This Policy describes the practices of Yoven Reddi, an individual operating the Lifemaxr app in a personal capacity—not as a company (“we,” “us”). Principal place of business: Toronto, Ontario, Canada. Jurisdiction: Province of Ontario, Canada.
This Privacy Policy describes how we collect, use, and share information when you use our iOS app and related services (the “Service”). It should be read together with our Terms of Service.
Account & identity. If you sign in with Google, we receive identifiers such as your email address and display name as permitted by Google’s sign-in flow; Google’s SDK may process additional technical data under Google’s policies. If you use Sign in with Apple, we receive identifiers Apple shares with us (which may include a private relay email if you choose that option). When you first authenticate, our servers verify your IdP token and issue a session token; we may persist a mapping between your IdP subject identifier and your in-app user id for consistency across sign-ins.
We store a user profile, referral code, subscription tier, and related settings needed to run the app.
Photos & prompts. You upload your photo, an inspiration image, and may enter text (for example scene descriptions). These are sent to our backend and third-party AI services to generate results. For some flows, a preview or full result may be held on our servers briefly so you can complete payment and reveal.
Face-related checks. Your photos may be analyzed with Google Cloud Vision for safe-search moderation and face detection (for example to confirm a face is present in your selfie before continuing). That processing happens on images you submit and returns summary signals to our API, not a separate “biometric enrollment” product.
Generated content. Transformed images produced for you may be cached on our servers (for a limited time for pending reveals), returned to the app, and stored on-device (for example in history or reveal flows).
Purchases & entitlements. When you buy subscriptions or consumables, Apple processes payment. The app may send Apple-signed transaction data to our API so we can verify purchases, prevent replay fraud, grant generation credits, and sync subscription transform quotas. We may use RevenueCat to help map StoreKit state to in-app entitlements; RevenueCat receives device/app identifiers and purchase-related events under their policy.
Referral & program data. We store referral codes, whether a code was applied, optional creator-program flags, and server-side free transform balances earned through referrals, as described in the app.
Notifications. If you enable them, we may schedule local notifications on your device (for example reminders tied to transforms or onboarding). We do not need to receive the notification content on our servers for those to fire.
Device & local storage. We store session tokens (for example in the iOS Keychain), preferences, and history in UserDefaults or similar on-device storage. Transform history may remain on the device until you remove it or delete the app.
Technical data. Our servers process request metadata (for example IP address, user id tied to your session, timestamps, rate-limiting keys, and error logs) to operate sessions, verify purchases, enforce referral rules, prevent abuse, and diagnose errors.
Sharing, saving, and clipboard. When you use Share, Save to Photos, or Copy (for example a referral code), you choose where content goes (another app, your library, or the system pasteboard). We do not control third-party apps you share to.
In-app review. We may ask iOS to present Apple’s standard App Store rating / review prompt; that flow is handled by Apple.
What we don’t do (today). The app does not embed third-party advertising SDKs or use App Tracking Transparency cross-app tracking in the shipped codebase. There is no separate first-party analytics product beyond what’s needed to run the Service (API logs, purchase verification, etc.).
We rely on providers including, depending on configuration:
These providers process data under their own terms and privacy policies. API keys for cloud AI services reside on our servers, not in the public client binary.
Where Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or substantially similar provincial laws apply, we collect, use, and disclose personal information reasonably for the purposes described in this Policy. You may request access to or correction of your personal information, subject to legal exceptions. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner if applicable.
Where GDPR applies, we process personal data on the basis of contract (providing the Service), legitimate interests (security, abuse prevention, purchase verification, product improvement), and consent where required (for example optional notifications or certain cookies on web properties). You may have rights to access, rectify, delete, restrict, or port data, and to object or lodge a complaint with a supervisory authority.
We retain information only as long as needed for the purposes above. Pending reveal / held results on the server are kept for a limited window (on the order of one day, plus a small operational buffer) and then deleted automatically. Referral credit balances and purchase verification records (for example identifiers of consumed transactions to prevent double-spend) may persist longer as needed to run the program and billing logic. Server-side sessions may be short-lived and reset when infrastructure restarts. On-device data remains until you remove it or delete the app. We may retain minimal logs for security and legal compliance.
Account deletion. If you use in-app delete account, we ask our API to remove most data tied to your Lifemaxr user id (sessions, referral balances we store for you, held pending results, and related records as implemented on the server). Deleting your Lifemaxr account does not cancel App Store subscriptions—manage or cancel those in Apple ID → Subscriptions (or as Apple directs). Some Apple / payment–adjacent records may persist on Apple’s side or in minimal server records used for fraud prevention, accounting, or subscription usage integrity tied to the same Apple account, as allowed by law and platform rules.
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will delete it.
If you use the Service from outside Canada or the United States, your information may be processed in Canada, the United States, and other countries where our providers operate. We use appropriate safeguards as required by law.
You may disconnect Google or Apple sign-in, turn off notifications in iOS Settings, manage Camera / Photo Library permissions for the app, clear app data, delete your account through in-app controls where offered, or delete the app. Manage subscriptions and refunds through Apple’s account tools. Some rights vary by region; contact us to exercise applicable privacy rights.
We use industry-standard measures appropriate to the Service, including transport encryption for API traffic where configured, server-side verification of purchase payloads, and secure token storage on device. No method is 100% secure.
We may update this Policy by posting a new effective date. Material changes may require additional notice as required by law.
Operator: Yoven Reddi · Lifemaxr · Toronto, Ontario, Canada
Privacy questions: [email protected]