Privacy Policy

Lunirai is an AI tool that turns a selfie into a "what could it look like" preview of an aesthetic treatment. We collect the minimum data we need to (a) generate that preview, (b) run your account, and (c) take payment. We don't sell your data, we don't run advertising trackers, and we don't share your selfie or your previews with anyone other than the named processors below.

You can access, export, correct, or delete your data at any time. See the Your rights section.

The data controller for the personal data described in this policy is [REGISTERED_ENTITY] ("Lunirai", "we", "us", "our"), a company registered in England and Wales (company number [REGISTERED_NUMBER]) with its registered office at [REGISTERED_ADDRESS].

You can reach us about anything in this policy at [PRIVACY_CONTACT].

We collect data in four categories.

• Identity & contact — your first name, optional last name, email (used for sign-in + transactional email), and an optional phone number if you choose to share it.
• Selfies & AI-generated images — the photo you upload during the generation flow, the AI-rendered preview produced from it, and the treatment options you selected. The AI image generation section explains the lifecycle of that data in detail.
• Payment data — your subscription status (active / cancelled / expired), credit balance, and a transaction history. We do not see your full card number; that's handled by Stripe and Apple directly.
• Technical & usage data — IP address, browser type, the pages you view inside Lunirai with timestamps, and server-side error logs. Used to keep the service secure, reliable, and improving.

• Provide the service — generate AI previews and let you save them to your account.
• Account management — sign you in, recover access, contact you about important account events.
• Payments & credits — debit credits for generations, renew subscriptions on your authorised schedule, produce VAT-compliant receipts.
• Safety & abuse prevention — rate-limit, flag suspicious sign-up patterns, maintain audit trails for security incidents.
• Service improvement — aggregated, non- identifying analytics about which features are used. We don't profile individual users.
• Legal compliance — respond to lawful requests from authorities and meet our retention obligations.

We do not sell your personal data to anyone for any purpose. We do not use your data for third-party advertising. We do not share your selfie or your AI preview with anyone other than the named processors below.

Under Article 6 of the UK GDPR, every use of personal data needs a lawful basis. Ours, by category:

• Identity, contact, and payment data — 6(1)(b) Contract. Necessary to give you an account and bill for what you've ordered.
• Selfies and AI previews — 6(1)(a) Consent. You give explicit consent at the moment of upload; you can withdraw it at any time by deleting the generation.
• Technical & usage data — 6(1)(f) Legitimate interest in running a secure, reliable service, balanced against your privacy by aggregation + short retention.
• Compliance disclosures — 6(1)(c) Legal obligation (tax records, lawful court requests).

When you upload a selfie and request a preview:

1. Your selfie is validated locally and uploaded to Supabase Storage in the EU (Frankfurt region) over TLS.
2. We send the selfie to Google Gemini Image Preview alongside a generated text prompt describing the treatment options you selected.
3. Gemini returns a generated image. We store that image in Supabase Storage; we don't retain it on Google's servers beyond Google's own retention policy.
4. You see the preview in your dashboard. The original selfie stays available for re-runs unless you delete the generation or close your account.

The AI render is illustrative — a "what could it look like" visualisation, not a guarantee, prediction, or simulation of any actual outcome. Real-world results vary.

The selfies you upload to Lunirai contain your face. Because face data is sensitive, this section sets out — separately from the wider data sections above — exactly what we do with it, how long we keep it, who else sees it, and why.

What face data we collect

The only face data we collect is the selfie you choose to upload during the generation flow and the AI-rendered treatment preview produced from it. We do not extract, store, or process facial geometry, faceprints, face-recognition templates, or any biometric identifiers derived from your selfie. We do not use Apple's Face ID, ARKit face tracking, or any on-device biometric API.

Why we store face data

We store your selfie and the generated preview so that you can revisit your results, generate alternative previews from the same photo without re-uploading, and so we can provide customer support if anything looks wrong with a render. The generated preview is the deliverable you paid for — keeping it on your account is the service. We do not retain face data to train models, build profiles, or for any purpose other than delivering this service back to you.

