Privacy Policy

Last updated: November 22, 2025

This Privacy Policy explains how MindLoop Apps Ltd. ("MindLoop", "we", "us", or "our") collects, uses, and shares information when you use the LookDrop browser extension, related websites, APIs, and services (collectively, the "Service").

By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are and How to Contact Us

  • Controller: MindLoop Apps Ltd.
  • Registered address: Agion Omologiton 15, 1080 Nicosia, Cyprus
  • Email: contact@lookdrop.ai

For questions about this Policy or your data, you can contact us at the email above.

If you are in the EU/EEA or UK, MindLoop Apps Ltd. is the data "controller" of your personal data under applicable data‑protection law (e.g. GDPR/UK GDPR).

2. What We Do

LookDrop is a virtual outfit "try‑on" tool. In short:

  • You create an account and sign in.
  • You upload a photo of yourself.
  • You browse clothing websites and add clothing items via the extension.
  • We use artificial intelligence to generate images showing how those items might look on you.
  • We manage your token balance, purchase history, and generated images so you can view them later.

We provide the Service primarily to users in the US, EU, and other regions where its use is lawful.

3. Information We Collect

3.1 Account and Identity Information

When you create or use an account, we may collect:

  • Email address (required for registration and login).
  • Authentication data: Password (stored securely as a hash, not in plain text), authentication tokens, and related session information.
  • Verification status (e.g. whether your email has been verified).

3.2 Profile and Image Data

To use the core features, you may provide:

  • Profile photo: A portrait photo of yourself, which we store securely on cloud servers.
  • Generated images: AI‑generated "try‑on" images created from your inputs.
  • Associated history info: Timestamps, identifiers, and simple outfit metadata (e.g. clothing item names, links, thumbnails or URLs).

3.3 Clothing and Website Data

When you use the extension on third‑party clothing websites, we may process:

  • Clothing item information: Images you select (e.g. screenshots or base64 images captured by the extension), URLs to product pages, simple metadata (e.g. item name, source website, page title or link).
  • Website context: The URL of the page where you are using the extension (for correct operation and debugging), basic tab information (e.g. page title, favicon) to display within the extension.

3.4 Usage, Logs, and Device Information

When you use the Service, we automatically collect:

  • Usage data: Actions you take in the extension or web UI (e.g. generate outfit, view history, save or delete results), token usage (e.g. number of tokens spent per generation).
  • Technical data: Browser type and version, extension version, device and operating system information, IP address (for security and fraud‑prevention purposes).
  • Logs and diagnostics: Error messages, performance logs, and debugging information from our backend and, in some cases, from the extension.

3.5 Payment and Transaction Data

When you purchase tokens or other paid features, we work with third‑party payment processors.

  • We typically receive from the payment provider: A transaction ID or order ID, your email address, purchase details (e.g. token package, price, currency, payment status), limited billing information (e.g. location or tax‑related data) where needed.
  • We do not receive or store your full payment card number or bank account details. Those are handled directly by the payment provider.

We also store internal transaction and token records: Token balance and changes, purchase records and usage records, timestamps and related metadata.

3.6 Data Stored Locally in Your Browser

The LookDrop extension also uses local browser storage to keep some information on your device, such as:

  • Authentication tokens and expiry times (to keep you logged in).
  • Temporary clothing items and outfits you are assembling.
  • Local settings and preferences (e.g. auto‑save, image quality, sites where the extension is enabled).
  • Temporary requests/results related to quick generation workflows.

Some of this data remains on your device and is not transmitted to our servers except when necessary to provide core features.

4. How We Use Your Information

4.1 To Provide and Operate the Service

  • Create and maintain your account.
  • Authenticate you and manage sessions.
  • Process your inputs (photos and clothing items) to generate AI images.
  • Store and display your generated images and history.
  • Manage your token balance, purchases, and transaction records.

Legal bases: Performance of a contract (providing the Service you requested), legitimate interests (running a secure and effective service).

4.2 To Process Payments

  • Facilitate token and service purchases through third‑party payment providers.
  • Verify and record successful payments.
  • Handle issues such as failed payments or chargebacks.

Legal bases: Performance of a contract, legitimate interests, legal obligations (e.g. tax, accounting).

4.3 To Communicate with You

  • Send service‑related messages (e.g. account verification, password reset, security notices).
  • Notify you about important changes to the Service or this Policy.
  • Provide support and respond to your inquiries.

Legal bases: Performance of a contract, legitimate interests (keeping you informed and providing support), your consent where required.

4.4 To Improve and Secure the Service

  • Monitor usage trends and performance.
  • Debug issues and improve reliability, safety, and user experience.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Develop new features and test changes.

We may use anonymized or aggregated data (that does not reasonably identify you) for analytics and improvement.

Legal bases: Legitimate interests (service improvement, security), your consent where required by law.

4.5 To Comply with Legal Obligations

  • Respond to lawful requests from public authorities.
  • Maintain records required by law (e.g. for tax and accounting).
  • Enforce our Terms of Service and protect our rights.

Legal bases: Compliance with legal obligations, legitimate interests (protecting our rights and users).

5. How We Share Information

We do not sell your personal data. We share it only in the ways described below:

5.1 Service Providers and Sub‑Processors

We use trusted third‑party providers to help us run the Service, such as:

  • Cloud infrastructure and databases.
  • Authentication services.
  • AI model providers.
  • Payment processing services.
  • Email and communication tools (if used).
  • Error logging and analytics tools (if used, in anonymized or aggregated form where possible).

We primarily use services provided by Amazon Web Services (AWS) and Google. These providers process data on our behalf and are contractually required to use the data only for our specified purposes and implement appropriate security measures.

