Data Portability Policy

Company: MARKUPX BRANDS TECHNOLOGIES PRIVATE LIMITED ("Looktara", "we", "us")

Covered Services: looktara.com and associated subdomains, the Looktara browser extension, and WhatsApp-based features (collectively, the "Services")

Contact: [email protected] | WhatsApp: +91 82008 68193

We believe your data should move with you. This Policy explains what you can export from Looktara, how to request it, the formats we use, and important limits. This Policy operates alongside our Privacy Policy, Terms, and Cookies & Data Policy.

Personal Data means information that identifies or relates to an identified or identifiable person.

Portability means receiving a copy of certain Personal Data in a structured, commonly used, machine‑readable format, and—where technically feasible—having it transmitted directly to another controller/service at your request.

You/Account Holder means the natural person who owns the Looktara account (or an authorized admin for a business/teams plan).

We honor data portability rights where applicable law provides them (e.g., GDPR/UK GDPR Art. 20; certain US state privacy laws like CCPA/CPRA; Brazil LGPD). Where a specific portability right does not apply, we still strive to provide reasonable, privacy‑safe exports.

Depending on your account and usage, you can request export of:

• Account Profile – name, email, account identifiers; country/locale; role (if provided).
• Uploads (Training Photos) – the photos you uploaded to train your personal model, including basic metadata we store (e.g., filename, upload time).
• Prompts & References – your generation prompts, titles, tags, and any reference image IDs/links you attached within the product.
• Generated Outputs – images created in your account that remain stored with us at the time of export.
• Settings & Preferences – theme/language, WhatsApp opt‑in, content filters, cookie preferences.
• Activity Snapshots – high‑level session activity (sign‑ins, last active), feature usage counters, generation timestamps; redacted for security.
• Billing Records – invoice PDFs, transaction dates/amounts, plan type, credits balance at the time of export. (We do not store full payment card numbers.)

Note: Exports reflect the state of your account at the time we process the export. Deleted assets will not appear. Some records (e.g., raw security logs) are not included for safety.

To protect security, trade secrets, and other users, certain data is excluded from portability:

• Internal/Derived Data – model weights/checkpoints, embeddings, LoRA/fine‑tuning artifacts, safety/fraud signals, quality scores, similarity indexes, and other algorithmic outputs derived from your uploads/prompts.
• Inferences & Analytics – A/B test assignments, internal performance metrics, or product analytics we generate.
• Third‑party or Others' Data – data we hold about another person or data obtained under confidentiality.
• Security‑sensitive Artifacts – access tokens, IP‑level telemetry, anti‑abuse fingerprints, and detailed server logs.

Where applicable law mandates inclusion of a specific item in export, we will comply to the extent required and technically feasible.

We provide exports in structured, commonly used, machine‑readable formats:

• JSON or CSV for structured records (profile, prompts, settings, activity summaries, billing metadata); UTF‑8.
• PNG/JPG for images (uploads and generated outputs) at original or currently stored resolution. EXIF may be minimized for privacy/safety.
• PDF for invoices.
• ZIP archive as a container for multi‑file exports, with a manifest (README.txt) explaining fields and file mapping.

If you request direct transfer to another service, we will use standard secure methods (e.g., SFTP, HTTPS upload, or vendor API) where technically feasible and supported by the destination.

Send a request from your registered email to [email protected], or message us via WhatsApp (+91 82008 68193). Include:

• Subject: Data Portability Request
• Your full name and registered email
• Whether you want a download or direct transfer to another provider (include that provider's name, contact, and endpoint/API details if known)
• Any specific data categories you want excluded (optional)

Identity verification. We may verify via email OTP and/or reasonable checks. For organizational accounts, we may require proof that you are the authorized admin.

• We acknowledge requests within 24 hours.
• We fulfill within 30 days of verification. Where permitted by law for complex cases, we may extend once by up to 30 additional days; we will notify you with reasons. (For US requests under CCPA/CPRA, we may take up to 45 days where allowed.)

• We typically honor one free comprehensive export every 12 months per individual.
• If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable administrative fee or refuse the request as permitted by law.

• We deliver exports via a time‑limited, single‑use download link (HTTPS). Links usually expire in 7 days.
• For added protection, we may encrypt archives with a password shared through a separate channel (e.g., WhatsApp).
• Upon request, we can attempt direct secure transfer to another provider (see Section 4) if technically feasible.
• We recommend you store exports securely and delete them from shared devices.

• You may request deletion after receiving your export. Some records may be retained where legally required (e.g., invoices, anti‑fraud logs).
• If you request deletion before we complete an export, we will ask you to confirm the order (export first, then deletion) to avoid data loss you didn't intend.

• EU/EEA & UK: We support GDPR/UK GDPR portability by providing your Personal Data that you provided to us (including certain observed data) in a structured, commonly used, machine‑readable format, and by transmitting it directly to another controller at your request where technically feasible.
• United States (CCPA/CPRA and similar): Upon verifiable request, we provide a portable, readily usable export covering the preceding 12 months (or longer if required).
• Brazil (LGPD): We provide copies and, where applicable, portability to another service or product as per law and technical feasibility.
• India (DPDP Act): We honor access and copy rights and provide machine‑readable exports to support portability where applicable and technically feasible.

• Individual seat data can be requested by that seat holder;
• Organization‑level data (e.g., consolidated billing, seat assignments) can be requested by the verified org admin;
• We will not disclose one user's personal data to another user without valid authorization.

We may update this Policy to reflect product or legal changes. Material updates will be announced via in‑product notice or email. The Effective date above shows when this version took effect.

For questions or to submit a request:

Email: [email protected]
WhatsApp: +91 82008 68193
Postal: MARKUPX BRANDS TECHNOLOGIES PRIVATE LIMITED, New Delhi, India (Attn: Privacy)

No refunds reminder: As stated in our Terms and Refund Policy, all sales are final. This does not limit your statutory privacy rights, including access/portability where applicable.