Effective Date: 13 May 2026 App Name: Mirlook Developer: NeroX Contact Email: neroxvero@gmail.com Jurisdiction of Developer: Province of Quebec, Canada
This Privacy Policy explains how NeroX ("we," "us," or "our") collects, uses, stores, shares, and protects information when you use the Mirlook mobile application (the "App"). It also explains the choices you have regarding your information, including information that may be classified as health-related data, biometric data, or sensitive personal information under applicable laws.
By creating an account or using Mirlook, you confirm that you have read and understood this Privacy Policy. If you do not agree, do not use Mirlook.
Mirlook includes a Skin Analysis feature that processes photographs of your face and generates appearance-related metrics ("skin score," "glow," "texture," "tone evenness," "pore visibility," and "under-eye freshness") and stores them over time.
Under the Google Play Health Apps policy, this feature is declared in the category "Diseases and Conditions Management." Under data protection laws including the EU/UK GDPR (Article 9), Quebec's Law 25, California's CPRA, and the Illinois BIPA, the data generated by this feature may be treated as health-related data, biometric data, or sensitive personal information and is subject to the enhanced protections described in this Policy.
MIRLOOK IS NOT A MEDICAL DEVICE. It is not certified, cleared, registered, or otherwise approved by any health regulator (including the U.S. FDA, Health Canada, the EU's Medical Device Regulation framework, the U.K. MHRA, or any equivalent authority). The metrics, scores, and insights it provides are NOT medical advice, NOT a diagnosis, NOT a treatment recommendation, and NOT a substitute for consultation with a qualified healthcare professional.
You must not rely on Mirlook for any decision affecting your health, including decisions to seek, delay, or avoid medical care. If you have any concerns about your skin or general health, consult a qualified dermatologist or physician.
Mirlook contains features that involve photos of your face, biometric data derived from your face, and the longitudinal tracking of skin-appearance metrics. Please read these points carefully before using such features:
Face geometry is biometric data. When you use features like Face Analysis, Skin Analysis, Twins Finder, Mirlook Stars, or Beauty Tracker, the App generates a numerical representation of your facial features (a "face signature") from images of your face. This face signature is biometric information.
Skin Analysis data may qualify as health-related data. Because the Skin Analysis feature stores skin-appearance metrics over time and is declared under Google Play's "Diseases and Conditions Management" category, the resulting records may be treated as health-related data under several jurisdictions' laws and are protected as such by this Policy.
Twins Finder displays your photo to other users. If you choose to use Twins Finder, your photo, display name, country, and a face signature are stored in our database and made searchable by other Mirlook users. When another user is identified as a possible "twin" match for you (or when you are identified as a match for them), your photo and display name will be visible to that user inside the App. See Section 7.
Mirlook Stars publicly displays your photo to other users. If you choose to use Mirlook Stars, your photo, display name, country, and beauty score / ranking metrics are uploaded to a public-facing feature where they may be shown to other Mirlook users (for example, in a leaderboard, ranking, or community showcase). This means other users of the App may be able to see your photo. See Section 8.
Beauty, skin, and face metrics are not medical advice. Any score, measurement, or analysis output is provided for personal tracking and informational purposes only. See Section 0.
You must be the legal subject of any photo you upload. You may not upload a photo of any other person (including a child) without their explicit consent. Uploading photos of other people without consent may violate their privacy rights and our Terms.
Email address
Authentication credentials managed through Firebase Authentication
Account information from third-party sign-in providers you choose (Google, Facebook), limited to the fields those providers return
Name (or display name) you choose to provide
Country code (used for region-aware matching, ranking, and analytics)
Other personal information you choose to provide in the App
Depending on the feature you use, the App may process or store:
Photos of your face that you capture through the camera or select from your device
Face signatures: numerical representations of your facial features computed from those photos (biometric information)
Skin-appearance metrics computed from those photos: overall score, glow, texture smoothness, tone evenness, pore visibility, and under-eye freshness, together with the timestamp of each measurement. When stored over time, these records are treated as health-related data under this Policy.
Beauty and proportion metrics computed from those photos
How each feature handles photos and derived data:
Feature
Photo Storage
Data Class
Face Analysis
On-device only
Biometric (processed locally)
Face Duel
On-device only
Biometric (processed locally)
Skin Analysis
Uploaded and stored (private to you)
Health-related + biometric
Beauty Tracker
Uploaded and stored (private to you)
Biometric + behavioral
Twins Finder
Uploaded, stored, and visible to matched users
Biometric (with social disclosure)
Mirlook Stars
Uploaded, stored, and publicly visible to all users
Biometric (with public disclosure)
Subscription status (active, expired, canceled)
Subscription start, renewal, and cancellation dates
Product identifier of the active subscription
These details are managed through Google Play Billing.
