Last updated · June 12, 2026
Privacy Policy
Short version: the Gestura Android and iOS apps do all gesture detection on your phone. Camera frames never leave your device. Tiny hand-landmark snapshots (21 dimensionless coordinate triples per gesture) and any in-app feedback you choose to send are uploaded to Gestura-operated servers so we can improve detection quality. No video, no images. On iOS, if you choose to sign in to Apple Music or Spotify, Gestura also talks to those services so it can play your music — the privacy implications of that are spelled out below.
Who we are
Gestura is operated by GESTURA S.R.L., a Romanian limited-liability company registered in the Bucharest Trade Registry under no. J2026021743001, sole registration code (CUI) 54399327, with registered office at Șoseaua Nicolae Titulescu nr. 94, Bl. 14-14A, Sc. 2, Et. 10, Ap. 77, Sectorul 1, București, Romania. GESTURA S.R.L. is the data controller for the purposes of the EU General Data Protection Regulation (GDPR). For privacy inquiries, contact privacy@gestura.io.
The Gestura mobile apps (Android + iOS)
When you install Gestura on Android or iOS, the app uses your phone’s front-facing camera to detect hand gestures so it can control media playback. The camera feed itself never leaves the phone:
- Video frames are processed by on-device machine-learning models that detect hand landmarks and classify gestures.
- No video, still images, or other camera data are transmitted to Gestura or any third party.
- Camera frames are held in memory only long enough to be classified, then discarded.
- The Gestura app itself does not create or require a user account. (On iOS, signing in to Apple Music or Spotify is optional and lives entirely with those providers — see “Music-service integrations on iOS” below.)
On Android, the app drives whichever media app is currently playing via the system’s standard media-session bus — Spotify, YouTube Music, Apple Music, SoundCloud, podcast apps, any app that publishes a play/pause notification. Gestura does not sign in to those apps; it sends only play / pause / next / previous key events through the OS.
On iOS, Apple does not allow one app to drive another app’s playback, so Gestura is the player. You can optionally sign in to Apple Music and/or Spotify inside the app to stream your music through Gestura — that connection is described separately below.
The only data the app persists on your device is your own settings —
things like gesture sensitivity thresholds and enabled gestures —
stored in the standard preferences store on your phone (Android
SharedPreferences, iOS UserDefaults).
Hand-landmark uploads from the mobile apps
After the on-device classifier recognises a gesture, the app uploads a
small snapshot of that single moment to a Gestura-operated server
(landmarks-server, behind gestura.io/api/landmarks/)
so we can improve detection quality over time. This applies to both
the Android and iOS apps. Each upload is one HTTPS POST and contains:
- 21 hand landmarks — dimensionless '{x,y,z}' coordinate triples in MediaPipe’s normalised coordinate space. They describe joint positions in a normalised hand frame, not pixels on a screen, and contain no biometric template that can identify you.
- The recognised gesture label and the model’s confidence score.
- A random per-install device identifier so we can correlate uploads from the same install for quality analysis. It is not your Google account, Apple ID, IMEI, advertising ID, or any other system-level identifier — it is generated by the app on first run and only exists in the Gestura database.
- App version, OS version (Android / iOS), device model (e.g. “Pixel 8”, “iPhone 15”), and locale, so we can track regressions by device class.
- The time the gesture happened (epoch milliseconds, client clock).
We do not upload video, still images, audio, GPS location, contacts, your media library, or any content from other apps. The IP address used by the upload connection appears in standard server logs (see below).
Lawful basis: legitimate interest (GDPR Art. 6(1)(f)) — improving the accuracy of a product you are using, where the data is minimal, dimensionless coordinate triples that cannot identify you on their own. You can opt out by disabling the “Improve detection by sharing landmark snapshots” toggle in the app’s settings; uploads stop immediately and previously- uploaded snapshots can be deleted on request by emailing privacy@gestura.io with the device identifier shown on the app’s settings screen.
Retention: landmark snapshots are retained for up to 24 months for model training and evaluation, then deleted or aggregated into a form that does not include the per-install device identifier.
