Privacy Policy
Speglo Last updated: 9 July 2026 Contact: the contact channel on the app’s store listing (Google Play / App Store)
Speglo is a selfie-restyling app for grown-ups who are curious about their own look. We designed it privacy-first. This policy explains, in plain language, exactly what happens on your phone and what leaves it.
There are two ways to generate a look, and they differ in what leaves your phone:
- Bring your own key (BYOK) — the default. Your chosen selfie goes directly from your phone to the AI provider you configured with your own key. There is no Speglo server in the path; we never see it.
- Managed generation (optional) — you buy credits. Your chosen selfie is sent to our stateless generation server, which forwards it to an AI provider using our key and returns the result. The server processes the image in memory and deletes it immediately — it is never stored, logged, or associated with you. You only enter this mode if you choose it.
Read Section 2.7 for exactly how managed generation handles your image.
The short version
| Question | Answer |
|---|---|
| Do we run servers? | Only for optional managed generation. BYOK mode has no backend at all. If you choose managed generation, your one selfie passes through our stateless server, which processes it in memory and stores nothing. |
| Do we use analytics or tracking? | No. None. Not even crash reporting. |
| What happens to my 3 check selfies? | Analysed on your phone only (Google ML Kit face landmarks) just to check your selfies match. Face measurements live in memory only during the check and are never stored or transmitted. |
| Does anything leave my phone? | Only the one selfie you pick. In BYOK mode it goes directly to the AI provider you configured with your own key (xAI or Google). In managed mode it goes to our stateless server, which forwards it to a provider and deletes it immediately. |
| Where are my generated images kept? | On your phone, in app-private storage, encrypted with AES-256-GCM. |
| Where is my API key kept? | In secure storage backed by the Android Keystore (BYOK mode). |
| How are purchases handled? | Credits, subscriptions, and the Pro unlock are billed by Apple App Store / Google Play. We never see your card or payment details. |
| Is anything shared automatically? | No. Sharing happens only when you open the share sheet yourself. |
| Can I delete everything? | Yes. Settings → delete everything, any time. |
| Who can use the app? | Adults only — you must be 18 or older. |
| Is my data sold? | Never. We do not sell or share your personal data. |
Everything below is the same story, in more detail.
1. Who we are
Speglo is published by an independent developer. Because the app has no backend, in most day-to-day use we do not process your personal data at all — it stays on your device. Where data protection law (such as the EU/UK GDPR) applies to the app's design and to the on-device processing described below, the contact for all privacy matters is:
Contact: the contact channel on the app’s store listing (Google Play / App Store).
2. What the app does with your data — step by step
2.1 Capturing your selfies
You take three guided selfies with your front camera. These photos are written to the app's private storage on your device. They are not uploaded anywhere at this stage.
2.2 The on-device consistency check (biometric processing)
To make sure your three shots match each other — same person, usable angles, a real smile — the app runs Google ML Kit face landmark detection entirely on your device. See the dedicated Biometric Data section (Section 3) for the full detail, because this is the most sensitive thing the app does and you deserve the specifics.
2.3 Sending your chosen selfie to your AI provider
You pick one selfie. When you tap generate, that one image and your styling prompt are sent directly from your phone to the AI provider you configured in Settings using your own API key:
- xAI Grok Imagine — endpoint:
api.x.ai - Google Gemini — endpoint:
generativelanguage.googleapis.com
This transfer happens under that provider's terms and privacy policy, not ours — you brought your own key, so your relationship for that processing is with the provider you chose. We recommend reading their policies:
- xAI: https://x.ai/legal
- Google: https://policies.google.com/privacy
We never receive, relay, proxy, or log this traffic. There is no Speglo server in the middle.
2.4 Storing your results
Generated images are stored only on your phone, in app-private storage, encrypted with AES-256-GCM. Other apps cannot read them, and they do not appear in your system gallery unless you export them yourself.
2.5 Your API key
Your provider API key is stored in secure storage backed by the Android Keystore. It is used only to authenticate your requests to the provider you chose and is never sent anywhere else.
2.6 Sharing and export
Nothing is shared automatically. An image leaves the app only when you invoke the Android share sheet. Exported copies carry an AI-provenance marking (see the Terms of Service).
2.7 Managed generation (optional — only if you buy credits)
If you switch generation mode to Managed in Settings, you generate with our engines using credits instead of your own provider key. Here is exactly what happens to your image and data:
- What is sent. The one selfie you pick plus your styling prompt are sent over HTTPS to Speglo's generation server. Your three check selfies, your face measurements, and your gallery are never sent — only the single image you generate from.
- Stateless by design. The server holds your image only in memory for the moment it takes to forward it to the AI provider and return the result. It is not written to disk, not logged, not cached, and not retained after the response. We keep no copy of your selfie or of the generated image — your results are saved only on your phone.
- No account. Managed generation does not require an account, email, or login. To limit abuse, requests carry an anonymous per-install token — a random identifier generated on your device. It is not tied to your identity, contains no personal data, and is deleted when you use "delete everything".
- Credits live on your device. Your credit balance and free-look allowance are stored on your phone, alongside everything else.
- The AI provider. Managed generation forwards your selfie to an AI provider (such as xAI or Google) under our account. That provider processes the image under its own terms as an independent controller. We instruct providers not to retain content for training where that option is available, but their handling is governed by their policies.
- Prefer no server at all? Stay in BYOK mode (the default). Then nothing you generate ever touches our server.