We use Firebase Analytics and Firebase Crashlytics, which may collect:
App usage events (screens viewed, features used, session duration)
Device information (model, OS version, language, region)
Crash logs and stack traces
A pseudonymous installation identifier
Analytics events do not include the content of your photos, your face signatures, or your specific skin-analysis values.
For users without an active subscription, we display ads via ironSource / Unity Ads. The advertising SDK may process limited technical information for ad delivery, performance measurement, fraud prevention, and operational support. We do not transmit your photos, face signatures, or skin-analysis data to advertising partners.
We use information collected through Mirlook to:
Create and manage your account, including authentication
Provide the App's features, including photo-based features and the Skin Analysis tracking feature
Compute, store, and display analyses, scores, and metrics derived from your photos
Operate Twins Finder, including matching your face signature to those of other users and displaying your photo to users you are matched with (if you opt in)
Operate Mirlook Stars, including displaying your photo, display name, country, and score to other Mirlook users in a public ranking, leaderboard, or showcase (if you opt in)
Manage premium access and subscription billing
Improve and debug the App, monitor performance, and prevent abuse
Display ads in the free version
Respond to support requests and process deletion requests
Comply with legal obligations and enforce our Terms
We do not use your photos, face signatures, or skin-analysis data:
to train any general-purpose machine-learning model;
for targeted or behavioral advertising;
to make any automated decision that produces legal or similarly significant effects about you;
for any purpose unrelated to providing the features you have chosen to use.
If you are in the European Economic Area or the United Kingdom, the legal bases on which we process your personal data are:
Explicit Consent (Article 9(2)(a) GDPR) for processing of (i) biometric data (face signatures) and (ii) health-related data (Skin Analysis records stored over time). Without this explicit consent, the corresponding features will not function.
Consent (Article 6(1)(a)) for uploading and storing photos in cloud-based features, participating in Twins Finder, and participating in Mirlook Stars.
Contract (Article 6(1)(b)) for providing the core services of the App that you have signed up for.
Legitimate interests (Article 6(1)(f)) for analytics, fraud prevention, and security, balanced against your rights and freedoms.
Legal obligation (Article 6(1)(c)) where we are required to retain or disclose information by law.
You may withdraw consent at any time by disabling the relevant feature, deleting that feature's data, or deleting your account (see Section 13). Withdrawing consent does not affect the lawfulness of processing performed before withdrawal.
If you wish to contact our representative for data-protection inquiries from the EEA or UK, please email neroxvero@gmail.com.
If you are a resident of Illinois, the Biometric Information Privacy Act ("BIPA") applies to certain processing performed by the App. By creating an account and using features that process face geometry (including Face Analysis, Skin Analysis, Mirlook Stars, Beauty Tracker, and Twins Finder), you provide your written consent to the following:
What we collect: scans of your face geometry generated from photos you submit or capture in the App ("biometric identifiers"), and information based on those identifiers ("biometric information").
Purpose: to provide the App's photo-based features, including computing analyses, operating Twins Finder, operating Mirlook Stars, and tracking skin-appearance metrics over time.
Storage: biometric identifiers and biometric information are stored using Firebase services and are protected by the safeguards described in Section 10.
Retention and destruction schedule: we retain biometric identifiers and biometric information until the earlier of (a) the date you request deletion, (b) the date your account is deleted, or (c) three years after your last interaction with the App, in compliance with 740 ILCS 14/15(a).
Disclosure: we do not sell, lease, trade, or otherwise profit from your biometric identifiers or biometric information.
If you do not agree, do not use the photo-based features of the App.
For purposes of the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), the categories of personal information we collect are described in Section 2.
The following categories qualify as "sensitive personal information" under the CPRA:
Your account credentials and email
Biometric information used to uniquely identify you (face signatures)
Health-related information collected by the Skin Analysis feature
We collect and use sensitive personal information only for the purposes described in Section 3 and for the limited business purposes permitted under § 1798.121 of the California Civil Code. We do not use sensitive personal information for inferences about you beyond providing the requested features, and you have the right to limit our use of this information as described below.
We do not sell or share personal information for cross-context behavioral advertising.
