logo

Privacy Policy

Looktara — Privacy Policy
Last updated: August 17, 2025

This Privacy Policy explains how MarkupX Brands Technologies Private Limited (“Looktara”, “we”, “us”, “our”)
collects, uses, discloses, and protects information relating to your use of:​
(i) the Looktara website and app,​
(ii) the Looktara Chrome Extension, and​
(iii) our APIs, model-training and image-generation services (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services.

1) Who we are (Data Controller & Contact)
Entity (Controller): MarkupX Brands Technologies Private Limited​
Registered Address: U-55, GF, Solanki Road, Uttam Nagar, New Delhi 110059, India​
Support Email: team@looktara.com​
Owner/Founder Email: founder@markupxbrands.com​
Phone/WhatsApp: +91 9599272272

Grievance & Privacy Requests (India & global): team@looktara.com​
We acknowledge privacy requests within a reasonable time and aim to resolve within 30 days, unless law requires a
different timeline.

2) Scope & summary of what Looktara does
Looktara lets you (a) train a personal AI model from your photos, (b) generate images from prompts or a
reference+prompt workflow, and (c) use a Chrome extension to create/inject images alongside LinkedIn/X posts or
comments. It also includes features like daily prompts/images on WhatsApp, a smart gallery, and pre-built photo
packs.

Chrome Extension focus: We only interact with supported sites’ editors when you trigger Looktara (e.g., prefill a
prompt from your draft text or insert a generated image). We do not collect your general browsing history.

3) Categories of data we collect
A. Account & Identity

●​ Name (optional), email, password hash or OAuth identifiers.​

●​ Phone number (if you opt into WhatsApp features or 2FA).​

●​ Subscription/plan metadata (e.g., plan type, renewal date, transaction identifiers).​

Why: account creation, authentication, billing, customer support, and service delivery.

B. Payment & Billing
●​ Transaction identifiers, plan info, currency, amounts, masked card/bank identifiers (if provided by the

processor).​

●​ We do not store full payment instrument numbers; payments are processed by third-party processors.​
Why: process purchases, invoicing, fraud prevention, legal record-keeping.​

C. Content You Provide (Core to Service)
●​ Training photos you upload (self portraits/approved likenesses), reference images, prompts, style

selections, and the images generated for you.​

●​ Per-user model artifacts (e.g., LoRA weights) created to reproduce your likeness for your use.​
Why: to train your user-scoped model and generate the outputs you request.​

D. Usage & Device/Service Metadata
●​ IP address, device/browser type, OS, language, timestamps, session IDs.​


●​ In-app/extension events (e.g., clicks, generate requests, errors), limited page context needed to prefill

prompts or inject images on supported hosts you explicitly use with the Extension.​

●​ Diagnostic/crash logs.​
Why: security (abuse/fraud prevention), reliability, performance analytics, troubleshooting.​

E. Communications
●​ Your messages to support, survey responses, and marketing preferences.​

Why: respond, resolve issues, improve the Services, honor preferences.​

F. Cookies, Local Storage, and SDKs
●​ Cookies/local storage for login state and preferences.​


●​ Chrome chrome.storage.local for extension settings/auth state on-device.​

Why: essential functionality, session continuity, fraud prevention, feature preferences.​

4) Special categories & sensitive data (likeness/biometric inferences)
Your uploaded portraits and generated outputs depict your likeness. We treat training photos, reference photos,
prompts tied to identity, and model artifacts as sensitive. We never sell this data and do not use your user-scoped
likeness model to train global/foundation models without your explicit consent.

●​ Minors: You must be 18+ to create/train likeness models or use generation features. We do not knowingly
collect data from children under 13 for any purpose. Violations may result in deletion and reporting if required
by law.​

5) How we use your information (Purposes & Legal Bases)
Service delivery & account administration (contract):

●​ Train user-scoped models, generate images from your prompts/reference images.​

●​ Provide the Extension’s editor prefill and image insertion on supported sites.​

Security & integrity (legitimate interests/legal obligation):

●​ Monitor for abuse (e.g., spam/scams, prohibited content), protect accounts, detect fraud, secure our
infrastructure, maintain logs.​

Improvements & reliability (legitimate interests/consent where required):

●​ De-identified usage analytics, A/B testing, bug-fixes, performance insights.​

Communications (contract/consent/legal obligation):

●​ Support responses, service notices, billing emails.​

●​ Optional marketing (you can opt out anytime).​

Legal compliance (legal obligation):

●​ Tax, accounting, law-enforcement requests, lawful takedowns.​

6) Chrome Extension–specific disclosures
●​ Hosts: LinkedIn and X/Twitter (in production builds) and only when you invoke Looktara actions

(prefill/insert).​

●​ Permissions:​

○​ activeTab – read editor text you choose to send to Looktara; write the selected image back to the
editor.​

○​ scripting – run scoped content scripts on supported hosts to exchange messages between page
and extension UI.​

○​ storage – save local preferences/auth state on your device.​

○​ clipboardWrite – only when you click Copy.​

●​ No general browsing history collection.​

●​ No remote code execution. Network calls occur only for user-initiated API requests.​

7) Sharing & subprocessors
We share data with carefully selected service providers under contracts that restrict use to providing services to us,
including: cloud hosting/GPU compute, CDN, database/backup, logging/monitoring, analytics (privacy-centric),
email/SMS/WhatsApp sending, and payment processing. We may disclose information:

●​ To comply with law or lawful process;​

●​ To protect rights and safety of users, the public, or Looktara;​

●​ Business transfers (e.g., merger or acquisition) under continued protection.​

We do not sell personal data and we do not share it for targeted advertising.

