Effective 30 May 2026 · Last updated 18 June 2026 · Version 1.8 (MVP 1)

Privacy policy

What personal information we collect, how we use it, who we share it with, and your rights under the Australian Privacy Principles.

Changelog

v1.8 (18 June 2026): Disclosed optional in-app product analytics (§3.2, §6.3, §7.1, §8.1). The app can collect anonymous feature-usage events (which features you tap) via Google Analytics for Firebase to help us improve the Service. This is off by default and opt-in — we ask for your consent and collect nothing until you allow it, you can withdraw at any time in Settings, and it is configured with no advertising identifiers and no cross-app or cross-site tracking. Analytics data is retained for 2 months and is reset on your device when you withdraw consent or delete your account.
v1.7 (1 June 2026): Disclosed how the weather feature handles location, ahead of enabling forecast-aware planning (§3.2, §3.3, §7.1). When the weather feature is enabled, the app asks your browser for your device location (you will see a permission prompt and can decline). Your device rounds the reading to approximately one-kilometre precision before anything is sent — your precise coordinates never leave your device — and we store only that rounded approximation. To select the correct regional forecast provider, our backend reverse-geocodes the rounded coordinates to a country using OpenStreetMap's Nominatim service, now disclosed as a sub-processor (§7.1); like the Bureau of Meteorology request, it is proxied through our backend so the provider never receives your IP address or any account identifier.
v1.6 (29 May 2026): Disclosed product-image hosting for the Gmail receipts feature (§3.3, §6.1). When Anthropic identifies a per-item product image in a receipt email, we fetch the image from the retailer's URL over HTTPS and re-host a copy under our own Firebase Storage bucket so the wardrobe view never reaches out to third-party retailer hosts on your behalf at view time. Source URLs are validated against an SSRF guard (HTTPS only, public IPs only, 5 MiB cap, MIME-magic verification) before the fetch.
v1.5 (29 May 2026): Detailed the Gmail receipt-import feature now that it is live (§3.3, §5). Specified that we filter to Gmail's category:purchases smart label, that message subjects, sender addresses, and body text are sent to Anthropic for line-item extraction and never stored by us in their original form, and that the persisted output is limited to the extracted wardrobe item fields (brand, item name, category, price, currency, purchase date) plus a list of processed message IDs used to avoid double-processing on repeat sweeps.
v1.4 (25 May 2026): Disclosed the OpenID Connect (openid) scope used in our Google OAuth flow, and the Google sub claim we now persist for revocation-signal matching (§3.3, §7.1). Expanded the Sentry sub-processor disclosure with data-storage region (United States), 30-day default event retention, and a reference to Sentry's Data Processing Addendum v5.1.0 (§6.2, §7.1). Made "Sign in with Google" explicit alongside Sign in with Apple as a supported authentication method (§3.1).
v1.3 (23 May 2026): Disclosed Functional Software, Inc. trading as Sentry as a sub-processor (§7.1); referenced Sentry in the device-and-technical-data list (§3.2). Restored alignment between the live privacy policy and our actual sub-processor stack.
v1.2 (23 May 2026): Corrected domain references from thelookahead.com.au to thelookahead.app and join.thelookahead.app (§1, §8.2). Disclosed Anthropic's default 30-day API retention and content-safety classifier output (§5, §6.3, §7.1). Locked in the Australian Bureau of Meteorology as the MVP-1 weather data source, with requests proxied server-side (§3.3, §7.1). Added evidence path for sub-processor security audits (§6.2).
v1.1 (9 May 2026): Initial published version.

1. Introduction

The Lookahead ("we," "us," or "our") is a mobile application that helps you plan your weekly outfits and manage your wardrobe. We are committed to protecting your personal information and respecting your privacy.

This Privacy Policy explains what information we collect when you use The Lookahead, how we use it, who we share it with, and the rights you have over your information. It applies to your use of The Lookahead mobile and web application at thelookahead.app and the waitlist landing page at join.thelookahead.app (together, the "Service").

The Lookahead is operated by Kirsten Tindel-Davidson trading as THE LOOKAHEAD APP (ABN 75 241 681 935), a registered business name held with the Australian Securities and Investments Commission. We are based in Australia and bound by the Australian Privacy Principles ("APPs") set out in the Privacy Act 1988 (Cth).

By creating an account or using the Service, you confirm that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Service.

2. Scope and geographic coverage

The Lookahead is currently in a closed beta phase serving an Australian user cohort. This Privacy Policy is written to comply with Australian privacy law, in particular the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

We are not currently targeting users in the European Union, the United Kingdom, California, or other jurisdictions outside Australia. Before we open the Service to users in those jurisdictions, we will update this Privacy Policy to address the additional rights and obligations that apply under the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and any other relevant laws. If you are accessing the Service from outside Australia during the closed beta, please note that your information will be handled in accordance with this policy and Australian law.

