you. It is not stored on any server indefinitely or otherwise, because it is never stored on a server at all. You can permanently erase all face data at any moment, and erasure is immediate and irreversible:
- Inside the App: Profile → "Reset All Data", which immediately deletes every selfie and every derived measurement from your device.
- By deleting the App, which causes iOS to erase the App's entire private storage area.
6.5 Sharing with third parties
We do not share selfie photographs, facial landmarks, or derived jawline, symmetry, skin, or quality measurements with any third party. PostHog receives only coarse process metadata indicating whether a Face Scan completed successfully, whether it was usable, and a confidence bucket; this telemetry contains no image, face template, landmark, raw score, or biometric identifier. RevenueCat, AppsFlyer, TikTok, Meta, and any artificial-intelligence service receive no face images or facial measurements.
6.6 No third‑party or cloud AI
The facial analysis in the App is performed entirely on your device using Apple's Vision framework, which is part of iOS. The App does not use, and does not send any data to, any third‑party or cloud‑based artificial‑intelligence service.
7. Camera and photo library
The App requests access to your camera only when you tap "Take Selfie". Captured images are written to the App's private sandboxed directory on your device. They are never read by us, never uploaded, and never shared. You can delete them at any time from within the App. If you choose to export a selfie, the App writes it to your own photo library at your request; we are not involved in that transfer.
8. Notifications
The App schedules local reminders using iOS UserNotifications. These are calendar‑based notifications generated entirely on your device. We do not operate a push notification server. You can disable notifications at any time in iOS Settings → Notifications → Looksmaxxing Streak.
9. Children's privacy
The App is rated 4+ on the App Store, but its content is intended for users aged 16 and over. We do not knowingly collect personal information from children under 13. Onboarding offers only age ranges beginning at 16; users under 16 should not use the App.
10. International data transfers
BinaryBears LLC is based in the United States. RevenueCat, PostHog, AppsFlyer, TikTok, Meta, and Apple operate internationally. If you access the App from outside the U.S. (including the European Economic Area and the United Kingdom), the limited subscription, analytics, and ad-attribution data described in Section 3 may be transferred to and processed in the U.S. or another hosting region used by the relevant provider. We rely on contractual transfer safeguards where required. Selfie images and facial measurements are never transferred because they never leave your device.
11. Your rights
Because we do not maintain user accounts or central records, most personal data lives exclusively on your device under your control. You can:
- Delete all your data at any time from Profile → "Reset All Data" inside the App, or by uninstalling.
- Request access to or deletion of the limited subscription, analytics, and attribution records held through RevenueCat, PostHog, AppsFlyer, TikTok, or Meta by emailing privacy@binarybears.com. We may ask for a locally generated identifier where needed to locate a pseudonymous record.
- Withdraw consent for subscription processing by cancelling your Apple subscription, which will stop further receipts from being generated.
If you reside in the EEA, UK, Switzerland, California, or another jurisdiction with applicable data‑protection law, you also have the right to lodge a complaint with your local data‑protection authority.
12. Legal basis (GDPR)
Where the General Data Protection Regulation applies, subscription-receipt processing is necessary to perform our contract with you (Article 6(1)(b)). For pseudonymous product analytics and advertising attribution, we rely on our legitimate interests (Article 6(1)(f)) in improving the App, measuring campaign performance, and preventing duplicate or fraudulent conversion reporting where permitted by law; where consent is legally required, consent is the applicable basis. We minimize these payloads, exclude sensitive app content, and do not access IDFA. Face images and facial measurements are processed solely on your device under your control and are never received by us.
13. Data retention
Data on your device — including selfie images and facial measurements — persists only until you delete it (Profile → "Reset All Data") or uninstall the App. We hold no server-side copy of that on-device data. Subscription records in RevenueCat are retained for as long as reasonably required to provide purchases and handle accounting, refund, and dispute obligations. Pseudonymous analytics in PostHog and attribution/conversion records in AppsFlyer, TikTok, and Meta are retained according to our workspace settings, the providers' terms, applicable legal requirements, and verified deletion requests.
14. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. We will provide any additional notice required by applicable law.
15. Contact
For any privacy‑related question or request:
BinaryBears LLC
Email: privacy@binarybears.com
Wyoming, United States