Privacy Policy

Lumee is built on the belief that your inner world is yours alone. This policy explains exactly what data we collect, how we use it, who we share it with, and what rights you have over it. We have written it to be readable — not to obscure anything.

The data controller for Lumee is Nadav Gelbard, an individual operating Lumee, based in Israel. You can reach us at hello@withlumee.com.

1. What data we collect and why

We collect only what is necessary to operate the app and improve your experience.

Account identifier. When you first open Lumee, Firebase Authentication automatically creates an anonymous account and assigns you a unique user ID. This ID is used to link all your content to your session. It does not contain your name, email address, or any other identifying information. If you later choose to link a Google or Apple account, we receive a name and email address from that provider, which we store as part of your profile.

Profile data. During onboarding, we ask for an optional display name, age range, gender, manifesting experience level, and focus areas. This information is used to personalize your experience and is stored in Firestore under your account. Providing it is voluntary — the app functions without it.

User content. Everything you create in Lumee — your intentions, journal entries (gratitude, process, and signs), affirmation preferences, and vision board content — is stored in Google Cloud Firestore under your account. Vision board images you upload are stored in Firebase Cloud Storage. This content is private to you and is used solely to operate the app on your behalf.

Notification preferences and device token. If you enable push reminders, we store your preferred notification times, frequency settings, and a Firebase Cloud Messaging (FCM) device token. The device token is used only to deliver reminders to your device. It is deleted when you disable notifications or delete your account.

Subscription and purchase data. When you subscribe, the Apple App Store or Google Play Store processes your payment. We use RevenueCat to manage your subscription state. RevenueCat receives your anonymous user ID, purchase receipt metadata, subscription status, and trial dates. RevenueCat does not receive or access any of your content.

Crash and diagnostic data. We use Firebase Crashlytics to automatically collect crash reports when the app encounters an unexpected error. These reports include device type, operating system version, app version, and a stack trace. They do not include your content or personal information beyond what is necessary to diagnose the crash.

Usage analytics. We use Firebase Analytics to understand aggregate usage patterns — for example, which features are used most. This data is collected at an aggregate level and is not used to identify individual users or read their content. Firebase Analytics does not use advertising identifiers. You can request deletion of your analytics data by deleting your account.

2. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

• Contract performance (Article 6(1)(b)). We process your account identifier, content, and subscription data to provide the service you signed up for. Without this processing, we cannot operate the app.
• Legitimate interests (Article 6(1)(f)). We process crash reports and aggregated analytics to maintain and improve the app. Our legitimate interest in operating a reliable, improving service outweighs the minimal privacy impact of anonymous diagnostic data.
• Consent (Article 6(1)(a)). We rely on your consent for push notification delivery. You can withdraw consent at any time through your device notification settings.

3. Third-party services and data sharing

We do not sell your personal data. We do not share your content with advertisers or data brokers. We share limited data only with the following service providers who help us operate Lumee:

• Firebase / Google Cloud (Google LLC). Firebase provides authentication, database storage (Firestore), file storage (Cloud Storage), push notifications (FCM), crash reporting (Crashlytics), and usage analytics. Your data is processed on Google Cloud infrastructure. Google acts as a data processor on our behalf under Google's Cloud Data Processing Addendum. Google's privacy policy is available at policies.google.com/privacy.
• RevenueCat (RevenueCat, Inc.). RevenueCat manages subscription state and purchase validation. It receives your anonymous user ID, subscription status, and purchase receipt metadata from the App Store or Play Store. It does not receive your content or personally identifiable profile information. RevenueCat's privacy policy is available at revenuecat.com/privacy.
• Unsplash (Unsplash, Inc.). If you search for images within the vision board feature, your search query is sent to the Unsplash API to retrieve results. Unsplash's privacy policy is available at unsplash.com/privacy.
• Google Fonts. The app loads font files (Nunito, Playfair Display) from Google's font CDN. This involves a network request to Google's servers. Google's privacy practices for Fonts are described at developers.google.com/fonts/faq/privacy.
• ElevenLabs (ElevenLabs, Inc.). When you listen to an affirmation, the affirmation text is sent to ElevenLabs to generate spoken audio. For curated affirmations this is app-authored content; for custom affirmations this is text you wrote. Generated audio is cached in Firebase Cloud Storage. ElevenLabs' privacy policy is available at elevenlabs.io/privacy.
• Google Gemini (Google LLC). When you create a vision board, the phrases you enter, the topics you select, and any reference photos you upload are sent to Google's Gemini API to generate your board image. Google's privacy policy is available at policies.google.com/privacy.