How long we keep face data

• Your selfie — until you delete the generation it belongs to, or 30 days after you close your account, whichever is sooner. You can delete a generation at any time from inside the app, which removes the associated selfie and preview from our storage within 24 hours.
• The AI-rendered preview — same lifecycle as the selfie: until deletion, or 30 days post-account closure.
• We do not retain face data indefinitely. There is no scenario in which face data persists on our servers after the linked account has been closed for more than 30 days.

Who we share face data with

We share your selfie with two processors only, and only for the purpose described:

• Supabase, Inc. (EU, Frankfurt) — stores your selfie and the generated preview in object storage so your account can render them back to you.
• Google LLC (Gemini Image API) (United States) — receives your selfie alongside the text prompt describing the treatment options you selected, and returns a generated preview image. This transfer is the entire reason we collect the selfie; without sending it to Gemini, no preview can be produced.

We do not share face data with advertisers, analytics providers, social networks, brokers, insurers, clinics, or anyone outside the two processors named above.

Whether those third parties also store face data

• Supabase stores the selfie and preview on our behalf for the duration set out above. Supabase acts strictly as our processor under a data-processing agreement, with no independent right to use the images for their own purposes. Their security and retention practices are documented at supabase.com/privacy.
• Google (Gemini Image API) processes the selfie to generate the preview. We use the paid Gemini API, under which Google states it does not use your prompts or uploaded media to train or improve its models. Google may retain inputs and outputs transiently for abuse-prevention purposes — typically for a short window (up to a few weeks) — after which they are deleted on Google's side. The current terms governing this are at ai.google.dev/gemini-api/terms and Google's data-processing addendum at cloud.google.com/terms/data-processing-addendum. If those terms change in a way that materially affects face-data handling, we will update this policy and notify active users by email.

Your consent and your controls

We ask for your explicit consent before any selfie leaves your device, on a one-time disclosure screen inside the app that names Google as the recipient. You can withdraw consent at any time by deleting the generation or your account; the underlying face data is removed as described above.

We share personal data with the following processors only to the extent each one needs to perform their function. Each is bound by a data-processing agreement that restricts further use.

Where data is transferred outside the UK / EEA — to Google in the United States for the AI render, and to RevenueCat, Stripe, and Resend for billing and email — we rely on the UK International Data Transfer Addendum added to the European Commission's Standard Contractual Clauses. You can request a copy by emailing [PRIVACY_CONTACT].

• Account + identity data — for the life of the account.
• Selfies + AI previews — until you delete the generation, or 30 days after account closure (whichever comes first).
• Payment records — 6 years (UK statutory tax retention).
• Server + access logs — 90 days rolling.

We protect your data with industry-standard measures: TLS in transit, AES-256 at rest, role-based access control, row-level security in the database, and signed URLs with short TTLs for image access.

No system is unbreachable. If we detect a personal-data breach that's likely to result in risk to your rights, we'll notify the ICO within 72 hours and notify affected users where required by Article 34 UK GDPR.

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Correct data that's inaccurate
• Erase data in defined circumstances. You can delete your account from inside the app at any time.
• Restrict our processing while you contest it
• Port your data to another service in a structured format
• Object to processing based on legitimate interest
• Withdraw consent at any time for processing we rely on consent for
• Lodge a complaint with the Information Commissioner's Office at ico.org.uk

To exercise any of these rights, email [PRIVACY_CONTACT]. We aim to respond within 30 days.

Lunirai isn't intended for under-16s. We don't knowingly collect personal data from children under that age. If you believe a child has registered, contact us at [PRIVACY_CONTACT] and we'll delete the account and any associated data.

We use the minimum cookies needed to run the app:

• Authentication session cookies (set by Supabase Auth) so you stay logged in across navigations.
• A theme preference cookie if you switch to dark mode.

We do not use third-party advertising cookies, cross-site trackers, or social-media pixels. We don't run a "cookie consent banner" because under PECR, strictly necessary cookies (the auth session) are exempt from consent requirements.

When we make material changes — adding a new processor, collecting a new data category, changing a lawful basis — we notify all active users by email at least 30 days before the new policy takes effect. Minor edits will be reflected by an updated Version at the top of this page.

For any privacy question, email [PRIVACY_CONTACT].

Postal address: [REGISTERED_ENTITY], [REGISTERED_ADDRESS].

You can also lodge a complaint directly with the UK ICO at ico.org.uk.