Optional in-app feedback
Both the Android and iOS apps include a “Send feedback”
screen. When you tap submit there, the app uploads to the Gestura
feedback endpoint (gestura.io/api/feedback/):
- The category you picked (bug, issue, feature request, general feedback).
- The message you typed.
- App version, OS version, device model, locale — same fields as the landmark upload.
- The same per-install device identifier so we can correlate the report with any landmark snapshots that surfaced the issue.
- Only if you tick the “Attach diagnostic log” option: a redacted snapshot of the app’s recent in-memory log buffer (up to 200 lines, last 100 KB). The buffer is designed to omit PII and content from other apps, but you should review the preview before tapping submit.
Lawful basis: legitimate interest (GDPR Art. 6(1)(f)) — responding to a bug or feature request you initiated. Submitting feedback is entirely opt-in; you can use Gestura indefinitely without ever opening that screen. Feedback records are retained for up to 36 months for triage and trend analysis.
Music-service integrations on iOS
Because iOS does not let one app drive another app’s playback, the iOS version of Gestura is its own music player. To play your music, you can optionally sign in to Apple Music and/or Spotify inside the app. These integrations are entirely opt-in — you can use Gestura without signing in to either, and you can disconnect at any time from the app’s settings.
- Apple Music (MusicKit). When you tap “Connect Apple Music,” iOS asks you for permission to share your Apple Music library with Gestura. We use Apple’s MusicKit framework to play your music through Gestura’s in-app player. Authentication and your Apple Music account live entirely with Apple; Gestura does not see your Apple ID, password, or payment details. See Apple’s privacy policy.
- Spotify. When you tap “Connect Spotify,” we open the official Spotify iOS SDK’s OAuth flow with a limited set of scopes (read your playlists and library, read and modify the current playback state). Spotify returns an access token to Gestura; we store it in iOS Keychain on your device and use it only to call Spotify’s APIs on your behalf for the duration of your session. We do not store your Spotify password. Playback requires a Spotify Premium subscription (an SDK constraint, not a Gestura choice). See Spotify’s privacy policy.
We do not upload your Apple Music or Spotify activity, library contents, listening history, or playlists to any Gestura-operated server. Anything Gestura learns about what you’re playing stays on your device and is used to render the in-app player UI.
The Android version of Gestura does not integrate with Apple Music or Spotify directly; on Android it talks to whichever app is playing via the OS’s standard media-session bus.
Permissions
Gestura requests the following permissions, and only for the reasons listed:
Android:
- Camera — to detect hand gestures from the front camera. Required.
- Foreground service — to keep gesture detection running while you use other media apps.
- Notification — to show the ongoing-service notification that Android requires for foreground services, and to surface the optional “tap to enable” prompt when music starts playing in the background.
- Notification listener (optional) — only if you turn on “Auto-start & stop with media”. Used solely to detect when an unrelated media app starts or stops playing so Gestura can wake up or stand down. The contents of your notifications are not read, stored, or transmitted.
- Display over other apps (optional) — only if you turn on “Auto-start & stop with media”, to satisfy Android 14+’s background launch rules.
- Media control — to send play/pause/next/previous commands to whichever media app you’re using.
- Phone state — to automatically pause gesture detection when an incoming call arrives.
iOS:
- Camera — to detect hand gestures from the front camera. Required.
- Apple Music (optional) — only if you connect Apple Music.
- Background audio mode — so the in-app player keeps streaming if Gestura briefly loses foreground. Camera access still stops the moment the app backgrounds; iOS does not allow background gesture detection.
The browser demo on this site
Separately from the Android app, gestura.io/demo offers a browser-based try-before-you-install experience. The browser demo works a little differently from the Android app:
- Your browser extracts hand-landmark coordinates (21 points per hand) from your webcam.
- Those coordinates — not the camera feed — are sent to a Gestura-operated server that classifies the gesture and returns a label.
- Landmarks are processed in memory and are not logged or retained after a session ends.
- No account is created. Your IP address appears in standard web-server access logs (see below).
