Speglo Privacy Policy
Pre-release draft — Speglo has not launched yet. The final version of this document ships with the app and will be linked here at launch.

Privacy Policy

Speglo Last updated: 9 July 2026 Contact: the contact channel on the app’s store listing (Google Play / App Store)

Speglo is a selfie-restyling app for grown-ups who are curious about their own look. We designed it privacy-first. This policy explains, in plain language, exactly what happens on your phone and what leaves it.

There are two ways to generate a look, and they differ in what leaves your phone:

Read Section 2.7 for exactly how managed generation handles your image.

The short version

Question Answer
Do we run servers? Only for optional managed generation. BYOK mode has no backend at all. If you choose managed generation, your one selfie passes through our stateless server, which processes it in memory and stores nothing.
Do we use analytics or tracking? No. None. Not even crash reporting.
What happens to my 3 check selfies? Analysed on your phone only (Google ML Kit face landmarks) just to check your selfies match. Face measurements live in memory only during the check and are never stored or transmitted.
Does anything leave my phone? Only the one selfie you pick. In BYOK mode it goes directly to the AI provider you configured with your own key (xAI or Google). In managed mode it goes to our stateless server, which forwards it to a provider and deletes it immediately.
Where are my generated images kept? On your phone, in app-private storage, encrypted with AES-256-GCM.
Where is my API key kept? In secure storage backed by the Android Keystore (BYOK mode).
How are purchases handled? Credits, subscriptions, and the Pro unlock are billed by Apple App Store / Google Play. We never see your card or payment details.
Is anything shared automatically? No. Sharing happens only when you open the share sheet yourself.
Can I delete everything? Yes. Settings → delete everything, any time.
Who can use the app? Adults only — you must be 18 or older.
Is my data sold? Never. We do not sell or share your personal data.

Everything below is the same story, in more detail.

1. Who we are

Speglo is published by an independent developer. Because the app has no backend, in most day-to-day use we do not process your personal data at all — it stays on your device. Where data protection law (such as the EU/UK GDPR) applies to the app's design and to the on-device processing described below, the contact for all privacy matters is:

Contact: the contact channel on the app’s store listing (Google Play / App Store).

2. What the app does with your data — step by step

2.1 Capturing your selfies

You take three guided selfies with your front camera. These photos are written to the app's private storage on your device. They are not uploaded anywhere at this stage.

2.2 The on-device consistency check (biometric processing)

To make sure your three shots match each other — same person, usable angles, a real smile — the app runs Google ML Kit face landmark detection entirely on your device. See the dedicated Biometric Data section (Section 3) for the full detail, because this is the most sensitive thing the app does and you deserve the specifics.

2.3 Sending your chosen selfie to your AI provider

You pick one selfie. When you tap generate, that one image and your styling prompt are sent directly from your phone to the AI provider you configured in Settings using your own API key:

This transfer happens under that provider's terms and privacy policy, not ours — you brought your own key, so your relationship for that processing is with the provider you chose. We recommend reading their policies:

We never receive, relay, proxy, or log this traffic. There is no Speglo server in the middle.

2.4 Storing your results

Generated images are stored only on your phone, in app-private storage, encrypted with AES-256-GCM. Other apps cannot read them, and they do not appear in your system gallery unless you export them yourself.

2.5 Your API key

Your provider API key is stored in secure storage backed by the Android Keystore. It is used only to authenticate your requests to the provider you chose and is never sent anywhere else.

2.6 Sharing and export

Nothing is shared automatically. An image leaves the app only when you invoke the Android share sheet. Exported copies carry an AI-provenance marking (see the Terms of Service).

2.7 Managed generation (optional — only if you buy credits)

If you switch generation mode to Managed in Settings, you generate with our engines using credits instead of your own provider key. Here is exactly what happens to your image and data:

2.8 Payments and purchases

Credits, subscriptions, and the one-time Speglo Pro unlock are sold through the Apple App Store and Google Play. Those stores process the payment and handle billing, refunds, and subscription management. We never receive your card number or payment details — only the store's confirmation that a purchase completed, which the app uses to grant the credits or unlock on your device. Subscriptions renew through your store account until you cancel there. Manage or cancel a subscription in your App Store / Google Play account settings.