The Service is intended for adults only. The Lookahead is not directed to, and we do not knowingly collect personal information from, anyone under 18 years of age. If we become aware that we have collected personal information from a minor, we will delete it promptly.

3. Information we collect

We only collect personal information that we reasonably need to provide and improve the Service. We collect the following categories:

3.1 Information you provide directly

Account information: your name, email address, and authentication identifier when you create an account using Sign in with Apple, Sign in with Google, or another supported sign-in method.
Profile and style preferences: information you choose to enter, such as your style direction, body considerations, climate, and weekly schedule, used to personalise outfit suggestions.
Wardrobe content: photos, descriptions, tags, and metadata for the clothing items you add to your wardrobe.
Communications: messages, feedback, and support requests you send us.

3.2 Information collected automatically

Usage data: how you interact with features of the Service, such as screens visited, actions taken, error events, and approximate time of use. This is used to operate, secure, and improve the Service. Where this involves optional product analytics (which features you tap), we collect it only via Google Analytics for Firebase and only after you have opted in; it is off by default, carries no personal information or wardrobe content, uses no advertising identifiers, and can be turned off at any time in Settings (see Section 7.1 and Section 8.1).
Device and technical data: device model, operating system version, app version, language settings, crash diagnostics (processed by Sentry — see Section 7.1), and a non-identifying device identifier used for security and abuse prevention.
Approximate location: for security and fraud prevention we derive a coarse location from your IP address. Separately, for the optional weather feature, we request your device location through your browser's standard location-permission prompt; the reading is rounded on your device to approximately one-kilometre precision before anything is sent, so your precise coordinates never leave your device, and we store and use only that rounded approximation. You can decline the prompt, in which case the weather feature is simply not personalised to your location and everything else continues to work.

3.3 Information from connected services

Some features of the Service rely on third-party providers. When you choose to enable these features, we receive limited information from them:

Sign in with Apple: a unique identifier and the email address (real or relay) that Apple provides for authentication.
Sign in with Google and Gmail (read-only receipts, optional): when you sign in with Google or connect your Gmail account, our request includes the OpenID Connect (openid) scope and — for the Gmail receipts feature — the gmail.readonly scope. Google's consent screen shows you both. From the openid scope we receive a stable Google account identifier (the OpenID sub claim) and the basic profile information shown on Google's consent screen; we store the sub so we can immediately act on security signals Google sends us (for example, when you revoke our access from your Google Account, Google notifies us and we use the sub to identify and erase the matching local credentials). The Gmail receipts feature works as follows: when you tap "Import receipts" in Settings, we ask Gmail for messages it has classified under its smart category:purchases label within a recent time window (90 days by default). For each candidate message, we read the subject line, sender address, and decoded body text, and send those fields to our AI sub-processor Anthropic (see §5) for line-item extraction. Anthropic returns structured items — brand, item name, category, price, currency, and purchase date — which we save to your wardrobe. We do not store the original message content; only the extracted item fields plus a list of Gmail message IDs already processed (used to avoid re-processing the same receipt on a later sweep). When Anthropic also identifies a per-item product image, our backend (not your device) fetches the image from the retailer's URL over HTTPS and saves a copy under our own Firebase Storage bucket; the wardrobe view displays the copy stored with us rather than fetching directly from the retailer. The retailer's original URL is validated against an SSRF guard (HTTPS only, public IPs only, 5 MiB cap, MIME-magic verification) before the fetch, and a copy is only retained when validation succeeds. Non-purchase emails outside Gmail's purchases category are never fetched. We do not send email on your behalf, and you can disconnect Google at any time from your device account settings or in-app settings.
Weather information: weather data for the morning outfit card is sourced from the Australian Bureau of Meteorology (BOM). To provide it, when the weather feature is enabled we ask for your device location through your browser (you can decline). Your device rounds the reading to approximately one kilometre before anything is sent — your precise coordinates never leave your device — and we use the rounded value in two ways, both proxied through our backend so neither provider ever sees your IP address: (a) we reverse-geocode the rounded coordinates to a country using OpenStreetMap's Nominatim service, so we can select the correct regional forecast provider (see §7.1); and (b) we request the forecast from BOM for that approximate location. We send no name, email, or account identifier to either provider, and we store only the rounded coordinates and the resulting country — not your precise location. No user identity is transmitted to BOM or to Nominatim.

