Privacy Policy

Effective date: 2026-04-18 Last updated: 2026-04-18

Lume ("we", "us", "our", the "App") is an AI-assisted emotional wellness companion. This policy explains what we collect, why, and how you can control your data. We wrote it in plain language on purpose — if anything is unclear, email us at [email protected].

Lume is operated by an individual developer based in the United States. All user data is stored on servers located in the United States (Google Cloud Platform, us-central1 region).

1. What We Collect

1.1 Information You Give Us

Account: email address and display name (via Apple Sign In or phone number) when you create an account.
Emotional check-ins: moods you tag, optional short notes ("trigger" text), and duration of exercises you complete.
Conversations with Lume (our AI): messages you send to the AI assistant, which we store so you can re-read past conversations and so the AI has short-term context.
Feedback: anything you submit via Help & Feedback, including any images or video you attach.
Profile preferences: language, dark/light mode, notification settings.

1.2 Information Collected Automatically

Device & technical info: device model, OS version, app version, anonymous device identifiers.
Push notification token (if you grant permission): so we can deliver notifications (e.g. a reply to your feedback).
Usage events: which screens you open, which features you use, errors encountered. No advertising identifiers; we do not track you across apps.

1.3 Information We Do NOT Collect

We do not collect contacts, photo library, location, health records, or biometric data.
We do not use advertising SDKs or third-party trackers.
We do not sell personal data.

2. How We Use Your Data

Purpose	Data used
Provide the core service (save moods, show history, personalize AI replies)	Moods, conversations, preferences
Run AI replies	Your conversation messages are sent to our AI provider (see §4)
Detect recurring emotional patterns (your "elephants")	Mood trigger text, conversation summaries
Notify you of admin replies, reminders	Push token
Improve the app, diagnose bugs	Technical info, usage events (de-identified where possible)
Respond to feedback you submit	Feedback content + attachments
Legal compliance, fraud prevention	All of the above, on narrow legal basis

We do not use your personal content to train AI models.

3. AI Conversations — Special Notice

Lume's chat feature sends your typed messages to a third-party large language model provider to generate a reply. Currently we use:

OpenAI API (via a proxy service) and/or
Google Vertex AI (Gemini) (direct GCP integration).

These providers may temporarily process your message to produce a response but, under our contractual setup with them:

OpenAI: messages sent via API are NOT used to train OpenAI's models (per OpenAI's API terms).
Google Vertex AI: messages are processed within your Google Cloud project and are NOT used to train Google's models.

We do not have visibility into these providers' internal logs beyond what is necessary for abuse prevention. Do not share information you would not want seen by a human reviewer if an abuse investigation were triggered (e.g. explicit credit-card numbers, government IDs).

4. Who We Share Data With ("Subprocessors")

We use the following service providers under data-processing agreements:

Provider	Purpose	Data shared
Google Cloud Platform (US)	App hosting, database, file storage	All app data
Firebase (Google)	Authentication, push notifications, crash reports, analytics	Anonymous IDs, events
OpenAI / Gemini (Google Vertex AI)	AI chat replies	Your chat messages + mood context
Apple	App Store delivery, Sign In with Apple	Apple user ID
RevenueCat (if you subscribe)	Subscription receipt validation	Transaction ID, product ID, user ID

We do not share data with advertisers, data brokers, or marketing networks.

5. How Long We Keep Data

Active account: we keep your data as long as your account exists.
Conversation history: kept indefinitely so you can re-read it.
Usage analytics: aggregated after 90 days; individual events deleted.
Deleted account: when you confirm deletion via Profile → Delete Account, we immediately (within seconds) hard-delete your account row, profile, mood check-ins, CBT logs, AI conversations, exercise history, push-device tokens, feedback records, and subscription linkage on our servers. This action is irreversible. Messages you sent to other users are anonymized (sender ID replaced with null) so the other participant's conversation remains readable. Encrypted database backups operate on a rolling window — fragments of your data may persist in backup files until the next rotation (up to 30 days) and are then permanently deleted.
Feedback attachments: kept for 1 year after resolution.

If you have an active subscription when you delete your account, please cancel it first in your Apple ID or Google Play subscription settings — the store will otherwise keep billing you, and we cannot cancel it on your behalf.

6. Security

We follow standard security practices: TLS encryption in transit, encryption at rest for database storage, access logging, and least-privilege access for the developer. No system is 100% secure; if a breach occurs that affects you, we will notify you within 72 hours.

Since we are a solo-developer app, you should not share highly sensitive information (e.g. Social Security Numbers, medical records) through Lume.

7. Children's Privacy

Lume is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child under 13 has created an account, contact [email protected] and we will delete the account.

Users aged 13–17 should use Lume only with parent or guardian consent.

8. Your Rights

Regardless of where you live, you can:

Access a copy of your data — email [email protected]
Delete your account and all associated data — Profile → Delete Account deletes everything immediately and permanently, without a request to us or a waiting period. You can also email us if you prefer.
Correct inaccurate data — in the app or by email
Opt out of optional analytics — Profile → Privacy settings
Export your data as JSON — email request

California residents (CCPA / CPRA)

You have additional rights under California law, including:

Right to know what we collect (answered by this policy)
Right to delete
Right to correct
Right to opt out of "sale" or "sharing" — we do not sell or share your personal data, so there is nothing to opt out of

To exercise any right, email [email protected] with subject "CCPA Request". We will respond within 45 days.

We do not discriminate against you for exercising any of these rights.

9. NOT Medical Advice

Lume is a wellness / self-help tool. It is not a medical device, not a substitute for therapy, and not HIPAA-covered. The AI's replies are NOT medical, psychological, or professional advice.

If you are experiencing a mental health emergency, please contact:

988 Suicide & Crisis Lifeline (US): call or text 988
Crisis Text Line: text HOME to 741741
Or your local emergency services

10. Changes to This Policy

We may update this policy. We will notify you in-app for material changes and post the new effective date here. Continued use after changes means you accept the updated policy.

11. Contact

Questions, requests, complaints: [email protected]

If you are in the EU (even though we do not target the EU market), you also have the right to complain to your local data protection authority.