Privacy Policy

Last Updated: March 1, 2025  |  Effective Date: March 1, 2025

1. About This Policy

This Privacy Policy describes how Limora, Inc. ("Limora," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our mobile application (the "App"), website at limora.app (the "Site"), and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of your information as described in this Privacy Policy. If you do not agree, please do not use our Services.

This policy applies to all users worldwide. Where applicable, additional rights are described for residents of specific regions including the European Economic Area (EEA), United Kingdom (UK), California (USA), and other jurisdictions.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Email address, display name, and password when you create an account. You may also sign in with Apple ID or Google, in which case we receive only your name and email from those providers.
• Photos and Images: Photos you voluntarily upload to generate AI portraits. These are the core input for our AI processing service. We treat these as sensitive biometric data.
• Payment Information: Subscription payment is processed entirely by Apple App Store or Google Play. We do not receive or store your full credit card or payment details.
• Communications: Messages you send to our support team, feedback submissions, or survey responses.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, unique device identifiers (IDFA/GAID, with your consent), and app version.
• Usage Data: Features you use, styles you select, tap patterns, session duration, and in-app navigation to improve our product.
• Crash and Performance Data: Error logs and performance metrics to maintain app stability (e.g., via Sentry or Firebase Crashlytics).
• Log Data: IP address, browser type (for website), access times, and pages visited.

2.3 Information from Third Parties

• Sign-In Providers: If you sign in with Apple or Google, we receive your name, email address, and profile picture from those services.
• Analytics Partners: Aggregated, anonymized analytics from services like Firebase Analytics to understand overall app performance.

3. How We Use Your Information

We use your information for the following purposes:

• Provide the Service: Process your photos through our AI models to generate portrait packs in the styles you select.
• Account Management: Create and manage your account, authenticate your identity, and process subscriptions.
• Improve Our AI: Only with your explicit, opt-in consent, we may use anonymized photos to improve our AI models. You can opt out at any time in Settings → Privacy.
• Customer Support: Respond to your requests, troubleshoot issues, and communicate service updates.
• Safety and Fraud Prevention: Detect and prevent abuse, fraudulent transactions, and violations of our Terms of Service.
• Legal Compliance: Fulfill legal obligations including responding to lawful governmental requests.
• Marketing Communications: Send you news about new styles and features — only if you have opted in. You can unsubscribe at any time.

4. Photo Data and Biometric Information

We recognize that facial photos constitute sensitive personal data and, in certain jurisdictions (Illinois, Texas, Washington, and the EU), biometric information. We apply the following specific protections to your photos:

• Photos are automatically deleted from our servers 30 days after your portrait pack is generated.
• You can manually delete all your uploaded photos and generated portraits at any time from Settings → My Data → Delete All Photos.
• We do not use your photos for advertising purposes.
• If you opt into AI training, your contribution is anonymized, aggregated, and cannot be linked back to you individually. You can withdraw this consent at any time.

5. How We Share Your Information

We do not sell your personal information. We only share your information in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party service providers who help us operate our Services. These providers are contractually bound to use your data only as instructed by us and not for their own purposes. They include:

• Cloud Infrastructure: Amazon Web Services (AWS) — secure photo storage and AI processing
• Analytics: Firebase Analytics — anonymized, aggregated usage analytics
• Crash Reporting: Sentry — error logs (no photos included)
• Customer Support: Zendesk — support ticket management
• Email: SendGrid — transactional emails (receipts, notifications)

5.2 Legal Requirements

We may disclose your information if required by law, court order, or other legal process, or if we believe disclosure is necessary to protect the safety of any person or to prevent fraud or abuse of Limora or its users.

5.3 Business Transfers

If Limora is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or prominent in-app notice before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

• Uploaded Photos: Deleted automatically 30 days after portrait generation, or immediately upon your request.
• Generated Portraits: Stored in your Limora library until you delete them or close your account.
• Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
• Usage Logs: Retained for up to 12 months in anonymized form for service improvement.
• Support Communications: Retained for up to 3 years for quality assurance and dispute resolution.

7. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Receive your data in a structured, machine-readable format.
• Objection / Restriction: Object to or restrict certain processing of your data.
• Withdrawal of Consent: Withdraw consent for any processing based on consent (e.g., AI training opt-in, marketing emails).

To exercise any of these rights, go to Settings → Privacy → Manage My Data within the app, or contact us at privacy@limora.app. We will respond within 30 days (or as required by applicable law).

8. GDPR (European Users)

If you are located in the European Economic Area or United Kingdom, the following additional provisions apply:

Legal Basis for Processing:

• Performance of a contract — to provide our AI portrait service
• Legitimate interests — for analytics, fraud prevention, and service improvement
• Consent — for AI training and marketing communications
• Legal obligation — for compliance with applicable laws

Data Transfers: We transfer personal data from the EEA to the United States and other countries. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for such transfers.

Data Protection Officer: You may contact our DPO at dpo@limora.app.

Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority.

9. CCPA (California Residents)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Know what categories of personal information we collect and for what purpose
• Opt out of the sale or sharing of your personal information (we do not sell or share personal information)
• Non-discrimination for exercising your privacy rights
• Limit use of sensitive personal information, including biometric data

To submit a CCPA request, email privacy@limora.app with "CCPA Request" in the subject line.

10. Children's Privacy

Limora is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child under the minimum age has provided us personal information, please contact us immediately at privacy@limora.app and we will take steps to delete such information.

11. Security

We implement industry-standard security measures to protect your information, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for all data at rest
• Regular third-party security audits and penetration testing
• Access controls and least-privilege principles for our team
• SOC 2 Type II certified infrastructure partners
• Automatic photo deletion and data minimization practices

No method of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

12. Cookies and Tracking Technologies

Our website (limora.app) uses cookies and similar technologies for the following purposes:

• Essential Cookies: Required for the website to function (session management, security).
• Analytics Cookies: Help us understand how visitors use our website (Google Analytics, anonymized).
• Marketing Cookies: Used to measure ad campaign effectiveness. Only used with your consent.

You can manage cookie preferences through our cookie banner or your browser settings. See our Cookie Policy for more details.

13. Third-Party Links

Our Services may contain links to third-party websites and services (e.g., App Store, Google Play, social media). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you by:

• Updating the "Last Updated" date at the top of this policy
• Sending a notification to the email address associated with your account
• Displaying a prominent in-app notice

Your continued use of our Services after such notification constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: privacy@limora.app
• Data Protection Officer: dpo@limora.app
• Postal Address: Limora, Inc., 2261 Market Street #4667, San Francisco, CA 94114, USA

For EU/UK users, our EU Representative can be contacted at: eu-rep@limora.app