California residents have the right to:
Know what personal information we collect, use, disclose, and (if applicable) sell or share
Request deletion of personal information
Correct inaccurate personal information
Limit the use and disclosure of sensitive personal information
Opt out of automated decision-making that produces legal or similarly significant effects (we do not engage in such decision-making in Mirlook)
Be free from retaliation for exercising these rights
To exercise any of these rights, contact neroxvero@gmail.com. We may require reasonable identity verification.
If you reside in the Province of Quebec, your personal information is protected under An Act respecting the protection of personal information in the private sector (Law 25). The following disclosures are provided in compliance with that law:
Person in charge of the protection of personal information: NeroX has designated its developer/operator as the person responsible for the protection of personal information under Law 25. You may contact this person at neroxvero@gmail.com.
Sensitive personal information: biometric information (face signatures) and Skin Analysis records are treated as sensitive personal information and require your express consent before processing.
Privacy Impact Assessment: before transferring your personal information outside Quebec (for example, to Firebase / Google Cloud servers located in the United States or other countries), we have assessed the privacy implications of such transfer, the legal regime of the receiving jurisdiction, and the reasonableness of the protections in place. Continued use of the App constitutes your acknowledgment of this cross-border transfer.
Automated decision-making: Mirlook does not use your personal information to render any decision based exclusively on automated processing that would produce legal effects or significantly affect you. The skin scores and metrics shown to you are informational only and do not constitute such a decision.
Right to portability: you have the right to receive your personal information in a structured, commonly used technological format. Contact neroxvero@gmail.com to make such a request.
Right of access, rectification, and erasure: you may request access to, correction of, or deletion of your personal information by emailing the address above.
Complaints: you may file a complaint with the Commission d'accès à l'information du Québec if you believe we have not complied with Law 25.
Twins Finder uses your photo and face signature to find another Mirlook user whose face is most similar to yours. We want to make this very clear:
Participation is opt-in. Twins Finder does not run unless you actively choose to use it.
If you submit a photo to Twins Finder, your photo, display name, country, and face signature are stored on our servers and become part of a pool that other Mirlook users' face signatures are searched against.
When another user is identified as your closest match, that user will see your photo, display name, and country, along with similarity metrics. You will see the matched user's photo, display name, and country in the same way.
We do not display email addresses or other contact details across users.
You can delete your Twins Finder participation, photo, and stored signature at any time through the App or by emailing neroxvero@gmail.com. Deletion removes your entry from the searchable pool going forward.
Copies of an image that other users may have already saved or screenshotted to their own devices are outside our control.
Mirlook Stars is a public-facing feature in which your photo and display name may be shown to any Mirlook user. Please read this carefully before participating:
Participation is opt-in. Mirlook Stars does not run unless you actively choose to use it.
If you submit a photo to Mirlook Stars, your photo, display name, country, and computed score or ranking metrics are stored on our servers and made publicly visible to other Mirlook users.
Any user of the Mirlook App may be able to view your photo and display name in this context.
We do not display email addresses or other contact details across users.
You can delete your Mirlook Stars participation, photo, and stored data at any time through the App or by emailing neroxvero@gmail.com.
Because Mirlook Stars is public-facing, copies of an image that other users may have already saved, screenshotted, or shared outside the App are outside our control. You should treat anything you upload to Mirlook Stars as if it could become permanently public.
If you are not comfortable with your photo being displayed to other Mirlook users, do not use Mirlook Stars.
We do not sell your personal data.
We share information with the following categories of recipients only to the extent necessary to operate the App:
Firebase / Google Cloud (Google LLC): authentication, Firestore, Storage, Cloud Functions, Analytics, Crashlytics
Google Play (Google LLC): subscription billing
Sign-in providers (Google, Facebook): when you choose those sign-in methods
ironSource / Unity Ads: ad delivery and measurement (free version only) — your photos, face signatures, and skin-analysis data are never shared with this party
Other Mirlook users: photo, display name, country, and similarity or score metrics, as described in Sections 8 and 9 (Twins Finder and Mirlook Stars)
Legal authorities: if disclosure is required by law, court order, or to protect our rights, the rights of others, or the security of the App
We do not transfer your photos, face signatures, or skin-analysis data to ad networks or to third parties for their own purposes. Your photos and biometric data are not used to train any general-purpose machine-learning models outside the App.
