lavo

Lavo, Privacy Policy

Last updated: 28 June 2026

This Privacy Policy explains what data the Lavo mobile application (the "App") processes, why, and your rights. It should be read together with our Terms & Conditions.


1. Who is responsible for your data

The "controller" of personal data processed through the App is [OPERATOR NAME], a sole trader based in the United Kingdom. Contact: [CONTACT EMAIL].

2. Our privacy approach in one line

Lavo has no user accounts and keeps your wardrobe and settings on your device. The only data that leaves your phone is the photo you choose to scan (sent to our AI classification service for analysis, see section 4) and, optionally, anonymised correction data if the operator has enabled that feature.

3. What we process, why, and the legal basis

DataWhere it livesPurposeLegal basis (UK GDPR)
Garment photos you scanSent over HTTPS to our proxy and on to our AI classification provider at scan time (section 4); not stored by usTo generate a fabric/garment/wash estimatePerformance of our contract with you (the Terms); your consent given at first launch
Classification results, wardrobe items, and your settings, default machine, Laundry Setup preferences (washing-machine & dryer brand/model/capacity, loader type, care mode, temperature unit, and the auto-save / show-confidence / show-health toggles), and languageOn your device only (local app storage); never transmitted off the deviceTo show and recall your saved garments and apply your preferencesPerformance of contract
Installation ID (random, opaque, not linked to your identity)On your device; sent as a request header to our proxyFair-use rate limiting so one device cannot exhaust shared quotaOur legitimate interest in keeping the service available and preventing abuse
Corrections (predicted vs. corrected fabric/garment)On your device; optionally sent to a sync endpoint if the operator configured oneTo improve future classification accuracyYour consent; our legitimate interest in improving the service

We do not collect your name, email, contacts, location, or advertising identifiers, and we do not use analytics or tracking SDKs.

4. Photos and AI classification

When you scan, the photo is transmitted over an encrypted connection to a proxy service we operate (hosted on Cloudflare's Workers platform, which acts as a transport-only processor). The proxy forwards it to our third-party AI classification provider, currently Google's Gemini API, which processes the image to return a result under Google's own terms and privacy policies. We may change the underlying AI provider from time to time; this Policy will be updated if we do. Our proxy is transport-only, it does not log the contents of your photos or the model's responses, and it does not retain the images after the request completes.

5. The installation ID

On first use the App generates a random, opaque identifier (for example a 24-character string). It is not derived from your device hardware, account, or any personal detail, and it cannot be used to identify you. Its only purpose is to act as a rate-limit bucket so that a single noisy installation cannot use up the shared free quota. It is reset whenever you uninstall the App.

6. Corrections sync (optional)

If you tap "correct result", the correction is always saved locally. Only if the operator has configured an optional sync endpoint will that correction also be sent there, to help improve future predictions. Before any correction leaves your device, the local image file path is removed so your device's file structure is not exposed. If no endpoint is configured, corrections never leave your device.

7. Data retention

8. Children

The App is not directed at children under 16. We do not knowingly process the data of children under that age. If you believe a child has used the App, contact us and we will help.

9. Your rights

Under the UK GDPR you have rights to access, rectify, erase, restrict, and object to the processing of your personal data, and to data portability. Because most data lives only on your device, you can exercise many of these rights directly by editing or deleting items in the App or uninstalling it. For anything held by us (such as synced corrections, where enabled), contact [CONTACT EMAIL].

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at https://ico.org.uk.

10. International transfers

Google processes images on infrastructure that may be located outside the UK. Where personal data is transferred internationally, it is protected by the safeguards that Google relies on (such as UK/EU-approved standard contractual clauses or adequacy decisions). Photos are processed transiently and are not intended to contain personal data beyond images of garments.

11. Security

We use encryption in transit (HTTPS/TLS) for all data sent off your device, keep our AI provider's API credential on our server rather than in the App, and apply rate-limiting at our proxy. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

12. Changes to this Policy

We may update this Policy from time to time. We will update the "Last updated" date above and, for material changes, may ask you to review and accept again within the App.

13. Contact

For any privacy question or to exercise your rights, contact [OPERATOR NAME] at [CONTACT EMAIL].