Last updated: Sunday May 10, 2026
This Privacy Policy describes how C9 or Allura ("we," "us," or "our") handles information when you use the Allura mobile application ("Allura" or "the App"). We take your privacy seriously and have designed Allura to collect as little personal information as possible.
Allura collects only the information needed to provide its features. There is no user account, no email signup, and no advertising tracking.
Display name: The name you enter during onboarding. Used to personalize greetings and AI feedback.
Photos: When you use scanning features, the App captures photos of your face. Photos are processed by our AI service provider (see Section 3) and used to generate beauty analysis. Photos are not retained on our servers long-term — they are deleted after analysis completes.
Scan history: Results from your AI makeup scans (scores, category feedback, AI-generated tips). Stored only on your device.
Beauty profile: Your skin tone, undertone, face shape, eye shape, lip shape, and any skin conditions noted during your bare-face scan. Stored only on your device.
Color analysis results: Your seasonal color palette and color recommendations. Stored only on your device.
Streak and usage counters: Daily scan counters and streak data. Stored only on your device.
Subscription status: Whether you have an active Allura Premium subscription. Stored on your device and managed by Apple.
Device-bound cryptographic key: Allura uses Apple's App Attest framework to prove that requests come from a genuine, untampered installation of the App. This generates an anonymous public key stored on our servers. The key is NOT linked to your Apple ID, name, or any identifying information — it identifies the App installation, not you personally.
Allura does NOT collect:
Email address (no account is required)
Phone number
Real name or legal identity
Location data
Contacts, calendar, or photo library access (except photos you specifically take in the App for scans)
Health or medical records
Financial information (subscriptions are handled by Apple — we never see your payment details)
Web browsing history
Identifiers for cross-app tracking
Advertising identifiers (IDFA)
We do not use third-party analytics, advertising networks, or behavioral tracking tools.
We use the information described above solely to:
Provide the App's features (AI scans, color analysis, virtual try-on, look match)
Personalize your experience (greet you by name, tailor feedback to your beauty profile)
Track your daily streaks and progress
Send notifications you've opted into (daily reminders, streak warnings)
Process subscription payments through Apple
Protect against abuse (App Attest, rate limiting)
Improve App stability through anonymous error reporting on Apple's side
We do not:
Sell your data
Share your data with advertisers
Use your photos to train AI models
Build behavioral profiles for marketing
Track you across other apps or websites
Allura uses the following third-party services to provide its functionality:
What's sent: Compressed photos of your face + text prompts describing what to analyze
Why: To generate beauty analysis, color recommendations, and AI tutorials
Retention: Per Google's Gemini API terms, prompts and responses are not retained for model training
Privacy policy: https://policies.google.com/privacy
What's sent: Encrypted HTTPS traffic between the App and Google Gemini, plus your App Attest public key
Why: We use Cloudflare as a secure proxy that holds the actual Gemini API key server-side (so it can't be extracted from the App), and to validate device authenticity
Retention: Cloudflare stores your public key and per-device usage counter indefinitely for authentication purposes; HTTPS traffic is not logged
Privacy policy: https://www.cloudflare.com/privacypolicy
What's sent: Subscription transactions, App Attest cryptographic operations, optional local notifications
Why: Apple handles all payment processing, subscription management, and device security primitives we use
Retention: Per Apple's privacy policy
Privacy policy: https://www.apple.com/legal/privacy
We do not use any other third-party services (no Facebook SDK, no analytics, no crash reporters beyond Apple's standard tools).
Because photos are sensitive, here is exactly what happens to them:
Capture: When you tap "Scan," the App accesses your device's camera (with your prior permission) and captures a photo.
Compression: The photo is compressed to under 500 KB on your device before transmission.
Transmission: The compressed photo is sent via encrypted HTTPS to our Cloudflare proxy, then forwarded to Google's Gemini API.
Analysis: Gemini returns a text response describing your makeup, skin, or color analysis. Per Google's API terms, the photo is not retained or used for model training.
Storage on your device: The original photo is stored in your scan history (locally on your device only, encrypted by iOS).
No upload to our servers: We do not store your photos on our servers. Our Cloudflare proxy passes them through to Google in real-time and does not log them.
You can delete your scan history (and the photos in it) by uninstalling the App.