3. BIOMETRIC DATA

This section is deliberately explicit, because face geometry is sensitive.

What is collected. When you run the three-shot check, the app uses Google ML Kit's on-device face landmark detection to derive facial landmark positions and geometric measurements (for example, relative positions of eyes, nose, and mouth) from your three selfies.

Purpose — the only purpose. These measurements are used for exactly one thing: to check that your three selfies match — that they show the same face at usable angles — so your restyled results look like you. They are never used to identify you to anyone, never matched against any database, and never used for any other purpose.

On-device only. All biometric processing happens locally on your phone. No face measurements, landmarks, templates, or any biometric identifiers are ever transmitted off your device — not to us (we have no servers), not to your AI provider, not to anyone.

Ephemeral retention. Face measurements exist in memory only, for the duration of the check, and are discarded immediately when the check completes. They are never written to storage, never persisted, never backed up.

No sale, no disclosure. We do not — and structurally cannot — sell, lease, trade, disclose, or otherwise profit from your biometric data. It never leaves your device and never reaches us.

Your explicit consent. The app asks for your explicit, informed consent on the consent screen before any face processing runs. This is our basis for processing under Article 9(2)(a) GDPR (explicit consent for special-category data), and this notice together with that consent screen is intended to satisfy the written-disclosure and consent requirements of the Illinois Biometric Information Privacy Act (BIPA) and similar biometric privacy laws. You can withdraw consent at any time in Settings; the app will stop all face processing.

Retention schedule (BIPA). Our retention schedule for biometric identifiers is simple: they are retained for zero time beyond the check itself. They are permanently discarded from memory when the consistency check finishes, which is within seconds of capture and in every case before you leave the capture flow.

4. What we do NOT do

5. Legal bases (GDPR)

Where the GDPR applies, the on-device processing rests on:

Your chosen AI provider is an independent controller for its own processing of the selfie you send it, under its own terms.

6. Your rights (GDPR and similar laws)

You have the rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time without affecting past processing. Because your data lives on your own device, you can exercise most rights instantly yourself:

For anything else, use the contact channel on the app’s store listing (Google Play / App Store). You also have the right to lodge a complaint with your local data protection authority.

To exercise rights regarding the selfie you sent to your AI provider, contact that provider under its own policy — we have no access to, or control over, that copy.

7. Retention

Data Where How long
Face measurements (biometric) Device memory only Duration of the check only; never stored
Your 3 check selfies App-private storage on device Until you delete them or finish/reset the session
Generated images App-private storage, AES-256-GCM encrypted Until you delete them in the app
API key (BYOK) Android-Keystore-backed secure storage Until you remove it or delete everything
Selfie sent for managed generation Our server, in memory only Duration of the request only; never stored, then discarded
Anonymous per-install token (managed) App secure storage on device Until you delete everything or uninstall
Credit balance & purchase state App secure storage on device Until you delete everything (store purchases stay restorable)
Settings & consent record App-private storage on device Until you delete everything or uninstall

In BYOK mode we hold nothing. In managed mode we hold your image only for the instant it takes to generate, and never store it.

8. Security

9. Children

Speglo is strictly for adults. You must be 18 or older to use the app, and the app enforces an age gate. We do not knowingly permit use by, or collect any data from, anyone under 18. If you believe a minor has used the app, contact us through the contact channel on the app’s store listing (Google Play / App Store).

10. International note

Because the only network transfer is the one you initiate to the provider you chose, any cross-border transfer of your selfie is governed by that provider's terms and safeguards. Check where your chosen provider processes data.

11. Changes to this policy

If we change this policy, the updated version ships with an app update, the "Last updated" date changes, and material changes will be flagged in the app before they apply to you. Continuing to use the app after a material change (or re-consenting where the law requires it) constitutes acceptance.

12. Contact

Questions, requests, complaints: the contact channel on the app’s store listing (Google Play / App Store).