Privacy Policy
This privacy policy describes how Look Like Me collects, uses and protects your personal data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).
📣 Important note: Before any automatic deletion of your data, you will receive a warning email 7 days before, then a reminder the day before, allowing you to reactivate your account by simply logging in.
1. Data Controller
The data controller is the publisher of the Look Like Me website.
Name: Société Like Star
Address: France
Contact: contact@looklikeme.app
GDPR / data-related requests: rgpd@looklikeme.app
2. Data Collected and Purposes
| Data | Legal basis | Purpose |
|---|---|---|
| Photos (biometric data) | Explicit consent (Art. 6.1.a + Art. 9.2.a) | Resemblance analysis via the Look Like Me Engine |
| Email, username, hashed password | Contract performance (Art. 6.1.b) | Account creation and management |
| Analysis scores | Contract performance (Art. 6.1.b) | Result display and history |
| Transaction data (amount, date, plan) | Legal obligation (Art. 6.1.c) | Accounting, legal records |
| IP address (login attempts) | Legitimate interest (Art. 6.1.f) | Security — protection against attacks |
3. Retention Periods
- Photos (guest visitors): kept for up to 24 hours so we can display your result, then automatically deleted by our daily purge. If you create an account right after the analysis, they are linked to your history and follow the "members" retention below.
- Photos (members): kept in your personal history while your account is active. Automatic deletion after 12 months of account inactivity (with email notifications 7 days and 1 day before deletion).
- Analysis scores: retained for 36 months from the analysis date.
- Account data (email, password): deleted 3 years after the last login (photos deleted at 12 months first).
- Transaction data: 10 years (French legal accounting requirement). Only amount, date and plan are retained — identifying data is removed upon account closure.
- Connection logs (IP): maximum 6 months.
4. Third-Party Services
Look Like Me Engine (Google Cloud Run, Europe region)
Your photos are transmitted to our proprietary analysis engine, the Look Like Me Engine, deployed on Google Cloud Run in the Europe region (europe-west1, Belgium). The engine processes biometric data (facial detection points, feature vectors via the ArcFace model) in order to compute a resemblance score. Google Cloud acts as a hosting data processor and handles this data in accordance with its GDPR commitments (EU Standard Contractual Clauses). Biometric data is processed exclusively in memory during analysis and is never persisted on Google's servers. Google Cloud Data Processing Addendum →
Microsoft Clarity (usage analytics)
With your consent, we use Microsoft Clarity to analyse usage of the site (heatmaps, anonymised session recordings, navigation statistics). Clarity collects aggregated and anonymised behavioural data — no biometric data is transmitted to this service.
Clarity is only loaded after your explicit consent via the cookie consent banner. You may withdraw this consent at any time. Microsoft Privacy Statement →
Your data is never sold, rented or shared with other third parties for commercial purposes.
4 bis. Consent of photographed persons
When you upload photos of your parents (or any person other than yourself), you certify that you have obtained their prior consent for processing their image through the Look Like Me service. This responsibility lies with you as the primary account holder.
Any photographed person may, at any time, request the removal of their photo by emailing rgpd@looklikeme.app with sufficient detail to identify the photo concerned. We will proceed with the removal within the one-month delay required by GDPR, and we will notify the primary account holder of the removal.
Look Like Me cannot be held liable for a lack of consent which is the sole responsibility of the primary user toward their relatives.
5. Your Rights
Under GDPR, you have the following rights:
- Right of access (Art. 15): download a full copy of your data from your profile.
- Right of rectification (Art. 16): update your email directly from your profile.
- Right to erasure (Art. 17): delete your photos or your entire account from your profile.
- Right to data portability (Art. 20): included in the JSON download from your profile.
- Right to object (Art. 21): unsubscribe from communications from your profile.
- Right to withdraw consent: delete your account at any time from your profile.
To exercise these rights or for any data-related question:
rgpd@looklikeme.app
You can also export all your data from your profile.
You also have the right to lodge a complaint with your national supervisory authority.
In France: CNIL (www.cnil.fr).
6. Security
Technical measures implemented: password encryption (bcrypt, cost 12), HTTP-only sessions with SameSite Strict, brute-force protection (max 5 attempts / 15 min per IP), secure communications (HTTPS), restricted file access.
7. Cookies and Trackers
Look Like Me uses the following cookies:
- Session cookie (PHPSESSID): strictly necessary for the service to function (authentication). Does not require consent.
- Language preference cookie (llm_lang): remembers your chosen language. Does not require consent.
- Consent cookie (llm_consent): records your choice regarding analytics trackers. Duration: 365 days.
- Google Analytics (via GTM): anonymised audience measurement. Loaded only after consent. Legal basis: consent (Art. 6.1.a).
- Microsoft Clarity: anonymised behavioural analysis (heatmaps, sessions). Loaded only after consent. Legal basis: consent (Art. 6.1.a).
You may change your consent at any time using the cookie management button available on the site.
8. Notifications before automatic deletion
Before any automatic deletion of your photos (at 12 months of inactivity), you will receive:
- A warning email 7 days before the scheduled deletion;
- A reminder the day before deletion.
Simply logging in to your account is enough to reset the retention period.
9. Changes
This policy may be updated. Any substantial changes will be notified on the site.
Last updated: March 2026