What we collect. Depending on the feature you use, you may upload selfies, optional side or profile photos, optional torso / progress photos, an inspiration / reference image for transforms, and short text (for example scene descriptions, quiz answers, or Coach chat messages). We treat visible faces in those photos and automated face-detection signals from our providers as face data. We do not create or store a biometric template, faceprint, or face-recognition model of you, and the app does not use Face ID for authentication.
Transform tab. When you run a transform, your photo is sent over HTTPS to our backend and forwarded to AI providers to (a) generate the transformed image you requested, (b) run safety / moderation checks, and (c) compute optional appearance scores. The original upload is processed in real time and is not retained on our backend after processing completes. The generated transform may be held briefly so you can complete payment and reveal, then deleted automatically (auto-expiry within 25 hours or sooner — deleted immediately the first time you reveal it).
Maxxxing Dashboard — formula scans & previews. If you use the Maxxxing Dashboard (Hair, Skin, Face Structure, Physique builders, manifest-driven photo scanners, or related flows), photos you submit are sent to our backend and processed by third-party AI models to return structured reads, routines, plans, or previews. This includes, for example:
For these Maxxxing scan flows, uploaded photos are processed transiently on our backend and at the provider — we do not keep your original scan photos as image files on our servers after the request completes. Structured JSON/text results are returned to the app. You may save analysis outputs, formulas, and photos locally on your device (see Device & local storage).
Coach chat. The in-app Lifemaxr Coach sends your messages, a short conversation tail, and a context snapshot (for example display name, scores, streak, selected pillars, saved formula titles, recent scan summaries, and optional detailed hair/skin formula memory) to our backend, which forwards them to Claude to generate a reply. Coach chat does not require a new photo upload each message. We do not maintain a long-term server-side Coach chat log tied to your account; chat history you see is stored on your device unless we later add cloud sync (we would update this Policy if we do).
Sharing. Photos and related content are processed by providers under their own terms and only for the purposes above, including:
We do not sell your photos or face data, do not use them for advertising, and do not use them to train third-party foundation models or face-recognition systems. Apple StoreKit, RevenueCat, Google Sign-In, Sign in with Apple, PostHog, and Bunny Stream do not receive your photo files.
Where it is stored. Photos are processed in transit on our backend and at provider endpoints. The only on-server image records we typically keep are brief generated transform outputs for pending reveals (see Retention). Locally on your device, transform history, Maxxxing formulas, scan photos, progress-vault images, Coach history, and habit logs may remain until you remove them or delete the app.
Retention (photos on servers). Original uploads from transforms and Maxxxing scans are not retained on our backend after processing completes. Generated transform images follow the 25-hour / first-reveal deletion rule above.
No biometric identification. Lifemaxr does not perform 1:1 or 1:N face recognition, does not identify you across photos, and does not build or persist a biometric template of you. Cloud Vision face-detection signals are limited to moderation and quality gating; they are not a faceprint and are not stored as a biometric record.
This Policy describes the practices of Yoven Reddi, an individual operating the Lifemaxr app in a personal capacity—not as a company (“we,” “us”). Principal place of business: Toronto, Ontario, Canada. Jurisdiction: Province of Ontario, Canada.
This Privacy Policy describes how we collect, use, and share information when you use our iOS app, optional website properties we operate for partner or creator programs (for example pages under lifemaxr.com/clipper), and related services (the “Service”). It should be read together with our Terms of Service.
Account & identity. If you sign in with Google, we receive identifiers such as your email address and display name as permitted by Google’s sign-in flow; Google’s SDK may process additional technical data under Google’s policies. If you use Sign in with Apple, we receive identifiers Apple shares with us (which may include a private relay email if you choose that option). When you first authenticate, our servers verify your IdP token and issue a session token; we may persist a mapping between your IdP subject identifier and your in-app user id for consistency across sign-ins.
We store a user profile, referral code, subscription tier, and related settings needed to run the app.
Guest sessions. You may start with a device guest profile (a Lifemaxr user id and session created without Google or Apple). You can keep using that profile or optionally link Google or Apple where the app offers it.
