Effective 9 May 2026 · Last updated 9 May 2026 · Version 1.1 (MVP 1)

Privacy policy

What personal information we collect, how we use it, who we share it with, and your rights under the Australian Privacy Principles.

1. Introduction

The Lookahead ("we," "us," or "our") is a mobile application that helps you plan your weekly outfits and manage your wardrobe. We are committed to protecting your personal information and respecting your privacy.

This Privacy Policy explains what information we collect when you use The Lookahead, how we use it, who we share it with, and the rights you have over your information. It applies to your use of The Lookahead mobile application and the marketing website at thelookahead.com.au (together, the "Service").

The Lookahead is operated by Kirsten Tindel-Davidson trading as THE LOOKAHEAD APP (ABN 75 241 681 935), a registered business name held with the Australian Securities and Investments Commission. We are based in Australia and bound by the Australian Privacy Principles ("APPs") set out in the Privacy Act 1988 (Cth).

By creating an account or using the Service, you confirm that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

2. Scope and geographic coverage

The Lookahead is currently in a closed beta phase serving an Australian user cohort. This Privacy Policy is written to comply with Australian privacy law, in particular the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

We are not currently targeting users in the European Union, the United Kingdom, California, or other jurisdictions outside Australia. Before we open the Service to users in those jurisdictions, we will update this Privacy Policy to address the additional rights and obligations that apply under the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and any other relevant laws. If you are accessing the Service from outside Australia during the closed beta, please note that your information will be handled in accordance with this policy and Australian law.

The Service is intended for adults only. The Lookahead is not directed to, and we do not knowingly collect personal information from, anyone under 18 years of age. If we become aware that we have collected personal information from a minor, we will delete it promptly.

3. Information we collect

We only collect personal information that we reasonably need to provide and improve the Service. We collect the following categories:

3.1 Information you provide directly

Account information: your name, email address, and authentication identifier when you create an account using Sign in with Apple or another supported sign-in method.
Profile and style preferences: information you choose to enter, such as your style direction, body considerations, climate, and weekly schedule, used to personalise outfit suggestions.
Wardrobe content: photos, descriptions, tags, and metadata for the clothing items you add to your wardrobe.
Communications: messages, feedback, and support requests you send us.

3.2 Information collected automatically

Usage data: how you interact with features of the Service, such as screens visited, actions taken, error events, and approximate time of use. This is used to operate, secure, and improve the Service.
Device and technical data: device model, operating system version, app version, language settings, crash diagnostics, and a non-identifying device identifier used for security and abuse prevention.
Approximate location: derived from IP address for security, fraud prevention, and regional features such as weather. We do not collect precise GPS location.

3.3 Information from connected services

Some features of the Service rely on third-party providers. When you choose to enable these features, we receive limited information from them:

Sign in with Apple: a unique identifier and the email address (real or relay) that Apple provides for authentication.
Gmail (read-only receipts, optional): if you choose to connect your Gmail account, we use the gmail.readonly OAuth scope to identify retail receipts and extract item details (such as garment name, retailer, price, and date) so they can be added to your wardrobe. We do not read or store the broader content of your inbox, we do not send email on your behalf, and you can disconnect Gmail access at any time from your device account settings or in-app settings.
Weather information (planned): when integrated, we will send approximate location data to a weather data provider in order to surface weather-aware outfit suggestions. The provider used will be disclosed in this policy when added.

3.4 What we do not collect

We do not collect government identifiers (such as Tax File Numbers or Medicare numbers).
We do not collect health information or biometric identifiers.
We do not knowingly collect information from children under 18.
We do not use third-party advertising trackers or marketing pixels in the mobile app.