5.2 Payment Processors

When you make a purchase, information necessary to complete the transaction is sent directly to the payment processor. We receive limited data as described in Section 3.5. We recommend reviewing their privacy policies as well, as they act as independent controllers for parts of the payment flow.

5.3 AI Model Providers

To generate images, we send your profile photo, clothing collage or clothing images, and prompt and related metadata to AI model providers. These providers process the data to produce the requested output and may log limited information for security, abuse detection, or quality purposes under their own terms and privacy policies.

5.4 Legal and Safety Reasons

We may disclose information if we reasonably believe it is necessary to:

  • Comply with a law, regulation, legal process, or governmental request.
  • Enforce our Terms of Service, including investigating potential violations.
  • Detect, prevent, or address fraud, security, or technical issues.
  • Protect the rights, property, or safety of MindLoop, our users, or the public.

5.5 Business Transfers

If we are involved in a merger, acquisition, sale of assets, financing, or similar transaction, your information may be transferred as part of that transaction, subject to applicable law and this Privacy Policy.

6. International Data Transfers

We are based in Cyprus, and many of our service providers (including cloud providers, AI providers, and payment processors) may operate in other countries, including the United States and other non‑EU jurisdictions.

If you are in the EU/EEA, UK, or other regions with data‑transfer restrictions:

  • Your personal data may be transferred to countries that may not provide the same level of data protection as your home country.
  • Where required, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or UK authorities, or other lawful mechanisms under applicable data‑protection law.

You can contact us for more information about these safeguards.

7. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Policy or as required by law. In general:

  • Account data: Kept for as long as your account is active, and for a reasonable period after closure (e.g. to handle disputes or enforce our rights).
  • Profile and generated images: Kept while your account is active, unless you delete them or request deletion.
  • Transaction and billing records: Kept for periods required by tax, accounting, and financial regulations (typically several years).
  • Logs and diagnostics: Kept for shorter periods, unless needed for security investigations or legal purposes.

When data is no longer needed, we will delete or anonymize it in accordance with our data‑retention policies.

8. Your Rights

Your rights depend on your location, but generally may include:

8.1 If You Are in the EU/EEA or UK

Under GDPR/UK GDPR, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure ("right to be forgotten"): Request deletion of your data in certain circumstances.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Request a copy of your data in a structured, commonly used, machine‑readable format and ask us to transfer it to another controller, where technically feasible.
  • Objection: Object to processing based on our legitimate interests, and to direct marketing (if used).
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time (this will not affect prior processing).

To exercise your rights, contact us at contact@lookdrop.ai. We may ask you to verify your identity before responding. We will respond within the time limits required by law.

You also have the right to lodge a complaint with your local data‑protection authority, for example in Cyprus (Office of the Commissioner for Personal Data Protection) or in other EU countries or the UK (your local supervisory authority).

8.2 If You Are in California or Certain US States

Depending on your state, you may have rights similar to:

  • Access: Request information about the categories and specific pieces of personal data we have collected about you.
  • Deletion: Request that we delete your personal data, subject to certain exceptions.
  • Correction: Request correction of inaccurate personal data.
  • Non‑discrimination: We will not discriminate against you for exercising your privacy rights.

If these state laws apply to us and to you, you can submit a request by contacting contact@lookdrop.ai. We may need to verify your identity before fulfilling your request.

9. Children's Privacy

The Service is not intended for children:

  • You must be at least 16 years old, or older where required by local law, to use the Service.
  • We do not knowingly collect personal data from children under the minimum age of digital consent in their country.

If we become aware that we have collected personal data from a child in violation of this Policy or applicable law, we will take reasonable steps to delete it. If you believe a child has used the Service or provided data to us, please contact contact@lookdrop.ai.

10. Security

We use reasonable technical and organizational measures to protect your personal data, including:

  • Use of reputable cloud providers with strong security practices.
  • Access controls and authentication for internal systems.
  • Encryption in transit and, where appropriate, at rest.
  • Secure handling of secrets and API keys.

However, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for keeping your account credentials confidential, not sharing your password with others, and not reusing your LookDrop password on other sites.

If you believe your account or data may have been compromised, contact us immediately.

11. Cookies and Similar Technologies

11.1 Browser Extension

The LookDrop extension primarily uses browser storage rather than traditional website cookies. This storage is used to keep you logged in, remember your settings and preferences, and store temporary data needed for outfit generation and history. This data is typically limited to your device and account context.

11.2 Website

If you use our website (e.g. lookdrop.ai), we may use:

  • Essential cookies: Required for the site to function (e.g. session cookies).
  • Analytics or performance cookies: To understand how the site is used and improve it (where permitted by law).
  • Other tracking technologies: Such as logs or similar tools for security and performance.

Where required by law (e.g. in the EU/EEA or UK), we will ask for your consent for non‑essential cookies and provide options to manage your preferences.

12. Third‑Party Links and Content

The Service may link to or interact with third‑party websites and services, including clothing retailers and other sites where you browse for items, payment providers (e.g. Paddle), AI providers (e.g. Google AI / Gemini), and other websites accessed via your browser.

We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the "Last updated" date at the top.
  • Where required by law or where changes are material, we will take additional steps to notify you (e.g. via the extension or email).

Your continued use of the Service after the updated Policy becomes effective means you accept the changes. If you do not agree, you should stop using the Service and may uninstall the extension.

14. Contact Us

If you have questions, concerns, or requests about this Privacy Policy or your personal data, you can contact us at:

  • Email: contact@lookdrop.ai
  • Postal address: MindLoop Apps Ltd., Agion Omologiton 15, 1080 Nicosia, Cyprus

© 2025 Mindloop Apps Ltd.