Onboarding & product analytics. We use PostHog (product analytics) to understand how the app is used — for example app launches, onboarding quiz selections (timeline, priorities, reasons, commitment), paywall and purchase funnel steps, transform/reveal events, streak milestones, and notification permission outcomes. Events are tied to your stable in-app user id when you identify or sign in; we do not intentionally send raw emails, display names, or photo files to PostHog. PostHog may receive device/app metadata (for example OS version, app version) under their policy. We do not use PostHog for cross-app advertising or sell analytics data.
Photos, prompts & face data. See Photos, face data & AI processing above for transforms, Maxxxing scans, previews, and Coach context.
Face-related checks. Your photos may be analyzed with Google Cloud Vision for safe-search moderation and face detection (for example to confirm a face is present before continuing). We do not use these signals to identify you outside the Service, authenticate you, build a face template, infer identity, sell advertising, or train face-recognition systems.
Sensitive imagery. Your uploads may show your face or body. We use them only to provide the Service (including moderation, transformation, Maxxxing scans, appearance coaching, and account features), to enforce our Terms, and as described here. We do not sell personal information and we do not use your photos for unrelated marketing.
AI model training. We do not use your photos, face data, or prompts to train third-party foundation models or to improve providers’ general models. Content you submit is processed to generate your results and to operate safety and billing as described in this Policy.
Human access. We do not routinely view your images. Limited operators or contractors may access content only when reasonably needed to operate, secure, or support the Service (for example investigating abuse or security incidents), or when required by law.
Generated content. AI-generated images and text produced for you may be cached briefly on our servers (for pending reveals), returned to the app, and stored on-device.
Maxxxing Dashboard — local plan data. When you use the Maxxxing Dashboard, much of your plan lives on device, including: selected pillars, Today task completion, streaks, saved Academy cards, hair/skin/face/physique formula drafts and built setups, scan-result summaries, optional Progress Vault photos, reset progress, per-pillar scan quota counters, and Coach chat history. This data is stored in iOS storage (for example UserDefaults, the Keychain for session tokens, and app sandbox files under Documents / Application Support). It is not automatically uploaded as a full backup to our servers today.
Purchases & entitlements. When you buy subscriptions or consumables, Apple processes payment. The app may send Apple-signed transaction data to our API so we can verify purchases, prevent replay fraud, grant generation credits, sync subscription transform quotas, and validate optional scan consumables where offered. We may use RevenueCat to help map StoreKit state to in-app entitlements; RevenueCat receives device/app identifiers and purchase-related events under their policy.
Referral & program data. We store referral codes, whether a code was applied, referrer–friend associations used to credit referrers after a referred user’s qualifying paid reveal (server-verified with Apple in-app purchase data), server-side flags for promotional or creator-tier pricing eligibility where the backend applies them, and free transform balances earned through referrals, as described in the app.
Partner clipper / creator program (website). If you use Lifemaxr’s optional clipper or creator flows on our website (for example pages under lifemaxr.com/clipper), you may sign in with Google or Apple via Supabase Auth and submit profile and program information such as email, social handles, payout preferences you choose to provide (for example PayPal or similar), and clip submissions for review. That data is stored in a Supabase-hosted database and is used to run the program (approvals, payouts, communications). When you link Google in the iOS app as a partner, our API may store a mapping between your Lifemaxr user id and your normalized Google email to enforce partner reveal credits or comped product access as described in-app. These website flows are separate from the transform / Maxxxing photo pipeline unless a specific page asks you for an image.
Notifications. If you enable them, we may schedule local notifications on your device (for example transform reminders, onboarding nudges, Maxxxing Today mission / streak / reset reminders, and referral moments). We do not need to receive notification content on our servers for those to fire.
Device & local storage. We store session tokens (for example in the iOS Keychain), preferences, transform history, Maxxxing plan data, and Coach history in UserDefaults, files, or similar on-device storage until you remove them or delete the app.
Technical data. Our servers process request metadata (for example IP address, user id tied to your session, timestamps, rate-limiting keys, and error logs) to operate sessions, verify purchases, enforce referral rules, prevent abuse, and diagnose errors.
Sharing, saving, and clipboard. When you use Share, Save to Photos, or Copy (for example a referral code), you choose where content goes (another app, your library, or the system pasteboard). We do not control third-party apps you share to.
In-app review. We may ask iOS to present Apple’s standard App Store rating / review prompt; that flow is handled by Apple.
What we don’t do. The app does not embed third-party advertising SDKs or use App Tracking Transparency for cross-app tracking. We do not sell your personal information. Product analytics via PostHog is described above and is used to improve the Service, not to serve third-party ads.