3.4 What we do not collect

We do not collect government identifiers (such as Tax File Numbers or Medicare numbers).
We do not collect health information or biometric identifiers.
We do not knowingly collect information from children under 18.
We do not use third-party advertising trackers or marketing pixels in the mobile app.

4. How we use your information

We use your personal information for the following purposes:

To provide the core Service, including authentication, generating outfit suggestions, managing your wardrobe, and synchronising your data across devices.
To personalise your experience based on the preferences and wardrobe items you provide.
To process payments and manage subscriptions for users on a paid tier (if and when paid features are activated).
To communicate with you about your account, service updates, security notices, and support enquiries.
To diagnose and fix bugs, monitor performance, and protect the Service against abuse, fraud, and unauthorised access.
To understand how the Service is used at an aggregate level so we can improve features and user experience.
To comply with our legal obligations and enforce our terms.

We do not sell your personal information. We do not share your personal information with third parties for their own advertising or marketing purposes.

5. Artificial intelligence and automated processing

The Lookahead uses artificial intelligence ("AI") to generate outfit suggestions and other features. To do this, we send the minimum information required to our AI sub-processor, Anthropic, PBC ("Anthropic"), and Anthropic processes the request and returns a response that we present to you in the app. The categories of information we send vary by feature:

Outfit suggestions: relevant wardrobe item descriptions, your stated preferences, and contextual information like weather or occasion.
Gmail receipt import (optional, opt-in via §3.3): for each Gmail message classified by Google under the category:purchases smart label within the time window you requested, we send the subject line, sender address, and decoded body text so Anthropic can extract structured line items (brand, item name, category, price, currency, purchase date). The full message content is not stored on our side; only the extracted item fields and the Gmail message ID are persisted, the latter solely to avoid re-processing the same receipt on a later sweep.

Our use of Anthropic is governed by Anthropic's Commercial Terms of Service and Data Processing Addendum, under which:

We are the data controller and Anthropic is our processor.
Anthropic does not sell or share your information, does not use it to train its general-purpose AI models, and does not combine it with data received from other sources.
Anthropic also retains the output of a content-safety classifier run on each request, which they use to enforce their Usage Policy. Anthropic's published terms govern how that output is handled.
Anthropic only processes your information to provide the AI service to us, on our documented instructions.
Anthropic operates on a default 30-day retention window for API inputs and outputs on our current plan tier. They are additionally required to delete or return your information within 30 days of the end of our agreement, subject only to legal-retention or trust-and-safety exceptions (including the content-safety classifier output described above).

Anthropic also publishes its current data-handling and retention practices for its API services. For the most up-to-date information, please see Anthropic's Privacy Policy and Data Processing Addendum at anthropic.com/legal.

Free and beta users of The Lookahead are subject to a monthly AI usage allowance, which is disclosed during onboarding. We track usage of this allowance for the purpose of fair use and conversion to paid tiers; we do not use it for any other purpose.

AI-generated outfit suggestions are recommendations only and do not constitute professional styling, medical, or other advice. You remain in control of which suggestions you accept or modify.

6. How and where we store your information

6.1 Storage location

Your account data, wardrobe content, and usage data are stored using Google Firebase services. Data is held in Google Cloud data centres, which may be located outside Australia, including in the United States and other regions where Google operates. AI request data is processed by Anthropic in the United States. Application error and crash diagnostics are processed by Sentry in the United States (see §7.1).

When personal information is transferred outside Australia, we take reasonable steps to ensure that the recipient handles it consistently with the Australian Privacy Principles, including by relying on the contractual data-protection commitments offered by these providers. For our US-based sub-processors, those commitments include Standard Contractual Clauses incorporated in each provider's Data Processing Addendum.

6.2 Security

We use industry-standard measures to protect your personal information, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of data at rest using AES-256 or equivalent industry-standard algorithms.
Role-based access controls and the principle of least privilege for any administrative access.
Multi-factor authentication for administrative access to systems holding personal information.
Regular security reviews of our infrastructure and dependencies.

