LookinGlass is operated by Fresnaye & Company LLC ("Fresnaye", "we", "us"). This policy explains what data the LookinGlass iOS app and web application at lookinglass.ch collect, how we use it, and who can see it.
You can sign in to LookinGlass with email and password, or — if your organization supports it — with Fresnaye Single Sign-On (SSO). This policy applies to your use of the app regardless of which sign-in method you choose.
What we collect
Account information — your email address and display name, sourced from SSO or set during onboarding.
Authentication credentials — if a password is set on your account, we store only a one-way cryptographic hash (bcrypt). Sessions are tracked as opaque tokens.
Conversation content — every message you send to and receive from LookinGlass, along with any documents (PDF, Word, Excel, PowerPoint) or images you attach.
Memory — facts that LookinGlass remembers about you to personalize future responses, including any you add or pin manually.
Usage data — search queries you make inside the app, the model you used for each response, and timestamps for last activity.
Device data — if you opt in to push notifications, your device's push token (Apple Push or Firebase) so we can deliver notifications.
Audit log — security-relevant events (sign-ins, password changes, admin actions) used for investigation and compliance.
How we use it
To provide the chat service: routing your messages to the appropriate AI provider, returning their responses, storing your conversation history so you can resume it later.
To personalize responses using memory and personal projects you've configured.
To secure the service: detect abuse, investigate incidents, enforce per-account and per-IP rate limits.
To deliver push notifications you've opted in to.
We do not use your conversations or personal data to train AI models, sell to advertisers, or share with third parties for marketing.
Who sees your data
You. All your conversations, memories, and projects are visible to you in the app.
Our support and compliance team. Authorized Fresnaye & Company staff may access account information or conversation content where strictly necessary for support, security, or compliance purposes (for example, investigating a reported abuse case). Every such access is logged in our audit trail.
AI service providers. To generate responses, we transmit your message content (and any attached documents) to the AI provider you've selected for that turn. Current providers:
Under our agreements, these providers process your data to return a response and do not use it to train their models. Each provider's own privacy policy governs their handling.
Infrastructure providers. Our servers and databases are hosted by reputable infrastructure providers under standard data-protection terms.
Plain English: Our support and compliance team can technically read your conversations when investigating a support ticket, security incident, or compliance matter. Standard for any hosted chat service. We do not browse user data casually, and every access is recorded.
Where your data lives
Conversation history, memory, accounts, and audit logs are stored on servers operated by Fresnaye & Company. Messages and documents are transmitted to AI providers (above) during inference; those providers may temporarily retain them in line with their own policies.
How long we keep it
Your conversations and memory are retained until you delete them or your account is removed. Soft-deleted conversations are recoverable for 30 days and then permanently purged. Audit log entries are retained according to Fresnaye's records-retention policy.
Your rights
Access & export. You can view all your conversations, memories, and account details inside the app. A full data export in JSON can be requested at support@fresnaye.com.
Delete. You can delete any individual conversation, memory, or project from the app. To delete your account and all associated data, contact support@fresnaye.com.
Withdraw consent. You can sign out at any time. Disabling push notifications stops further delivery to your device.
Security
All traffic to and from LookinGlass is encrypted in transit (TLS). Passwords are hashed with bcrypt. Session tokens are stored on your device's secure enclave (iOS Keychain). We maintain rate limits and audit logging to detect and respond to misuse.
Children
LookinGlass is not directed at children under 13 and is not intended for use by them. We do not knowingly collect personal information from anyone under 13.
Changes to this policy
We may update this policy from time to time. Material changes will be announced in the app or via email. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
Questions about this policy or your data:
Fresnaye & Company LLC
1235 Pennsylvania Avenue SE, Suite 1205
Washington, DC 20003 support@fresnaye.com