We rely on providers including, depending on configuration:
These providers process data under their own terms and privacy policies. API keys for cloud AI services reside on our servers, not in the public client binary.
Where Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or substantially similar provincial laws apply, we collect, use, and disclose personal information reasonably for the purposes described in this Policy. You may request access to or correction of your personal information, subject to legal exceptions. You may file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner if applicable.
If you are a California resident, you may have rights under the CCPA/CPRA, including to know what personal information we collect, to delete or correct certain information, and to opt out of the sale or sharing of personal information. We do not sell your personal information for money. We do not share personal information for cross-context behavioral advertising as described in the CPRA. We use service providers under contracts that limit their use of data to providing services to us.
Sensitive personal information. We use photos, body imagery you choose to store locally, and face-related signals only for the purposes described in this Policy (including transformation, Maxxxing scans, moderation, coaching, and account operation). We do not use sensitive personal information for purposes incompatible with this Policy.
Residents of other U.S. states with comprehensive privacy laws (for example Colorado, Connecticut, Virginia, or Utah) may have similar rights; contact us to exercise them. We will not discriminate against you for exercising privacy rights granted by law.
Where GDPR applies, we process personal data on the basis of contract (providing the Service), legitimate interests (security, abuse prevention, purchase verification, product analytics, product improvement), and consent where required (for example optional notifications, third-party AI photo processing disclosures in the app, or certain cookies on web properties). You may have rights to access, rectify, delete, restrict, or port data, and to object or lodge a complaint with a supervisory authority.
We retain information only as long as needed for the purposes above. Pending reveal / held transform results on the server are kept for a limited window (on the order of one day, plus a small operational buffer) and then deleted automatically. Maxxxing scan photos are not kept on our servers after processing. Referral credit balances and purchase verification records (for example identifiers of consumed transactions to prevent double-spend) may persist longer as needed to run the program and billing logic. Server-side sessions may be short-lived and reset when infrastructure restarts. PostHog retention follows PostHog’s settings and our project configuration. On-device data (including Maxxxing formulas, vault photos, Coach history, and habit logs) remains until you remove it or delete the app. We may retain minimal logs for security and legal compliance.
Account deletion. If you use in-app delete account, we ask our API to remove most data tied to your Lifemaxr user id on our primary API servers (sessions, referral balances we store for you, held pending results, the server mapping from your user id to a partner Google email for credit eligibility when applicable, and related records as implemented). Deleting your Lifemaxr app account does not automatically delete: (a) local on-device Maxxxing data (formulas, scan photos, Progress Vault, Today logs, Coach history) — remove those by deleting the app or clearing app data; (b) a separate clipper or creator profile you created only on our website (Supabase Auth / program tables) — use website controls where available or contact us; (c) analytics events already received by PostHog — contact us if you need help with deletion requests we can action with our vendor. Deleting your Lifemaxr account does not cancel App Store subscriptions — manage or cancel those in Apple ID → Subscriptions. Some Apple / payment–adjacent records may persist on Apple’s side or in minimal server records used for fraud prevention, accounting, or subscription usage integrity, as allowed by law and platform rules.
The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have, contact us and we will delete it.
If you use the Service from outside Canada or the United States, your information may be processed in Canada, the United States, and other countries where our providers operate (including PostHog, Google, Anthropic, Bunny, Supabase, and Railway). We use appropriate safeguards as required by law.
You may disconnect Google or Apple sign-in, turn off notifications in iOS Settings, manage Camera / Photo Library permissions for the app, clear app data, delete your account through in-app controls where offered, or delete the app. Manage subscriptions and refunds through Apple’s account tools. For privacy rights requests (including access or deletion where applicable), contact privacy@lifemaxr.com.
We use industry-standard measures appropriate to the Service, including transport encryption for API traffic where configured, server-side verification of purchase payloads, and secure token storage on device. No method is 100% secure.
If we become aware of a breach of security affecting personal information and notification is required by applicable law, we will provide notice to you and/or regulators as those laws require.
We may update this Policy by posting a new effective date. Material changes may require additional notice as required by law.
Operator: Yoven Reddi · Lifemaxr · Toronto, Ontario, Canada
Privacy and U.S. state privacy requests: privacy@lifemaxr.com