Privacy Policy
This privacy policy describes how Look Like Me collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).
📣 Important note: Before any automatic deletion of your data, you will receive a warning email 7 days before, then a reminder the day before, allowing you to reactivate your account by simply logging in.
1. Data Controller
The data controller is the publisher of the Look Like Me website.
Name: [Name or company name — to be filled in]
Address: [Postal address — to be filled in]
Contact / DPO: contact@looklikeme.app
2. Data Collected and Purposes
| Data | Legal basis | Purpose |
|---|---|---|
| Photos (biometric data) | Explicit consent (Art. 6.1.a + Art. 9.2.a) | Resemblance analysis via Azure Face API |
| Email, username, hashed password | Contract performance (Art. 6.1.b) | Account creation and management |
| Analysis scores | Contract performance (Art. 6.1.b) | Result display and history |
| Transaction data (amount, date, plan) | Legal obligation (Art. 6.1.c) | Accounting, legal records |
| IP address (login attempts) | Legitimate interest (Art. 6.1.f) | Security — protection against attacks |
3. Retention Periods
- Photos (guest visitors): deleted immediately after analysis. They are never stored on our servers.
- Photos (members): kept in your personal history while your account is active. Automatic deletion after 12 months of account inactivity (with email notifications 7 days and 1 day before deletion).
- Analysis scores: retained for 24 months from the analysis date.
- Account data (email, password): deleted 3 years after the last login (photos deleted at 12 months first).
- Transaction data: 10 years (French legal accounting requirement). Only amount, date and plan are retained — identifying data is removed upon account closure.
- Connection logs (IP): maximum 30 days.
4. Third-Party Services
Your photos are transmitted to Microsoft Azure Face API for facial analysis. Microsoft acts as a data processor and handles this data in accordance with its GDPR commitments. Microsoft Privacy Statement →
Your data is never sold, rented or shared with other third parties for commercial purposes.
5. Your Rights
Under GDPR, you have the following rights:
- Right of access (Art. 15): download a full copy of your data from your profile.
- Right of rectification (Art. 16): update your email directly from your profile.
- Right to erasure (Art. 17): delete your photos or your entire account from your profile.
- Right to data portability (Art. 20): included in the JSON download from your profile.
- Right to object (Art. 21): unsubscribe from communications from your profile.
- Right to withdraw consent: delete your account at any time from your profile.
To exercise these rights or for any question:
contact@looklikeme.app
You also have the right to lodge a complaint with your national supervisory authority.
In France: CNIL (www.cnil.fr).
6. Security
Technical measures implemented: password encryption (bcrypt, cost 12), HTTP-only sessions with SameSite Strict, brute-force protection (max 5 attempts / 15 min per IP), secure communications (HTTPS), restricted file access.
7. Cookies
Look Like Me uses only session cookies required for the service to function (authentication). No advertising cookies or third-party trackers are used.
8. Notifications before automatic deletion
Before any automatic deletion of your photos (at 12 months of inactivity), you will receive:
- A warning email 7 days before the scheduled deletion;
- A reminder the day before deletion.
Simply logging in to your account is enough to reset the retention period.
9. Changes
This policy may be updated. Any substantial changes will be notified on the site.
Last updated: March 2026