This Policy describes the practices of Yoven Reddi, an individual operating the Lifemaxr app in a personal capacity—not as a company (“we,” “us”). Principal place of business: Toronto, Ontario, Canada. Jurisdiction: Province of Ontario, Canada.
This Privacy Policy describes how we collect, use, and share information when you use our iOS app and related services (the “Service”). It should be read together with our Terms of Service.
Account & identity. If you sign in with Google, we receive identifiers such as your email address and display name as permitted by Google’s sign-in flow; Google’s SDK may process additional technical data under Google’s policies. If you use Sign in with Apple, we receive identifiers Apple shares with us (which may include a private relay email if you choose that option). When you first authenticate, our servers verify your IdP token and issue a session token; we may persist a mapping between your IdP subject identifier and your in-app user id for consistency across sign-ins.
We store a user profile, referral code, subscription tier, and related settings needed to run the app.
Photos & prompts. You upload your photo, an inspiration image, and may enter text (for example scene descriptions). These are sent to our backend and third-party AI services to generate results. For some flows, a preview or full result may be held on our servers briefly so you can complete payment and reveal.
Face-related checks. Your photos may be analyzed with Google Cloud Vision for safe-search moderation and face detection (for example to confirm a face is present in your selfie before continuing). That processing happens on images you submit and returns summary signals to our API, not a separate “biometric enrollment” product. We do not use these signals for advertising or to build a face template that identifies you outside the Service.
Sensitive imagery. Your uploads may show your face or body. We use them only to provide the Service (including moderation, transformation, and account features), to enforce our Terms, and as described here. We do not sell personal information and we do not use your photos for unrelated marketing.
AI model training. We do not use your photos or prompts to train third-party foundation models or to improve providers’ general models. Content you submit is processed to generate your results and to operate safety and billing as described in this Policy.
Human access. We do not routinely view your images. Limited operators or contractors may access content only when reasonably needed to operate, secure, or support the Service (for example investigating abuse or security incidents), or when required by law.
Generated content. Transformed images produced for you may be cached on our servers (for a limited time for pending reveals), returned to the app, and stored on-device (for example in history or reveal flows).
Purchases & entitlements. When you buy subscriptions or consumables, Apple processes payment. The app may send Apple-signed transaction data to our API so we can verify purchases, prevent replay fraud, grant generation credits, and sync subscription transform quotas. We may use RevenueCat to help map StoreKit state to in-app entitlements; RevenueCat receives device/app identifiers and purchase-related events under their policy.
Referral & program data. We store referral codes, whether a code was applied, server-side flags for promotional or creator-tier pricing eligibility where the backend applies them, and free transform balances earned through referrals, as described in the app.
Notifications. If you enable them, we may schedule local notifications on your device (for example reminders tied to transforms or onboarding). We do not need to receive the notification content on our servers for those to fire.
Device & local storage. We store session tokens (for example in the iOS Keychain), preferences, and history in UserDefaults or similar on-device storage. Transform history may remain on the device until you remove it or delete the app.
Technical data. Our servers process request metadata (for example IP address, user id tied to your session, timestamps, rate-limiting keys, and error logs) to operate sessions, verify purchases, enforce referral rules, prevent abuse, and diagnose errors.
Sharing, saving, and clipboard. When you use Share, Save to Photos, or Copy (for example a referral code), you choose where content goes (another app, your library, or the system pasteboard). We do not control third-party apps you share to.
In-app review. We may ask iOS to present Apple’s standard App Store rating / review prompt; that flow is handled by Apple.
What we don’t do (today). The app does not embed third-party advertising SDKs or use App Tracking Transparency cross-app tracking in the shipped codebase. There is no separate first-party analytics product beyond what’s needed to run the Service (API logs, purchase verification, etc.).
We rely on providers including, depending on configuration:
These providers process data under their own terms and privacy policies. API keys for cloud AI services reside on our servers, not in the public client binary.
Where Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or substantially similar provincial laws apply, we collect, use, and disclose personal information reasonably for the purposes described in this Policy. You may request access to or correction of your personal information, subject to legal exceptions. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner if applicable.
If you are a California resident, you may have rights under the CCPA/CPRA, including to know what personal information we collect, to delete or correct certain information, and to opt out of the sale or sharing of personal information. We do not sell your personal information for money. We do not share personal information for cross-context behavioral advertising as described in the CPRA. We use service providers under contracts that limit their use of data to providing services to us.
Sensitive personal information. We use photos and any face-related signals only for the purposes described in this Policy (including transformation, moderation, and account operation). We do not use sensitive personal information for purposes incompatible with this Policy.
Residents of other U.S. states with comprehensive privacy laws (for example Colorado, Connecticut, Virginia, or Utah) may have similar rights; contact us to exercise them. We will not discriminate against you for exercising privacy rights granted by law.
Where GDPR applies, we process personal data on the basis of contract (providing the Service), legitimate interests (security, abuse prevention, purchase verification, product improvement), and consent where required (for example optional notifications or certain cookies on web properties). You may have rights to access, rectify, delete, restrict, or port data, and to object or lodge a complaint with a supervisory authority.
We retain information only as long as needed for the purposes above. Pending reveal / held results on the server are kept for a limited window (on the order of one day, plus a small operational buffer) and then deleted automatically. Referral credit balances and purchase verification records (for example identifiers of consumed transactions to prevent double-spend) may persist longer as needed to run the program and billing logic. Server-side sessions may be short-lived and reset when infrastructure restarts. On-device data remains until you remove it or delete the app. We may retain minimal logs for security and legal compliance.
Account deletion. If you use in-app delete account, we ask our API to remove most data tied to your Lifemaxr user id (sessions, referral balances we store for you, held pending results, and related records as implemented on the server). Deleting your Lifemaxr account does not cancel App Store subscriptions—manage or cancel those in Apple ID → Subscriptions (or as Apple directs). Some Apple / payment–adjacent records may persist on Apple’s side or in minimal server records used for fraud prevention, accounting, or subscription usage integrity tied to the same Apple account, as allowed by law and platform rules.
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will delete it.
If you use the Service from outside Canada or the United States, your information may be processed in Canada, the United States, and other countries where our providers operate. We use appropriate safeguards as required by law.
You may disconnect Google or Apple sign-in, turn off notifications in iOS Settings, manage Camera / Photo Library permissions for the app, clear app data, delete your account through in-app controls where offered, or delete the app. Manage subscriptions and refunds through Apple’s account tools. Some rights vary by region; contact us to exercise applicable privacy rights.
We use industry-standard measures appropriate to the Service, including transport encryption for API traffic where configured, server-side verification of purchase payloads, and secure token storage on device. No method is 100% secure.
If we become aware of a breach of security affecting personal information and notification is required by applicable law, we will provide notice to you and/or regulators as those laws require.
We may update this Policy by posting a new effective date. Material changes may require additional notice as required by law.
Operator: Yoven Reddi · Lifemaxr · Toronto, Ontario, Canada
Privacy and U.S. state privacy requests: privacy@lifemaxr.com