2.8 Payments and purchases
Credits, subscriptions, and the one-time Speglo Pro unlock are sold through the Apple App Store and Google Play. Those stores process the payment and handle billing, refunds, and subscription management. We never receive your card number or payment details — only the store's confirmation that a purchase completed, which the app uses to grant the credits or unlock on your device. Subscriptions renew through your store account until you cancel there. Manage or cancel a subscription in your App Store / Google Play account settings.
3. BIOMETRIC DATA
This section is deliberately explicit, because face geometry is sensitive.
What is collected. When you run the three-shot check, the app uses Google ML Kit's on-device face landmark detection to derive facial landmark positions and geometric measurements (for example, relative positions of eyes, nose, and mouth) from your three selfies.
Purpose — the only purpose. These measurements are used for exactly one thing: to check that your three selfies match — that they show the same face at usable angles — so your restyled results look like you. They are never used to identify you to anyone, never matched against any database, and never used for any other purpose.
On-device only. All biometric processing happens locally on your phone. No face measurements, landmarks, templates, or any biometric identifiers are ever transmitted off your device — not to us (we have no servers), not to your AI provider, not to anyone.
Ephemeral retention. Face measurements exist in memory only, for the duration of the check, and are discarded immediately when the check completes. They are never written to storage, never persisted, never backed up.
No sale, no disclosure. We do not — and structurally cannot — sell, lease, trade, disclose, or otherwise profit from your biometric data. It never leaves your device and never reaches us.
Your explicit consent. The app asks for your explicit, informed consent on the consent screen before any face processing runs. This is our basis for processing under Article 9(2)(a) GDPR (explicit consent for special-category data), and this notice together with that consent screen is intended to satisfy the written-disclosure and consent requirements of the Illinois Biometric Information Privacy Act (BIPA) and similar biometric privacy laws. You can withdraw consent at any time in Settings; the app will stop all face processing.
Retention schedule (BIPA). Our retention schedule for biometric identifiers is simple: they are retained for zero time beyond the check itself. They are permanently discarded from memory when the consistency check finishes, which is within seconds of capture and in every case before you leave the capture flow.
4. What we do NOT do
- No accounts, ever — not even for managed generation.
- In BYOK mode, no developer servers and no backend at all. In managed mode, a stateless server that keeps no copy of your image and stores nothing about you.
- No analytics, telemetry, crash reporting, advertising SDKs, or tracking of any kind.
- No sale or sharing of your personal data.
- No cloud backup of your photos, results, or keys by the app.
- No storing of your images on our server, in either mode.
- No access to your payment details — the app stores handle billing.
- No identity verification. The three-shot check only checks that your selfies match; it does not and cannot establish who you are.
5. Legal bases (GDPR)
Where the GDPR applies, the on-device processing rests on:
- Explicit consent (Art. 9(2)(a) and Art. 6(1)(a)) for the face-landmark consistency check.
- Contract (Art. 6(1)(b)) for the core function you ask for: storing your captures and encrypted results on your device and sending your chosen selfie to the provider you configured.
Your chosen AI provider is an independent controller for its own processing of the selfie you send it, under its own terms.
6. Your rights (GDPR and similar laws)
You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time without affecting past processing. Because your data lives on your own device, you can exercise most rights instantly yourself:
- Access / portability: your images are in the in-app gallery; export any of them via the share sheet.
- Erasure: Settings → delete everything removes all selfies, generated images, and your API key from the device. Uninstalling the app also removes all app-private data.
- Withdraw consent: Settings → withdraw consent.
For anything else, use the contact channel on the app’s store listing (Google Play / App Store). You also have the right to lodge a complaint with your local data protection authority.
To exercise rights regarding the selfie you sent to your AI provider, contact that provider under its own policy — we have no access to, or control over, that copy.
7. Retention
| Data | Where | How long |
|---|---|---|
| Face measurements (biometric) | Device memory only | Duration of the check only; never stored |
| Your 3 check selfies | App-private storage on device | Until you delete them or finish/reset the session |
| Generated images | App-private storage, AES-256-GCM encrypted | Until you delete them in the app |
| API key (BYOK) | Android-Keystore-backed secure storage | Until you remove it or delete everything |
| Selfie sent for managed generation | Our server, in memory only | Duration of the request only; never stored, then discarded |
| Anonymous per-install token (managed) | App secure storage on device | Until you delete everything or uninstall |
| Credit balance & purchase state | App secure storage on device | Until you delete everything (store purchases stay restorable) |
| Settings & consent record | App-private storage on device | Until you delete everything or uninstall |
In BYOK mode we hold nothing. In managed mode we hold your image only for the instant it takes to generate, and never store it.
8. Security
- Generated images: AES-256-GCM encryption in app-private storage.
- API keys: Android-Keystore-backed secure storage.
- Transport to your AI provider: HTTPS directly from your device to the provider's endpoint.
- No third party — including us — can pull your data from the app.
9. Children
Speglo is strictly for adults. You must be 18 or older to use the app, and the app enforces an age gate. We do not knowingly permit use by, or collect any data from, anyone under 18. If you believe a minor has used the app, contact us through the contact channel on the app’s store listing (Google Play / App Store).
10. International note
Because the only network transfer is the one you initiate to the provider you chose, any cross-border transfer of your selfie is governed by that provider's terms and safeguards. Check where your chosen provider processes data.
11. Changes to this policy
If we change this policy, the updated version ships with an app update, the "Last updated" date changes, and material changes will be flagged in the app before they apply to you. Continuing to use the app after a material change (or re-consenting where the law requires it) constitutes acceptance.
12. Contact
Questions, requests, complaints: the contact channel on the app’s store listing (Google Play / App Store).