Privacy Policy

1. Introduction

Welcome to Lovi. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (the “App”). If you do not agree with the terms of this policy, please do not use the App.

2. Who We Are & Scope

This policy applies to the Lovi App and websites we operate that link to this policy. For the purposes of privacy laws, we act as the “controller” for personal data we determine the purposes and means of processing for. If we process data solely on behalf of another entity, we act as a “processor.”

3. Information We Collect

• Account & Contact Data: Name, email address, and other details you provide when you create an account, contact support, or subscribe to updates.
• Face Scan / Biometrics-Adjacent Data: Images (and, if applicable, short videos) of your face that you submit for skin analysis. We treat this category with heightened care. We do not use your face data to identify you or for facial recognition. We use it only to analyze skin attributes and generate your skin score and personalized recommendations.
• Derived/Analytical Data: Skin scores, insights, and recommendations that are generated from your submitted images and your in-App activity (e.g., selected routines).
• Technical & Usage Data: IP address, device type, OS version, App version, time zone, logs, crash data, pages/screens viewed, referral data, and session metadata.
• Purchase Data: If you buy premium features, we receive transaction metadata from the app store platform (e.g., Apple App Store). We do not process your full payment card numbers.
• Communications: Messages you send us (e.g., support requests, feedback, email).

4. How We Use Information

• Provide, operate, maintain, and improve the App and its features.
• Analyze face images solely to generate skin scores and personalized routines.
• Personalize your experience, including recommended products or routines.
• Communicate with you about your account, subscriptions, updates, and support.
• Process purchases, subscriptions, refunds, and related account verifications.
• Monitor usage, debug, prevent fraud/abuse, and ensure service security.
• Comply with legal obligations and enforce our Terms.

5. Lawful Basis / Legal Grounds

Where required by law (e.g., GDPR/UK GDPR), we rely on one or more of the following legal bases:

• Consent (e.g., for processing face images you submit for analysis).
• Contract (to provide requested App features and support).
• Legitimate interests (to secure and improve the App, prevent fraud, and understand usage), balanced against your rights and expectations.
• Legal obligations (to comply with applicable law and requests).

6. Sharing & Processors

We do not sell your personal information. We may share information with trusted service providers (“processors”) who help us operate the App and deliver features (e.g., cloud hosting, analytics, crash reporting, email delivery, payment/subscription management). These providers are contractually bound to use your data only on our instructions and to protect it.

If you use cloud analysis features, your face images may be transmitted to and temporarily stored by our processing partners solely to generate your results. We do not allow our processors to use your face data for training their models or for unrelated purposes.

We may disclose data if required by law, to respond to legal requests, or to protect our rights, users, or the public.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, including providing the App, resolving disputes, enforcing agreements, and complying with legal obligations. Face images you submit for analysis are retained only as long as needed to generate your results and provide history features you opt into; you can request deletion at any time (see “Your Rights”).

8. Security

We employ administrative, technical, and organizational measures designed to protect your information. No method of transmission or storage is 100% secure. If we learn of a security incident that affects your data, we will notify you and regulators as required by law.

9. International Transfers

Your information may be processed in countries other than the one in which you reside. Where required, we use recognized transfer mechanisms (e.g., Standard Contractual Clauses) and take appropriate safeguards to protect your information.

10. Your Rights

Depending on your location, you may have rights to access, correct, update, delete, restrict or object to processing of your personal data, and to data portability. Where we process your data based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

• Access & Correction: You can request a copy of your data and ask us to correct inaccuracies.
• Deletion: You can request that we delete your personal data, including face images and derived scores, subject to legal exceptions.
• Objection/Restriction: You may object to or request restriction of certain processing.
• Portability: You may request a machine-readable copy of certain data.
• Marketing Opt-Out: You can opt out of non-essential communications at any time.

To exercise rights, contact us at dev.dubeyabhishek@gmail.com. We may take steps to verify your identity before responding.

11. Children’s Privacy

The App is not intended for children under the age where parental consent is required by applicable law (e.g., 13 or 16). We do not knowingly collect personal data from such children without appropriate consent. If you believe a child has provided us data, please contact us so we can take appropriate action.

12. Changes to This Policy

We may update this policy from time to time. We will post the new policy with an updated “Last updated” date and, where appropriate, provide additional notice.

13. Contact Us

If you have questions, concerns, or complaints about this policy or our data practices, contact us at dev.dubeyabhishek@gmail.com.

14. Region-Specific Disclosures

California (CCPA/CPRA)

California residents may have rights to know, access, delete, correct, and opt out of certain data “sales” or “sharing” (as defined by law). We do not sell personal information for money. To exercise rights or an opt-out, contact us at dev.dubeyabhishek@gmail.com or visit /do-not-sell.

European Economic Area / UK (GDPR / UK GDPR)

You have the rights described above and may lodge a complaint with your local supervisory authority. Where consent is the basis for processing face images, you can withdraw consent at any time within the App or by contacting us.

India (DPDP Act, 2023)

Indian users have rights to access, correction, erasure, grievance redressal, and withdrawal of consent, subject to applicable exceptions. You may contact us at dev.dubeyabhishek@gmail.com for requests or grievances.

This Privacy Policy is provided for general informational purposes and does not constitute legal advice. Consider consulting counsel to confirm compliance with laws applicable to your specific data flows and business model.