Privacy Policy

Your conversations are encrypted and never sold. Period. Lumis is built on the belief that your most personal thoughts deserve the highest level of protection. We collect only what we need to make the app work, and nothing more.

Account Information

When you create an account, we collect your email address and authentication credentials. If you sign in with Apple or Google, we receive the information you authorize (typically name and email).

Conversation Data

Your text and voice conversations with Lumis are stored securely to power the long-term memory feature. This data is encrypted in transit (TLS 1.3) and at rest (AES-256). Voice sessions are transcribed and stored as text; audio files are not retained.

Mood and Wellness Data

Mood check-ins, journal entries, goals, and habit tracking data you voluntarily provide. This data is used exclusively to power your personal insights and growth dashboard.

Usage Analytics

We collect anonymized usage data (screen views, feature usage, session duration) through PostHog to improve the app experience. This data is not linked to your conversations or personal identity.

Device Information

Basic device information (OS version, app version, device type) for crash reporting through Sentry. This helps us fix bugs and improve stability.

• Powering your experience: Your conversation history enables Lumis's long-term memory, pattern detection, and personalized support.
• Improving the service: Anonymized, aggregated data helps us understand which features are most helpful and where we can improve.
• Communications: We may send you service-related emails (account updates, security alerts). You can opt out of marketing communications at any time.
• Safety: In cases where our crisis detection system identifies immediate risk to life, we may surface professional crisis resources within the app.

• Sell your data. We will never sell your personal data or conversation content to third parties.
• Use conversations for advertising. Your conversations are never used for ad targeting.
• Train general AI models. Your conversations are not used to train AI models outside of your personal Lumis experience.
• Share with employers or insurers. Your data is never shared with employers, insurance companies, or similar entities.

We use the following services to operate Lumis:

• Supabase — Database hosting and authentication (PostgreSQL with row-level security)
• Anthropic (Claude) — AI conversation processing (your messages are sent to generate responses; Anthropic does not retain your data for training per their data usage policy)
• RevenueCat — Subscription management
• PostHog — Anonymized product analytics
• Sentry — Error monitoring and crash reporting
• Deepgram & ElevenLabs — Voice transcription and synthesis (for voice session features)

Your data is retained for as long as your account is active. If you delete your account, all personal data — including conversation history, memories, mood data, and journal entries — is permanently deleted within 30 days. Anonymized, aggregated analytics data may be retained.

You have the right to:

• Access your data — view everything Lumis knows about you through the "What I Know About You" feature in the app.
• Export your data — download a complete copy of your data at any time.
• Delete your data — permanently delete your account and all associated data.
• Correct your data — update or correct personal information through your account settings.
• Opt out of analytics data collection in your app settings.

For EU/EEA residents (GDPR): We process your data based on consent (conversations), contract (service provision), and legitimate interest (security, service improvement). You may exercise your rights under Articles 15-22 of the GDPR by contacting us.

For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information (though we never sell your data). We do not discriminate against users who exercise their privacy rights.

Lumis is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest (AES-256), row-level security policies, and regular security reviews. However, no system is 100% secure. We encourage you to use strong authentication for your account.

We may update this Privacy Policy from time to time. We will notify you of significant changes through the app or via email. Continued use of Lumis after changes constitutes acceptance of the updated policy.

For privacy-related questions or to exercise your data rights, contact us at privacy@getlumis.app.