Privacy Policy

Luma: Daily Reset ("Luma")
Platforms: iOS and Android
Effective date: 28 February 2026

1) Summary

Luma is built to be calm, useful, and privacy-conscious.

• We do not require accounts or login.
• We do not run ads.
• We do not use third-party analytics SDKs.
• We do not collect location data.
• Most app data is stored locally on your device.
• AI features are processed through our backend and OpenAI.

2) Data We Collect (On-device vs server)

A) Data stored on your device (local storage)
Luma stores app data locally using Hive, including app settings, streak/completion state, usage limiter state, cached tips/history, reminder preferences, and widget display values.

This data stays on your device unless you remove the app or clear local data.

B) Data processed on our server
When you use AI features (daily insights or chat), requests are sent to our backend (Cloudflare Worker). We may process the text you submit plus basic technical logs (for example IP address, timestamp, user agent).

We use server logs only for security, abuse prevention, rate limiting, debugging, and service reliability.

3) AI Features & Third Parties (OpenAI)

Luma uses AI to generate daily insights and chat responses.

• App requests go to our backend (Cloudflare Worker).
• Our backend sends AI requests to OpenAI as a third-party processor.
• OpenAI processes request content to provide responses.

Luma does not include third-party advertising networks or third-party analytics SDKs.

4) Notifications

Luma offers optional daily reminders. Notifications are based on your settings, are local to your device, and can be turned off at any time in app settings or system settings.

5) Subscriptions & Billing (Apple/Google)

Luma Plus is offered as auto-renewing monthly and yearly subscriptions.

• Purchases are handled by Apple App Store / Google Play Billing.
• We do not receive your full payment card details.
• We receive only status information required to unlock subscription features.

6) Data Retention

• On-device data: kept until you delete the app or clear/reset local app data.
• Server logs: retained only as long as reasonably necessary for security, abuse prevention, and reliability.
• AI request processing: handled through our backend and OpenAI; retention may vary by provider policy and legal obligations.

7) Your Rights (GDPR)

If you are in the UK/EU, you may have rights including access, correction, deletion, restriction, objection, portability, and the right to lodge a complaint with your local data protection authority.

Because Luma is primarily local-first, deleting the app/local data may satisfy many deletion requests.

8) Children’s Privacy

Luma is not directed to children under 13 (or the relevant minimum age in your country). We do not knowingly collect personal data from children.

9) Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and publish the revised policy.

10) Contact Us

For privacy questions or requests, contact: support@lumbrestudios.app