Most of your data is stored only on your iPhone, encrypted by iOS:
SwiftData: Beauty profile, scan results, color analysis records, look match tutorials
UserDefaults: Preferences, streak counters, subscription state, notification settings
Keychain: App Attest device key identifier (anonymous, device-bound)
This data does not leave your device unless you back up your iPhone to iCloud (in which case Apple handles the encrypted backup, not us). If you uninstall the App, all this data is permanently deleted by iOS.
Allura is intended for users 13 years of age and older. We do not knowingly collect information from children under 13. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly.
If you are a parent or guardian and believe your child has provided information to us, please contact us at harleydavids19997@gmail.com
Depending on where you live, you may have certain rights regarding your personal information:
You have the right to know what personal information we collect, to request deletion, and to non-discrimination for exercising your rights. Allura collects only the information described above and stores most of it locally on your device — you can delete it by uninstalling the App.
You have the right to access, correct, delete, or restrict processing of your personal information. The legal bases for our processing are:
Consent: For optional features like notifications
Contract: To provide the App's services after you accept these Terms
Legitimate interest: For security measures (App Attest, rate limiting)
You can:
Delete your data: Uninstall the App. All local data is deleted by iOS. Cloudflare KV keys auto-expire when unused.
Cancel your subscription: Through Apple's Settings → [Your Name] → Subscriptions
Revoke camera or notification permissions: Through iOS Settings → Privacy
For App Attest cryptographic keys stored in our Cloudflare KV: these are not linked to your identity. To request deletion of the anonymous key associated with your device installation, contact us at harleydavids19997@gmail.com and we will remove it.
We protect your information by:
Using HTTPS (TLS 1.3) for all network communication
Routing AI requests through a Cloudflare proxy so the underlying API key is never exposed to clients
Using Apple's App Attest to prove device authenticity and prevent fraud
Applying rate limiting to prevent abuse
Not storing photos on our servers
Storing local data inside iOS's encrypted app sandbox
No method of transmission or storage is 100% secure, but we use industry-standard practices to protect your information.
Data type
Where stored
How long
Display name, beauty profile, scan history, color analysis
Your iPhone only
Until you uninstall the App
Photos used in scans
Your iPhone only
Until you uninstall the App
Photos transmitted to Gemini
Google's servers
Per Google's API terms — not retained for training
App Attest public key
Cloudflare KV
Until you uninstall or contact us to remove
Subscription state
Apple's servers + your device
Per Apple's policy
Anonymous request logs
Cloudflare edge
Standard Cloudflare retention (typically minutes to hours)
Allura is operated from the United States. If you use the App from outside the US, your information will be processed in the US. The third-party services we use (Google, Cloudflare, Apple) have their own data residency policies — see their privacy policies for details.
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date at the top and notify users via in-app notice for significant changes. Continued use of the App after changes constitutes acceptance.
AI Processing
AI Processing (Google Gemini)
To analyze your makeup and color palette, Allura sends the photos you choose to scan to Google's Gemini AI service (operated by Google LLC) via our secure proxy. This includes the Smart Makeup Scan, the bare-face onboarding scan, Color Analysis, Look Match, and the Weekly AI Coach.
What is sent: The image you choose to scan, plus the structured prompt used to analyze it.
What is NOT sent: Your name, identity, device contacts, location, or any data tied to who you are.
Photos are processed in real-time and discarded after analysis. They are not stored on Allura's servers or used to train any AI model. Google's handling of API-submitted images is governed by the Google AI / Gemini API terms (https://ai.google.dev/terms).
Face Data (TrueDepth API and Vision Framework)
Allura uses Apple's TrueDepth API (via ARKit's ARFaceTrackingConfiguration) and Vision Framework to detect facial landmarks for the AR Try-On and Magic Mirror features. These features render virtual makeup overlays in real time on your face.
What is collected: A 3D face mesh and landmark positions generated entirely on your device.
How it's used: Only to position makeup overlays correctly on your face in real time.
What happens to it: This data NEVER leaves your device. It is not stored, transmitted, or shared with Apple, Google, or any third party. The face mesh is regenerated each video frame and discarded the next frame.
If you have questions about this Privacy Policy or how Allura handles your data, contact us at:
Email: harleydavids19997@gmail.com