The browser demo exists because gesture classification runs better on our server than in most browsers. The Android app doesn’t have this constraint and runs everything locally.
Launch announcement waitlist
The landing page offers an optional “Notify me at launch” form. If you submit your email address there:
- We collect only your email address and the timestamp of your signup.
- The address is stored with our email-service provider, Resend (Resend, Inc., USA), in their EU region. Resend acts as a data processor under our instructions.
- We will send you one email when Gestura launches on the App Store and Google Play. We will not send you newsletters, drip campaigns, or marketing for unrelated products.
- Your address is removed from the list 90 days after the launch announcement (or sooner on request).
- Every email we send includes an unsubscribe link. You can also email privacy@gestura.io at any time and we will delete your record.
Lawful basis: explicit consent (GDPR Art. 6(1)(a)), captured by ticking the consent checkbox on the form. You can withdraw consent at any time via the unsubscribe link or by emailing us; withdrawal does not affect the lawfulness of processing before withdrawal.
Server logs
Our web servers (gestura.io for the landing page + browser demo, the
landmarks-upload endpoint at landmarks.gestura.io, and the
feedback endpoint at feedback.gestura.io) keep standard
access logs that include IP address, timestamp, requested URL, HTTP
status, and user-agent. These logs are retained for up to 30 days for
security and debugging, then deleted.
How Gestura staff access uploaded data
A separate, password-protected internal dashboard at
admin.gestura.io lets Gestura staff review landmark
snapshots and feedback reports for the purposes described above. Every
read, label edit, triage action, and delete from that dashboard is
recorded in an internal audit log so we can investigate any concern
about misuse. The dashboard is not public and access is restricted to a
small number of named operators bound by a confidentiality obligation.
Analytics & tracking
When you accept the cookie banner that appears on your first visit, Gestura.io loads Google Analytics 4 so we can understand which pages people read and which links they click. Until you accept, no analytics scripts are loaded and no analytics cookies are set. If you decline, no analytics scripts are ever loaded for your visit.
When loaded, Google Analytics collects: pages viewed, the link or search
that brought you here (referrer), approximate location derived from your IP
address (we set anonymize_ip so Google truncates the last
octet before logging), device type, browser, and screen size. We do not
enable Google Signals, advertising features, remarketing, or cross-site
tracking.
You can change your mind at any time: — the banner will reappear on the next page load and your previous choice is cleared. We use no other tracking pixels, advertising SDKs, or session-replay tools.
Purchases
When Gestura is paid for, purchases are handled by the platform store: Google Play Billing on Android, Apple StoreKit on iOS. The store processes your payment and shares with Gestura only the aggregated sales information it always shares with developers (country, quantity, refund status). We never see your payment card, full name, or billing address. Please see Google’s privacy policy and Apple’s privacy policy for how each store handles your payment data.
Children
Gestura is not directed to children under 13. We do not knowingly collect data from children. If you believe a child has submitted information to us, contact privacy@gestura.io and we will delete it.
Your rights (GDPR)
If you’re in the EU/EEA or UK you have the right to access, correct, delete, or restrict the processing of personal data we hold about you, to object to processing, to withdraw consent, and to data portability. The personal data we hold may include:
- Your email address — only if you joined the launch waitlist.
- Landmark snapshots and feedback reports from the Android or iOS app, indexed by the per-install device identifier — only if you have the “Improve detection” toggle on or have sent feedback.
- Short-lived server access logs containing your IP address.
- If you accepted the analytics cookie banner on the website: pseudonymous Google Analytics events tied to a randomly-generated identifier stored in cookies on your device.
You can withdraw analytics consent at any time using the button in the “Analytics & tracking” section above, and you can disable landmark uploads in the app’s settings on either Android or iOS. Email privacy@gestura.io with your request and we will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (in Romania, the ANSPDCP).
Changes to this policy
We will update this page whenever the product’s data practices change — for example, if analytics are added, or if we begin processing additional data categories. The “Last updated” date at the top will always reflect the most recent change.