Mirlook is a consumer entertainment and personal-tracking application. NeroX is not a "covered entity" or "business associate" under the U.S. Health Insurance Portability and Accountability Act ("HIPAA"), and your interactions with Mirlook are not protected by HIPAA. The data classifications used in this Policy reflect protections we voluntarily provide and obligations under non-HIPAA laws (GDPR, CPRA, BIPA, Law 25, etc.) — not HIPAA itself.
Do not transmit information to us that you would consider Protected Health Information ("PHI") within the meaning of HIPAA, and do not use Mirlook in connection with your duties as a healthcare provider.
We use commercially reasonable technical and organizational measures to protect your information, including:
Encrypted transport (HTTPS / TLS) for all communication between the App and our servers
Encryption-at-rest provided by Firebase services
Server-side access controls limiting which records the matching service can read
Per-user authentication scopes that prevent one user from reading another user's account data through the client
Principle of least privilege for any internal access to user data
Logging and monitoring of administrative access
No system is perfectly secure. If we discover a security incident that, in our reasonable assessment, presents a risk of significant harm to your personal information, we will:
notify affected users without unreasonable delay and, where required, within 72 hours of discovery (GDPR Article 33);
notify the applicable supervisory authority where required by law (including, for Quebec residents, the Commission d'accès à l'information du Québec under Law 25);
describe the nature of the incident, the data potentially affected, and the steps we are taking in response.
We retain personal information for as long as your account is active, unless a shorter period is required by law:
Account data: retained for the life of the account.
Skin Analysis records (health-related data): retained until you delete the relevant records or your account, or no later than three years after your last Skin Analysis upload — whichever is sooner.
Photos and analysis results from other cloud-stored features (Beauty Tracker, Twins Finder, Mirlook Stars): retained until you delete the relevant feature data or your account.
Biometric identifiers (face signatures): retained until the earlier of (a) deletion request, (b) account deletion, or (c) three years after your last interaction with the App.
Analytics and crash data: retained according to Firebase's default retention windows, typically up to 14 months.
Subscription history: retained as required by tax and accounting obligations (typically 6–7 years in Canada).
After deletion, residual copies may persist briefly in backups before being purged on the next backup-rotation cycle (typically within 30 days), after which we will not actively use that information.
Mirlook is operated using Firebase and Google Cloud services, which may store and process information on servers located in the United States, the European Union, and other jurisdictions. By using Mirlook, you understand that your information may be transferred outside your country of residence.
We rely on the following transfer mechanisms where applicable:
EU/UK Standard Contractual Clauses for transfers from the EEA / UK to third countries;
Google's Data Processing Addendum with appropriate safeguards;
Privacy Impact Assessments under Quebec's Law 25 for transfers outside Quebec.
Depending on where you live, you may have rights to:
Access the personal information we hold about you
Request correction of inaccurate information
Request deletion of your personal information ("right to erasure")
Withdraw consent to specific processing (such as biometric processing, Skin Analysis health-data processing, Twins Finder participation, or Mirlook Stars participation)
Object to certain processing or restrict it
Receive your personal information in a portable format (data portability)
Limit the use and disclosure of sensitive personal information (where applicable)
Lodge a complaint with a supervisory authority (your local DPA, the Commission d'accès à l'information du Québec, the U.K. ICO, etc.)
You may exercise any of these rights by:
Using the in-app Delete Account feature in Settings
Using the in-app Customer Support feature
Emailing neroxvero@gmail.com
We will respond within the timeframes required by applicable law (within 30 days for GDPR/CPRA/Law 25 requests, extendable where permitted). We may require reasonable identity verification before acting on a request.
Mirlook is intended for users 16 years of age or older. We do not knowingly collect personal information from children under 16. If you believe a child has provided personal information through Mirlook, please contact us at neroxvero@gmail.com so we can review and take appropriate action, including deletion.
If you are between 16 and the age of majority in your jurisdiction, we recommend that you review this Policy with a parent or legal guardian.
Mirlook may request the following device permissions, each of which is used solely to provide the corresponding feature:
Camera: to capture photos for the in-app analysis features
Photos / media: to let you select existing images from your device
Internet: to communicate with Firebase, sign-in providers, analytics, crash reporting, billing, and ads
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date at the top and provide notice through the App or by other reasonable means at least 30 days before the changes take effect, unless a shorter period is required for legal or security reasons. Your continued use of Mirlook after the updated policy takes effect means you accept the changes.
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your information, please contact:
NeroX Email: neroxvero@gmail.com Jurisdiction: Province of Quebec, Canada