Visara — Privacy Policy
This Privacy Policy explains what personal information Visara ("Visara", "we", "us") collects when you use the Visara mobile application (the "App"), how we use it, who we share it with, and the rights you have. Visara is designed to minimise data collection by default and to process biometric information on-device whenever possible.
If you do not agree with this Policy, please do not use the App.
1. Who we are
Visara is an AI glow-up coach. You take a selfie; the App produces a score, sub-metrics, and a personalised weekly improvement plan. The App is operated by IT Apps, reachable at itapps.contact@gmail.com.
For European Economic Area (EEA), United Kingdom, and Türkiye users, IT Apps is the data controller of the personal information described below.
2. The information we collect
2.1. Information you give us directly
- Onboarding answers. Age range, gender (or "prefer not to say"), and goal selections you pick during onboarding. Stored on your device.
- Selfie / face photo. Captured from your device camera when you request an analysis.
- Coach messages. Text you send to the optional AI coach feature.
- Account identifiers (if you create an account). A pseudonymous install ID generated on your device. We do not ask for your legal name.
- Support correspondence. Any content you send us at itapps.contact@gmail.com (email address, message body, attachments).
2.2. Information we derive from your selfie
- Facial landmarks and geometric metrics. Detected on your device using Google ML Kit Face Detection (Android) or Apple Vision (iOS) — for example symmetry ratio, jawline angle, canthal tilt, smile probability. These are numeric values, not images.
- Holistic score and plan. Generated either entirely on your device using a deterministic template engine, or — when the cloud analysis path is enabled — by sending your selfie and derived metrics to our processor (Google — Gemini API) through our secure backend proxy. You will see an in-app notice the first time the cloud path is used and may decline.
2.3. Information collected automatically
- Device and diagnostic data. Operating system, app version, device model, locale, and crash logs stay on your device unless you opt in to share them.
- Subscription and purchase data. Managed by Apple/Google and our subscription processor (RevenueCat). We receive a pseudonymous user ID, plan, trial status, renewal date, and receipt validation result — not your full card number.
2.4. Information we do not collect
- We do not collect precise GPS location, contacts, microphone audio, SMS, call logs, or social graph.
- We do not use advertising identifiers (IDFA / Android Advertising ID).
- We do not show you adverts.
- We do not sell personal information.
- We do not use your selfies to train any AI model.
3. How we use your information
We use your information only for the purposes below, and only for as long as necessary.
| Purpose | Legal basis (EEA / UK / Türkiye) |
|---|---|
| Generate your score, sub-metrics, and plan | Contract performance (Art. 6(1)(b) GDPR; Art. 5(2)(c) KVKK) |
| Process your selfie as biometric data for analysis | Explicit consent (Art. 9(2)(a) GDPR; Art. 6(3) KVKK). You can withdraw consent at any time. |
| Operate, maintain, and secure the App | Legitimate interests (Art. 6(1)(f) GDPR) — running a safe service |
| Detect misuse, fraud, or policy violations | Legitimate interests / legal obligation |
| Process subscription payments and validate receipts | Contract performance |
| Send optional product notifications (e.g. "time for your weekly re-scan") | Consent — you can disable in system settings |
| Comply with applicable law, respond to lawful requests | Legal obligation |
We do not make solely automated decisions with legal or similarly significant effects about you. The score and plan are informational only, not medical, psychological, or professional advice.
4. Biometric data — special protections
Your selfie and the derived facial landmarks are special-category biometric data under GDPR Art. 9 and sensitive personal data under KVKK Art. 6. We therefore apply extra protections:
- Explicit consent. Before your first scan we ask for your affirmative consent. You can withdraw it at any time from Settings → Privacy controls or by emailing itapps.contact@gmail.com.
- On-device first. The face detection step runs on your device. By default the cloud analysis path is disabled and your raw image never leaves your phone.
- No retention. When the cloud path is enabled, the selfie used for a given analysis is deleted from our backend as soon as the analysis is returned (typically within seconds).
- No training. We do not use your selfies or derived metrics to train any machine-learning model.
5. Third-party processors and disclosure of your data
We share personal information only with the service providers listed below, and only under written contracts that require confidentiality and data protection. They act as processors on our behalf.
| Processor | Purpose | Location |
|---|---|---|
| Google — Gemini API | Holistic face analysis and plan generation when the cloud path is enabled | United States / EEA |
| Apple App Store / Google Play | App distribution, in-app purchases | Global |
| RevenueCat | Subscription receipt validation | United States |
| Cloudflare Workers | Secure API proxy, rate-limiting | Global edge |
We do not currently use third-party analytics, attribution, or crash-reporting services. If we ever add one, we will update this Policy and, where legally required, ask for your consent.
