Privacy Policy
Last updated: 19 May 2026
1 — Who we are and what we do
Who we are
We are EyesOff Ltd (“EyesOff”, “we”, “us”, “our”), a company registered under company number 16983060, with our registered office at 124 City Road, London, United Kingdom, EC1V 2NX.
We are registered with the UK’s supervisory authority, the Information Commissioner’s Office (the “ICO”), for the processing of personal data under registration number ZC148923.
What we do
EyesOff is a desktop application that helps you protect your privacy by detecting when someone other than you may be looking at your screen. The application uses on-device facial detection and recognition — your data stays on your computer and is never transmitted to us.
Controller
Unless we notify you otherwise, EyesOff Ltd is the controller of the personal data we process about you. This means we decide what personal data to collect and how to process it.
2 — Purpose of this privacy notice
The purpose of this privacy notice is to explain what personal data we collect about you, how we use it, who we share it with, and what your rights are. If you have any questions, you can contact us using the details under “Contact us” below.
3 — Who this privacy notice applies to
This privacy notice applies to you if:
- You visit our website at eyesoff.app
- You sign up for our mailing list
- You purchase EyesOff
- You use the EyesOff desktop application
- You contact us for support or any other reason
4 — What is personal data
“Personal data” means any information from which someone can be identified, either directly or indirectly. This includes information like your name or email address, but also identifiers like an IP address.
“Special category personal data” is more sensitive information including data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data used to uniquely identify someone, health data, and data concerning sex life or sexual orientation. EyesOff Ltd does not collect or process special category data. (See Section 5 for an important note about how the EyesOff application handles biometric data on your device.)
5 — The EyesOff Application — on-device processing
This section explains what the EyesOff application does on your computer and what it does not do.
What the application does
The EyesOff application runs entirely on your device. When you use it:
- Face detection — the app uses your webcam to detect whether anyone is looking at your screen. This is processed frame-by-frame in memory and is not stored.
- Facial recognition (authorised user only) — if you choose to enable it, the app recognises you as the authorised user. This allows the app to lock your device if an unauthorised person tries to access the device.
- Snapshots — snapshots is an opt-in feature, it will save a copy of the frame when a looking detection occurs. Snapshots are also taken when the facial recognition fails, only the image is stored. No facial embeddings other than your own are stored.
What we (EyesOff Ltd) receive
No images, no facial embeddings, no snapshots, no attention measurements, and no biometric data of any kind is transmitted from the EyesOff application to EyesOff Ltd or to any third party. We have no ability to access, view, or recover this data.
What you control
You retain full control over all data the application processes on your device:
- You can view and delete snapshots anytime through the app’s settings.
- You can disable snapshots entirely, it is an opt-in feature.
- You can change how long snapshots are kept (default of 30 days).
- You can disable facial recognition.
- You can delete the facial embeddings stored on your device.
Limited network communication
There are two exceptions in which the application makes network requests:
- Update checks — the app makes a request to our website to check for updates, no identity information is sent with this request.
- License key validation — when you activate your license key, the app makes a request to Lemon Squeezy’s license key API. This involves sending your license key and your machine host name. This data is sent directly to Lemon Squeezy.
Why we built it this way
We designed EyesOff so that the most sensitive data never leaves your computer.
6 — Personal data we collect, how and why
The remainder of this notice describes the personal data EyesOff Ltd collects and processes as a controller. Because of the architectural choices described above, this is a small set of data.
7 — Purposes, lawful bases and retention periods
We will only use your personal data when the law allows. Most commonly, we will use your personal data in the following circumstances:
| Categories of individuals | Categories of personal data | Purpose of processing | Lawful basis | Retention period |
|---|---|---|---|---|
| Outreach mailing list | Email address | To ask for feedback on how to improve EyesOff | Consent | Until opt-out |
| Customers | Name, email address, city and country, card brand, last four digits of card number, transaction details | To deliver your licence key, provide customer support, process refunds, and maintain transaction records | Contract | Statutory retention period for tax records (currently 6 years in the UK); customer relationship records held by Lemon Squeezy in line with their retention policy |
| Application users (update checks) | IP address (transient — request only) | To deliver software updates | Legitimate interests | Not retained beyond Cloudflare’s transient request logs |
For the avoidance of doubt:
- EyesOff Ltd does not collect, hold, or have access to any biometric data, images, or snapshots produced by the EyesOff application. These are processed and stored entirely on the user’s device. See Section 5.