4. How we use your information

We use your personal information for the following purposes:

To provide the core Service, including authentication, generating outfit suggestions, managing your wardrobe, and synchronising your data across devices.
To personalise your experience based on the preferences and wardrobe items you provide.
To process payments and manage subscriptions for users on a paid tier (if and when paid features are activated).
To communicate with you about your account, service updates, security notices, and support enquiries.
To diagnose and fix bugs, monitor performance, and protect the Service against abuse, fraud, and unauthorised access.
To understand how the Service is used at an aggregate level so we can improve features and user experience.
To comply with our legal obligations and enforce our terms.

We do not sell your personal information. We do not share your personal information with third parties for their own advertising or marketing purposes.

5. Artificial intelligence and automated processing

The Lookahead uses artificial intelligence ("AI") to generate outfit suggestions and other features. To do this, we send the minimum information required — such as relevant wardrobe item descriptions, your stated preferences, and contextual information like weather or occasion — to our AI sub-processor, Anthropic, PBC ("Anthropic"). Anthropic processes the request and returns a response that we present to you in the app.

Our use of Anthropic is governed by Anthropic's Commercial Terms of Service and Data Processing Addendum, under which:

We are the data controller and Anthropic is our processor.
Anthropic does not sell or share your information, does not use it to train its general-purpose AI models, and does not combine it with data received from other sources.
Anthropic only processes your information to provide the AI service to us, on our documented instructions.
Anthropic is required to delete or return your information within 30 days of the end of our agreement, subject only to legal-retention or trust-and-safety exceptions.

Anthropic also publishes its current data-handling and retention practices for its API services. For the most up-to-date information, please see Anthropic's Privacy Policy and Data Processing Addendum at anthropic.com/legal.

Free and beta users of The Lookahead are subject to a monthly AI usage allowance, which is disclosed during onboarding. We track usage of this allowance for the purpose of fair use and conversion to paid tiers; we do not use it for any other purpose.

AI-generated outfit suggestions are recommendations only and do not constitute professional styling, medical, or other advice. You remain in control of which suggestions you accept or modify.

6. How and where we store your information

6.1 Storage location

Your account data, wardrobe content, and usage data are stored using Google Firebase services. Data is held in Google Cloud data centres, which may be located outside Australia, including in the United States and other regions where Google operates. AI request data is processed by Anthropic in the United States.

When personal information is transferred outside Australia, we take reasonable steps to ensure that the recipient handles it consistently with the Australian Privacy Principles, including by relying on the contractual data-protection commitments offered by these providers.

6.2 Security

We use industry-standard measures to protect your personal information, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of data at rest using AES-256 or equivalent industry-standard algorithms.
Role-based access controls and the principle of least privilege for any administrative access.
Multi-factor authentication for administrative access to systems holding personal information.
Regular security reviews of our infrastructure and dependencies.

Our key sub-processors maintain independently audited information-security programs (for example, SOC 2 reports for Anthropic and Google Cloud), and are contractually required to notify us of any security incident affecting your data without undue delay so that we can fulfil our notification obligations to you and to regulators.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a security incident affects your personal information, we will notify you and the Office of the Australian Information Commissioner where required by the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

6.3 Data retention

Account and wardrobe data: kept until you delete your account, after which it is deleted from our active systems within 30 days. Backup copies are overwritten on our standard backup rotation cycle (typically within a further 30 days).
AI request data: processed by our AI sub-processor (Anthropic) to deliver the AI feature, and not used by Anthropic to train its general-purpose AI models. Anthropic is contractually required to return or delete personal information within 30 days of the end of our agreement, subject to limited legal-retention and trust-and-safety exceptions. For Anthropic's current operational retention practices for API data, please refer to Anthropic's published policies at anthropic.com/legal.
Usage and diagnostic logs: retained for up to 12 months for security, troubleshooting, and service-improvement purposes, then deleted or anonymised.
Communications and support records: retained for up to 24 months from the last interaction, so we can follow up on issues and refer to prior context.
Records required by law: where Australian law requires us to retain certain records (for example, financial or tax records relating to paid subscriptions), we will retain them for the period required by that law.

7. Who we share your information with

We do not sell your personal information. We share it only in the limited circumstances below.