November 2025 App Store requirement. Before sending your selfie to a third-party AI system (Gemini), we display an explicit in-app notice and obtain your consent, as required by Apple's AI-disclosure guideline.
We do not sell or "share" your personal information for cross-context behavioural advertising (CCPA/CPRA terms). We do not build advertising profiles.
International transfers
Personal data may be transferred outside your country — for example, to the United States. When we transfer data out of the EEA, UK, or Türkiye, we rely on the European Commission's Standard Contractual Clauses (or the equivalent UK/Türkiye instruments) together with supplementary technical measures (encryption in transit and at rest).
6. How long we keep your data
| Data category | Retention |
|---|---|
| Selfie images (cloud analysis path) | Deleted within seconds of completing the analysis |
| Facial metrics, scores and plans | Stored on your device; deleted when you choose Delete my data in Settings |
| Coach chat history | Stored on your device; deleted when you choose Delete my data in Settings |
| Anonymous install ID | Up to 12 months in our backend, then automatically expires |
| Subscription / receipt records | As long as legally required for tax and accounting (up to 10 years), held by Apple/Google/RevenueCat |
| Support correspondence | Up to 24 months, then deleted |
7. Your rights
Depending on where you live, you have the following rights over your personal data. You can exercise any of these by emailing itapps.contact@gmail.com or using the in-app Settings → Delete my data button.
- Access — Ask for a copy of your personal data.
- Rectification — Ask us to correct inaccurate data.
- Erasure / "Right to be forgotten" — Ask us to delete your data.
- Restriction — Ask us to pause certain processing.
- Portability — Ask for a machine-readable export of your data.
- Objection — Object to processing based on legitimate interests.
- Withdraw consent — Withdraw biometric or marketing consent at any time. This does not affect the lawfulness of processing before withdrawal.
- Automated decision-making — You can ask for human review of any decision; Visara does not use solely automated decisions with significant effects.
We will respond within 30 days (extendable once by 60 days for complex requests). There is no charge unless requests are excessive.
California (CCPA / CPRA). California residents additionally have the right to know the categories and specific pieces of personal information collected, to correct inaccurate data, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioural advertising.
Supervisory authority. You may complain to your local data-protection authority — for example, the Turkish Personal Data Protection Authority (KVKK Kurumu), the Irish Data Protection Commission (for EEA residents routed through Ireland), or the UK ICO.
8. Children's privacy
Visara is rated 17+ on the App Store and the equivalent on Google Play. The App is not intended for anyone under 13, and under EU age-of-digital-consent laws users under 16 (or the age set locally — 13 to 16) must obtain parental consent. We collect the minimum information necessary to verify age during onboarding. If we learn that we have collected personal data from a child in violation of this Policy, we will delete it promptly. Please contact itapps.contact@gmail.com if you believe a child's data has been collected.
9. Security
We protect personal information with industry-standard safeguards:
- Transport Layer Security (TLS 1.2+) for all data in transit.
- Encryption at rest for stored files and database fields.
- Signed, short-lived HMAC tokens between the App and our backend proxy.
- Strict access controls and audit logs for internal systems.
- Regular dependency scanning and security review for major releases.
No system is perfectly secure. If we learn of a personal-data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent authority within 72 hours and, where required, inform affected users without undue delay.
10. Cookies and tracking
The App itself does not use cookies. The website hosting this Privacy Policy is a static page that does not set tracking cookies and does not collect analytics. We honour Global Privacy Control (GPC) signals as an opt-out of sale/sharing.
11. Disclaimer — informational only
The scores, sub-metrics, and plans produced by Visara are provided for self-improvement and entertainment guidance only. They are not medical, dermatological, psychological, cosmetic, or diagnostic advice. Consult a qualified professional for any concern about your physical or mental health.
12. Changes to this Policy
If we change this Policy, we will post the new version in the App and update the "Last updated" date. Material changes will be highlighted with an in-app notice. Continued use of the App after changes take effect constitutes acceptance of the revised Policy.
13. Languages
This Privacy Policy is published in English, Turkish, German, Spanish, French and Brazilian Portuguese for your convenience. The English version is the binding legal text in case of any difference between translations.
14. Contact
Questions, rights requests, or concerns? We read every message.
Email: itapps.contact@gmail.com Operator: IT Apps — Visara