Our key sub-processors maintain independently audited information-security programs (for example, SOC 2 reports for Anthropic and Google Cloud, and SOC 2 Type 2 plus ISO 27001 for Sentry), and are contractually required to notify us of any security incident affecting your data without undue delay so that we can fulfil our notification obligations to you and to regulators. Independently audited reports for our key sub-processors are available on request, or directly via the providers' trust portals — for example, Anthropic at trust.anthropic.com, Google Cloud at cloud.google.com/security/compliance, and Sentry at sentry.io/trust.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a security incident affects your personal information, we will notify you and the Office of the Australian Information Commissioner where required by the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

6.3 Data retention

We retain personal information for only as long as it is needed for the purposes described in this Privacy Policy:

Account and wardrobe data: kept until you delete your account, after which it is deleted from our active systems within 30 days. Backup copies are overwritten on our standard backup rotation cycle (typically within a further 30 days).
AI request data: processed by our AI sub-processor (Anthropic) to deliver the AI feature, and not used by Anthropic to train its general-purpose AI models. On our current plan tier, Anthropic operates on a default 30-day retention window for API inputs and outputs, plus a permanent content-safety classifier output retained under their Usage Policy (see §5). Anthropic is contractually required to return or delete personal information within 30 days of the end of our agreement, subject to limited legal-retention and trust-and-safety exceptions. For Anthropic's current operational retention practices for API data, please refer to Anthropic's published policies at anthropic.com/legal.
Error and crash diagnostics: error events sent to Sentry are retained for 30 days (Sentry Developer-tier default) and then deleted.
Product-analytics data: where you have opted in, anonymous feature-usage events collected via Google Analytics for Firebase are retained for 2 months and then deleted. Withdrawing consent in Settings, or deleting your account, resets the analytics identifier on your device so subsequent data cannot be tied to the prior one.
Usage and diagnostic logs: retained for up to 12 months for security, troubleshooting, and service-improvement purposes, then deleted or anonymised.
Communications and support records: retained for up to 24 months from the last interaction, so we can follow up on issues and refer to prior context.
Records required by law: where Australian law requires us to retain certain records (for example, financial or tax records relating to paid subscriptions), we will retain them for the period required by that law.

7. Who we share your information with

We do not sell your personal information. We share it only in the limited circumstances below.

7.1 Service providers (sub-processors)

We use carefully selected third-party providers to operate the Service. They process personal information on our behalf and only for the purposes we instruct. Our current sub-processors are:

Anthropic, PBC (United States) — large language model and AI processing for outfit suggestions and other AI features. Inputs and outputs are subject to Anthropic's default 30-day API retention plus a permanent content-safety classifier output (see §5).
Google LLC (United States, including Firebase and Google OAuth) — authentication (Sign in with Google), database, file storage, push notifications, and (with your consent) read-only access to your Gmail for retail receipts. When you sign in with Google or connect Gmail, we receive your stable Google account identifier (the OpenID sub claim) and act on revocation signals Google may send us to keep your account and our local credentials in sync (see §3.3).
Apple Inc. (United States) — Sign in with Apple authentication, App Store distribution, and (where applicable) in-app purchase processing.
Cloudflare, Inc. (United States) — DNS, content delivery, edge caching, and security protection for our website and APIs.
Google LLC (United States) — Google Analytics for Firebase — optional, opt-in product analytics. When you have consented, we record anonymous feature-usage events (for example, which outfit actions you tap) to understand how the Service is used and improve it. It is off by default and we collect nothing until you allow it; you can withdraw at any time in Settings. We do not send your email, display name, account identifier, or wardrobe content, and we set no custom user identifier. It is configured without advertising identifiers (no IDFA/AdID collection) and without Google advertising features, Google signals, or cross-app/cross-site tracking, so it is not used for advertising. Advertising-related consent signals (ad storage, ad user data, ad personalisation) are permanently denied. Data is stored in the United States and retained for 2 months. Our use of Google's services is governed by the Google Data Processing Addendum, which incorporates Standard Contractual Clauses as the cross-border transfer mechanism we rely on for APP 8.
Functional Software, Inc. trading as Sentry (United States) — application error tracking and crash diagnostics. Our Sentry organisation is configured with the United States as the data-storage region. Sentry receives anonymous session identifiers, error type and stack trace, app version, environment tag, device and operating system version, and the type of network error encountered. We do not send your email, display name, IP address, account identifier, wardrobe content, or any other user-identifying data to Sentry; outgoing events are filtered for authentication headers and any incidental secrets before transport. Error events are retained for 30 days (Sentry Developer-tier default) and then deleted. Our use of Sentry is governed by Sentry's Data Processing Addendum (currently v5.1.0), which incorporates Standard Contractual Clauses as the cross-border transfer mechanism we rely on for APP 8. Sentry's own sub-processors are published at sentry.io/legal/subprocessors.

Weather information for the morning outfit card is sourced from the Australian Bureau of Meteorology. All weather requests are proxied through our backend, so BOM sees only our server's IP address — not yours. We send only an approximate location (rounded to roughly one kilometre) and receive a forecast. No user identity is transmitted to the provider. BOM data is a public-domain government data source, not a personal-data processor. Attribution to BOM is shown in the morning card. Additional regional weather providers (e.g. US National Weather Service, UK Met Office) will be added to this list before the Service opens to users in those regions.