Beyond the above, we do not transfer your data to any other third parties.

4. International data transfers

Lumee is operated from Israel. Our primary service providers — Google Cloud and RevenueCat — are based in the United States and process data on servers that may be located in the United States or other countries outside your own. Where these transfers involve personal data from the EEA or UK, they are conducted under Google's and RevenueCat's Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms as required by GDPR Chapter V.

Israel has been recognized by the European Commission as a country that provides an adequate level of data protection under Commission Decision 2011/61/EU, meaning transfers of personal data from the EEA to Israel are permitted without additional safeguards.

5. Data retention

We retain your data for as long as your account is active. Specifically:

• Account and content data is retained until you delete your account. When you delete your account from the Settings screen, all your content — intentions, journal entries, vision board images, affirmation preferences, and profile data — is permanently deleted from Firestore and Firebase Storage. This process completes within 30 days.
• FCM device tokens are deleted when you delete your account or disable notifications.
• Crash reports are retained by Firebase Crashlytics for 90 days by default, after which they are automatically purged by Google.
• Analytics data is aggregated and retained by Firebase Analytics according to Google's standard retention settings (up to 14 months for user-level data, at our configuration).
• Subscription records are retained by RevenueCat for as long as necessary to manage your subscription and comply with applicable accounting and tax obligations, typically up to 7 years.

6. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

For users in the EEA and UK (GDPR / UK GDPR)

• Right of access. You can request a copy of the personal data we hold about you.
• Right to rectification. You can correct inaccurate data directly within the app (profile settings) or by contacting us.
• Right to erasure. You can delete your account and all associated data at any time from the Settings screen. You may also contact us to request erasure of specific data.
• Right to data portability. You can request your personal data in a structured, commonly used, machine-readable format. To request a data export, contact us at hello@withlumee.com.
• Right to restriction. You can request that we restrict processing of your data in certain circumstances.
• Right to object. You can object to processing based on our legitimate interests at any time.
• Right to withdraw consent. Where we rely on consent (push notifications), you can withdraw it at any time through your device settings.
• Right to lodge a complaint. You have the right to lodge a complaint with your local data protection authority. In the EU, you may contact the supervisory authority in your member state. In Israel, you may contact the Israeli Law, Information and Technology Authority (ILITA) at gov.il/en/departments/ilita.

For users in California (CCPA / CPRA)

• Right to know. You have the right to know what categories of personal information we collect, why we collect it, and whether we share it with third parties. This policy provides that disclosure in full.
• Right to delete. You can request deletion of your personal information. You can do this directly in the app (Settings → Delete Account) or by contacting us.
• Right to opt out of sale or sharing. We do not sell personal information. We do not share personal information for cross-context behavioral advertising. No opt-out mechanism is required for Lumee's data practices.
• Right to non-discrimination. We will not discriminate against you for exercising any of your California privacy rights.

To exercise any of these rights, contact us at hello@withlumee.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling certain requests.

7. Security

We take reasonable technical and organizational measures to protect your data. Your data is encrypted in transit using TLS and encrypted at rest on Google Cloud infrastructure. Firestore security rules ensure that only your authenticated session can read or write your data. No authentication system is perfect, however, and we cannot guarantee absolute security.

If you are using an anonymous account (no linked Google or Apple account), note that your data is tied to your device session. If you uninstall the app or lose access to your device without having linked an account, we cannot recover your data.

8. Children's privacy

Lumee is not directed at children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are under 13, please do not use Lumee or provide any information to us. If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has created an account, please contact us at hello@withlumee.com.

9. Cookies and tracking

Lumee is a mobile app and does not use cookies. The app does not embed web browsers or run web-based tracking. Firebase Analytics uses a randomly generated app instance ID (not a cookie) to associate usage events with a session. This identifier does not contain personally identifiable information and is reset if you uninstall and reinstall the app.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. If we make material changes — particularly changes that affect how we use your content or with whom we share it — we will notify you through the app before the changes take effect. Continued use of Lumee after the effective date of a revised policy constitutes your acceptance of the changes.

11. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your information, please contact:

Nadav Gelbard
Lumee
Israel
hello@withlumee.com

We aim to respond to all privacy inquiries within 30 days.