8) International data transfers
We may process/store data in countries where we or our providers operate. Where required, we implement
appropriate safeguards (e.g., SCCs) and minimize data transferred/retained. You can contact us for a list of
principal processing locations used for your account.

9) Data retention (how long we keep things)
We keep personal data only as long as necessary for the purposes described above or as required by law. Typical
periods (subject to change based on legal/operational needs):

Data Category Typical Retention
Account & subscription metadata Life of account + up to 3 years
Training photos/reference
images

Until you delete them or request deletion

User-scoped model artifacts Until deleted or 12 months of inactivity
Generated images Until you delete or your gallery retention limit is reached

Logs (security/diagnostic) ~30–180 days (shorter for high-sensitivity logs)
Payment records & invoices Per tax/accounting laws (commonly 7–10 years)

You may request deletion (see Your Rights). Deletion timelines may vary by backup cycles and legal holds.

10) Security measures
We use layered technical and organizational safeguards appropriate to the nature of the data and risks, including:
TLS in transit, encryption at rest for sensitive stores, access controls/least privilege, secrets management, audit
logging, rate-limiting/abuse defenses, periodic backups, and vulnerability management. We maintain incident
response procedures and will notify you of data breaches as required by law.

11) Your privacy choices & rights
All users (global):

●​ Access, correction, deletion of your account data (email team@looktara.com).​

●​ Opt out of marketing emails.​

●​ Revoke WhatsApp prompts/images by replying STOP or contacting us.​

●​ Clear extension storage by removing the extension or via Chrome’s settings.​

EEA/UK (GDPR):
●​ Legal bases: Contract, Legitimate Interests, Consent (where used), Legal Obligation.​


●​ Rights: access, rectify, erase, restrict, portability, object, withdraw consent.​


●​ Lodge a complaint with your local supervisory authority (we invite contacting us first).​

California (CCPA/CPRA):
●​ Rights to know, delete, correct, and limit certain uses of sensitive personal information.​


●​ We do not sell or share personal information for cross-context behavioral ads.​

India (DPDP Act 2023):
●​ Rights to access, correction, erasure, grievance redressal via our Grievance Officer (team@looktara.com).

We acknowledge grievances promptly and work to resolve within 30 days.​

We will verify requests where required (e.g., by asking you to email from your registered address or provide account
details).

12) Children’s privacy
The Services are not directed to children under 13. Likeness training/generation and the Extension require 18+. If we
learn that a child’s personal data was collected, we will delete it and may disable the account/features.

13) Automated processing & profiling
We use machine-learning models to generate images from your inputs. We do not make decisions with legal or
similarly significant effects about you solely by automated means.

14) Third-party services & links
The Services may link to or interoperate with third-party sites and platforms (e.g., LinkedIn, X/Twitter, WhatsApp).
Their privacy practices govern their handling of your data. Please review their policies.

15) Data subject & user controls (how to exercise)
●​ Access/Export/Deletion: Email team@looktara.com with subject “Privacy Request.”​


●​ Model & Training Data: Request deletion of training photos and user-scoped model artifacts; generation will

stop once deleted.​

●​ Extension Storage: Remove the extension or clear extension data in Chrome.​

●​ Marketing: Use unsubscribe links or email support.​

We may retain minimal data where permitted/required (e.g., fraud prevention, accounting).

16) Prohibited content & safety (high level)
You must not upload or generate illegal content; exploit minors; create deceptive deepfakes/impersonations; or
violate others’ rights. We may review and remove content; we may report child-exploitation or other illegal content to
authorities.

17) Payments & Refunds

All fees for digital Services are prepaid and non-refundable. NO REFUNDS, NOTHING. This refunds clause does
not limit your statutory privacy rights (e.g., access/deletion) regarding personal data.

18) Changes to this Policy
We may update this Privacy Policy periodically. We’ll revise the “Last updated” date and, where legally required,
provide additional notice. Your continued use of the Services after changes means you accept the updated Policy.

19) Contact
●​ Primary support & privacy: team@looktara.com​


●​ Owner: founder@markupxbrands.com​


●​ Phone/WhatsApp: +91 9599272272​


●​ Address: U-55, GF, Solanki Road, Uttam Nagar, New Delhi 110059, India​

Annex A — Chrome Web Store Disclosures (Summary)
●​ Limited use: We use data only to provide the extension’s primary function (prefill from the editor you’re using

and insert your chosen image).​

●​ No remote code: All code ships with the extension; network calls are user-triggered.​

●​ Clipboard: Used only when you click Copy.​

●​ Hosts: LinkedIn and X/Twitter in production.​

●​ No general browsing history collection.​

Annex B — Data Inventory (Illustrative)
Category Examples Purpose

Account email, password hash/OAuth ID auth, support
Billing transaction ID, plan, masked payment

info
payments, invoices

Training inputs user portraits, reference images user-scoped model
training

Prompts & settings prompts, styles, seeds generate requested
outputs

Outputs generated images, gallery folders user access & sharing
Extension local
data

auth token, preferences on-device UX

Logs/telemetry IP, UA, errors, event counts security & reliability
Communications support emails, surveys service & improvements

Annex C — Retention (Illustrative)
●​ Account data: life of account + up to 3 years​


●​ Training inputs/model artifacts: until deletion or 12 months of inactivity​


●​ Generated images: until deleted or per gallery retention settings​


●​ Logs: ~30–180 days (security/diagnostics)​


●​ Invoices & tax records: per applicable law (often 7–10 years)​

Annex D — Subprocessors (Categories)
●​ Cloud/GPU compute & storage; CDN​


●​ Managed database/backup & key-management​


●​ Logging/monitoring & error reporting​


●​ Email/SMS/WhatsApp delivery​


●​ Payment processing & fraud screening​


●​ Analytics (privacy-respecting, aggregated)​