Country lookup for the weather feature uses Nominatim, the geocoding service operated by the OpenStreetMap Foundation (United Kingdom) on the public, open OpenStreetMap database. When the weather feature is enabled, our backend sends the rounded (~1 km) coordinates to Nominatim to determine your country, so we can choose the correct regional forecast provider. The request is proxied through our backend, so Nominatim receives only the approximate coordinates and our server's IP address — never your IP, email, name, or account identifier. OpenStreetMap and the public Nominatim service are open-data resources rather than a commercial personal-data processor; our use is governed by the OpenStreetMap Foundation's published usage terms. If we move to a self-hosted or commercial geocoding arrangement, we will update this section before doing so.

Any future sub-processors will be disclosed here before they are used.

7.2 Legal and safety disclosures

We may disclose personal information where we are required or permitted by law, including:

to comply with a court order, subpoena, lawful request from a regulator, or other legal process;
to protect the safety, rights, or property of you, us, or others;
to investigate or prevent fraud, abuse, or violations of our terms;
in connection with a sale, merger, restructuring, or transfer of part or all of the business, in which case we will require the recipient to honour this Privacy Policy or notify you so you can make choices about your information.

8. Cookies and tracking technologies

8.1 Mobile app

The Lookahead mobile app does not use third-party advertising cookies, marketing pixels, or cross-site tracking technologies. We use only the local storage and authentication tokens necessary to keep you signed in and to operate core features. With your consent, the app also collects anonymous product-analytics events via Google Analytics for Firebase (see Section 7.1); this is off by default, opt-in, and can be turned off at any time in Settings. It is configured without advertising identifiers and is never used for advertising or to track you across other apps or websites.

8.2 Waitlist landing page

Our public waitlist landing page at join.thelookahead.app may use a small number of essential and analytics cookies, including those provided by Cloudflare for security, performance, and aggregate traffic analytics. These cookies do not identify individual users and are not used for advertising. If we add additional analytics or marketing cookies in future, we will update this section and provide an appropriate cookie notice and consent mechanism on the site.

You can control cookies through your browser settings, including blocking or deleting cookies. Disabling essential cookies may affect site functionality.

9. Your privacy rights

Under the Australian Privacy Principles, you have the following rights in relation to the personal information we hold about you:

Access: request a copy of the personal information we hold about you.
Correction: ask us to correct information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
Deletion: delete your account at any time from within the app at Settings → Delete account. This permanently removes your account, wardrobe, preferences, and associated data within 30 days, subject only to information we are legally required to retain.
Withdraw consent: where we rely on your consent (for example, Gmail receipt access), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
Anonymity or pseudonymity: you may interact with us anonymously or under a pseudonym where it is lawful and practicable to do so. Some features (such as personalised outfit suggestions) cannot reasonably be provided without identifying you as an account holder.
Complain: you have the right to make a complaint about how we have handled your personal information (see Section 11).

To exercise any of these rights, contact us using the details in Section 12. We may need to verify your identity before acting on your request and will respond within a reasonable timeframe (generally within 30 days).

10. International users

The Service is designed for Australian users. If you choose to access the Service from outside Australia during the closed beta, you do so on your own initiative and you acknowledge that your personal information will be processed in Australia and in the countries where our sub-processors operate (including the United States), under the protections described in this Privacy Policy.

We will update this Privacy Policy with additional disclosures and rights before opening the Service to general users in the European Union, the United Kingdom, California, or other jurisdictions with specific privacy laws.

11. Complaints

If you believe we have breached the Australian Privacy Principles or otherwise mishandled your personal information, please contact us first using the details in Section 12. We will acknowledge your complaint promptly and aim to resolve it within 30 days.

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Post: GPO Box 5288, Sydney NSW 2001

12. Contact us

If you have questions about this Privacy Policy, want to exercise your privacy rights, or wish to raise a privacy concern, please contact us:

Privacy contact: privacy@thelookahead.app
Trading name: Kirsten Tindel-Davidson trading as THE LOOKAHEAD APP, ABN 75 241 681 935
Country: Australia

We aim to respond to all privacy enquiries within 5 business days and to resolve formal requests within 30 days.

13. Changes to this privacy policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the addition of new features or sub-processors. When we make material changes, we will:

update the "Last updated" date at the top of this policy;
notify you in-app and/or by email before the changes take effect; and
where required by law, ask for your renewed consent.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Service after the changes take effect indicates your acceptance of the updated policy.