7.1 Service providers (sub-processors)

We use carefully selected third-party providers to operate the Service. They process personal information on our behalf and only for the purposes we instruct. Our current sub-processors are:

Anthropic, PBC (United States) — large language model and AI processing for outfit suggestions and other AI features.
Google LLC (United States, including Firebase and Gmail OAuth) — authentication, database, file storage, push notifications, crash reporting, and (with your consent) read-only access to your Gmail for retail receipts.
Apple Inc. (United States) — Sign in with Apple authentication, App Store distribution, and (where applicable) in-app purchase processing.
Cloudflare, Inc. (United States) — DNS, content delivery, edge caching, and security protection for our website and APIs.

A weather data provider will be added to this list when integrated, and any future sub-processors will be disclosed here before they are used.

7.2 Legal and safety disclosures

We may disclose personal information where we are required or permitted by law, including:

to comply with a court order, subpoena, lawful request from a regulator, or other legal process;
to protect the safety, rights, or property of you, us, or others;
to investigate or prevent fraud, abuse, or violations of our terms;
in connection with a sale, merger, restructuring, or transfer of part or all of the business, in which case we will require the recipient to honour this Privacy Policy or notify you so you can make choices about your information.

8. Cookies and tracking technologies

8.1 Mobile app

The Lookahead mobile app does not use third-party advertising cookies, marketing pixels, or cross-site tracking technologies. We use only the local storage and authentication tokens necessary to keep you signed in and to operate core features.

8.2 Marketing website

Our marketing website at thelookahead.com.au may use a small number of essential and analytics cookies, including those provided by Cloudflare for security, performance, and aggregate traffic analytics. These cookies do not identify individual users and are not used for advertising. If we add additional analytics or marketing cookies in future, we will update this section and provide an appropriate cookie notice and consent mechanism on the site.

You can control cookies through your browser settings, including blocking or deleting cookies. Disabling essential cookies may affect site functionality.

9. Your privacy rights

Under the Australian Privacy Principles, you have the following rights in relation to the personal information we hold about you:

Access: request a copy of the personal information we hold about you.
Correction: ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
Deletion: delete your account at any time from within the app at Settings → Delete account. This permanently removes your account, wardrobe, preferences, and associated data within 30 days, subject only to information we are legally required to retain.
Withdraw consent: where we rely on your consent (for example, Gmail receipt access), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Anonymity or pseudonymity: you may interact with us anonymously or under a pseudonym where it is lawful and practicable to do so. Some features (such as personalised outfit suggestions) cannot reasonably be provided without identifying you as an account holder.
Complain: you have the right to make a complaint about how we have handled your personal information (see Section 11).

To exercise any of these rights, contact us using the details in Section 12. We may need to verify your identity before acting on your request and will respond within a reasonable timeframe (generally within 30 days).

10. International users

The Service is designed for Australian users. If you choose to access the Service from outside Australia during the closed beta, you do so on your own initiative and you acknowledge that your personal information will be processed in Australia and in the countries where our sub-processors operate (including the United States), under the protections described in this Privacy Policy.

We will update this Privacy Policy with additional disclosures and rights before opening the Service to general users in the European Union, the United Kingdom, California, or other jurisdictions with specific privacy laws.

11. Complaints

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, please contact us first using the details in Section 12. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5288, Sydney NSW 2001

12. Contact us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a privacy concern, please contact us:

Privacy contact: privacy@thelookahead.app
Trading name: Kirsten Tindel-Davidson trading as THE LOOKAHEAD APP, ABN 75 241 681 935
Country: Australia

We aim to respond to all privacy enquiries within 5 business days and to resolve formal requests within 30 days.

13. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the addition of new features or sub-processors. When we make material changes, we will:

update the "Last updated" date at the top of this policy;
notify you in-app and/or by email before the changes take effect; and
where required by law, ask for your renewed consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after the changes take effect indicates your acceptance of the updated policy.