- EyesOff Ltd does not store full card numbers, CVV codes, or any payment data sufficient to make a payment. Card processing is handled by our merchant of record, Lemon Squeezy.
8 — Where we get personal data from
We collect personal data:
- Directly from you — when you sign up for our mailing list, contact us, or use our website.
- From Lemon Squeezy — when you purchase EyesOff, Lemon Squeezy acts as our merchant of record and provides us with limited customer information (name, email, city and country, card brand, last four digits, transaction details) so that we can deliver your licence and provide support.
9 — Sharing your personal data
We do not sell your personal data. We share personal data only with the parties listed below and only as needed to operate EyesOff Ltd:
| Recipient | Role | What they handle |
|---|---|---|
| Lemon Squeezy LLC | Merchant of record and payment processor | Acts as the merchant of record for purchases of EyesOff. Collects and stores all payment information (including card details), provides licence validation services, and provides us with limited customer information. Lemon Squeezy is an independent controller for payment processing under its own privacy notice. See: https://www.lemonsqueezy.com/legal/privacy-policy |
| Google LLC | Email and productivity infrastructure | Hosts our company email (@eyesoff.app) and stores our mailing list. Acts as our processor. |
| Cloudflare | Website hosting and infrastructure | Hosts eyesoff.app, including the update-check endpoint used by the EyesOff application. Acts as our processor. |
Other disclosures
We may also disclose your personal data:
- Where legally required — for example, in response to a valid court order, statutory request from HMRC, or other lawful demand from a regulator, court, or law enforcement agency.
- In the event of a business transfer — if EyesOff Ltd is involved in a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred as part of that transaction. Where this happens, we will require the recipient to honour the terms of this privacy notice.
10 — International transfers
If you are based in the UK or the European Economic Area (EEA), your personal data may be transferred outside these regions for processing or storage. This is because some of our processors and service providers are based in the United States.
When transferring data outside the UK or EEA, we rely on the following safeguards:
- The UK-US Data Bridge (an extension of the EU-US Data Privacy Framework), which provides an adequacy decision for transfers to certified US organisations. Google LLC, Cloudflare, Inc., and Lemon Squeezy are certified under the Data Privacy Framework.
- Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum, as backup mechanisms incorporated into our processors’ data processing agreements.
11 — Your rights and how to complain
You have a number of rights in respect of your personal data:
- Right to be informed — you are entitled to know what personal data we collect, how it is used, the lawful basis for processing, who it is shared with, and how long it will be retained. This privacy notice provides that information.
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — if information we hold is inaccurate or incomplete, you can ask us to correct it.
- Right to erasure (“right to be forgotten”) — you can ask us to delete your personal data in certain circumstances.
- Right to restrict processing — you can ask us to limit how we use your data.
- Right to object — you can object to processing of your personal data, particularly for marketing.
- Right to data portability — you can ask us to provide your personal data in a structured, commonly used, machine-readable format, or to transfer it to another organisation.
- Right to withdraw consent — where we rely on consent (for example, for our mailing list), you can withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
- Right not to be subject to automated decision-making — we do not make decisions about you using solely automated means.
- Right to lodge a complaint — if you are unhappy with how we have handled your personal data, you have the right to complain to a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). You can contact the ICO at https://ico.org.uk/make-a-complaint or by phone on 0303 123 1113. If you are based in the EEA, you may complain to your local supervisory authority. A list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
12 — Exercising your rights
You generally will not need to pay a fee to exercise your rights. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to comply.
To exercise any of your rights, please contact us at [email protected]. We may ask you for additional information to verify your identity before responding. We aim to respond within one month. Complex requests may take longer, in which case we will let you know.
For data held by Lemon Squeezy on our behalf (purchase records), we will facilitate your request with Lemon Squeezy where it does not conflict with our legal obligations (such as statutory tax record retention).
13 — Contact us
If you have any questions about this privacy notice, want to exercise your rights, or wish to make a complaint, you can contact us at:
Email: [email protected]
Address: EyesOff Ltd, 124 City Road, London, United Kingdom, EC1V 2NX