Privacy Policy
Loot is an iOS app published by Killbridge Ventures Pte Ltd ("we", "us"). It's built so that almost everything stays on your device. This policy explains the few things that leave it, and what happens to them when they do.
1. What stays on your device
The photos you take, the cut-out subjects, your collections, and any attributes Loot infers about them are stored locally in Apple's SwiftData on your iPhone. They're not synced to our servers, and we cannot read them.
- Photos and cut-outs — saved in the app's local database.
- Collections and tags — saved locally.
- Location of each snap — if you grant the Location permission, a one-shot GPS coordinate is captured at the moment of capture and stored on the item. It never leaves your device.
- Background removal — done on your device using Apple's Vision framework.
2. What we send off your device
When you take a photo, Loot sends the image bytes in a single
HTTPS request to our analysis endpoint at
hoard-worker.wip.workers.dev, hosted on
Cloudflare Workers. The endpoint returns a short text label
(for example "Brown Leather Jacket"), a category (for example
"clothing"), and a small set of attributes.
We do not store the image. The bytes are held in memory only for the few seconds needed to run inference, then discarded.
Alongside the image, the request includes:
- An anonymous install identifier — see section 3.
- The app version, platform, and a standard user-agent string.
- Your IP address, which Cloudflare sees automatically for any HTTPS request. We use it to derive coarse country and network information, and to block abusive traffic.
If our analysis endpoint is unreachable, Loot falls back to an on-device analyzer that uses Apple's Vision framework (and, on iOS 26+ Apple Intelligence devices, the Foundation Models framework). When the fallback path is used, nothing leaves your device.
3. Anonymous install identifier
The first time you open Loot, the app generates a random UUID
and stores it in your iPhone's Keychain. We send it as a
header (X-Hoard-Install-Id) with each analysis
request so we can:
- Group requests from the same install for usage analytics.
- Rate-limit and block abuse.
- Correlate a bug report you send us with our server logs.
This identifier is not linked to your name, email, Apple ID, or any advertising identifier. It is not shared with third parties for advertising purposes. It survives reinstalling the app, but it stays on a single device — it is not synced to iCloud.
4. Server logs
Each request to our analysis endpoint produces one structured log line, retained for up to 30 days for operational and abuse-prevention purposes. A line contains: a request ID, your anonymous install ID, your IP address, the user-agent and app version, the size of the image in bytes, how long inference took, the detected category, and country / network metadata derived from the IP.
5. Face data
Loot does not collect, store, or process biometric or face-recognition data. If a face happens to be in a photo you snap, it is treated like any other pixels — passed to the analyzer for general object recognition and then discarded.
6. Third-party services
We use the following third parties to operate the analysis endpoint:
- Cloudflare, Inc. — hosts the Worker and the AI inference (Llama 3.2 11B Vision), and provides CDN, DNS, and WAF for our domain. See Cloudflare's privacy policy.
We do not use any analytics, advertising, or attribution SDKs inside the app.
7. Children
Loot is not directed at children under 13, and we do not knowingly collect information from them. If you believe a child has provided information through Loot, contact us and we will remove what we can.
8. Your choices
- Location — you can revoke the Location permission at any time in iOS Settings → Privacy & Security → Location Services. Existing snaps will keep the coordinates they had; new ones won't have them.
- Delete everything — uninstalling the app removes all local data, including the install identifier (Keychain entry is removed with the app).
- Server-side records — to have your install-ID-keyed logs deleted before the 30-day retention period expires, email us at team@loot.photos with the install ID (visible in the app under Settings → About).
9. Security
All traffic between the app and our server is sent over HTTPS. We take reasonable measures to protect information we hold from loss, misuse, and unauthorized access — but no internet service can be guaranteed perfectly secure.
10. Changes to this policy
If we change this policy, we'll update the date at the top. Material changes will also be called out in an app update's release notes.
11. Contact
Questions about this policy? Email team@loot.photos.
12. Governing law
This policy is governed by the laws of Singapore. Any disputes are subject to the exclusive jurisdiction of the courts of Singapore.