Privacy Policy

Last Updated: May 28, 2026
Effective Date: May 28, 2026

This Privacy Policy explains how ShiftUnlock (“Lumivo”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use the Lumivo mobile application and related services (collectively, the “Service”).

If you have questions, contact:

  • Legal entity: ShiftUnlock
  • Email: business@shiftunlock.com

1. Scope

This Policy applies to data processed through:

  • The Lumivo iOS and Android applications
  • In-app account, subscription, sync, export/import, and support flows
  • Third-party providers we use to operate app features

This Policy does not apply to third-party services we do not control, including app stores and external websites/services, which are governed by their own privacy policies.

2. Information We Collect

2.1 Information You Provide

Depending on features you use, we may collect:

  • Account information: name, email address, authentication provider data, Firebase user ID, profile image
  • User content and settings: journal entries, plans, habits, habit logs, tags, notes, media attachment data, voice note data, feature settings, and related metadata
  • Communications you send to us (for example, support requests or feedback)

2.2 Information Collected Automatically

We may automatically collect:

  • Analytics/usage events (for example, feature usage, screen views, search queries, and subscription-related events), which may be linked to your user ID
  • Diagnostics and crash/error data (including stack traces, error context, and user identifiers for debugging)
  • Security audit events (for example, authentication and security-setting events)
  • Device and app context data needed for reliability, fraud/abuse prevention, and service operations (for example, app version, OS version, device model). For fraud prevention, we generate a one-way cryptographic hash of a platform-provided device identifier; the original identifier is never stored or transmitted to our servers
  • Device integrity signals (for example, root/jailbreak detection, emulator detection, and app tampering checks) collected by our runtime application self-protection provider for security purposes

2.3 Information From Third Parties

When enabled or used by you, we may receive:

  • Authentication data from Firebase Auth and enabled sign-in providers (for example, Google or Apple)
  • Subscription and entitlement metadata from RevenueCat and app stores
  • Advertising response data from Google AdMob
  • Ad attribution data via Apple SKAdNetwork (anonymized, aggregated install and conversion data shared among participating ad networks)

2.4 Permissions-Based Data

Depending on the features you use, Lumivo may request device permissions, including:

  • Camera/photos/files (media capture and selection for journal entries and vision boards)
  • Microphone (voice notes for journal entries and ideas)
  • Speech recognition (converting voice input to text for journal entries and ideas)
  • Biometric authentication (Face ID / Touch ID / fingerprint — used for local device authentication only; biometric templates are managed by your device OS and are not accessed or stored by Lumivo)
  • Notifications (local reminders for habits and plans)
  • Calendar/reminders (read-only access to your device calendar for displaying calendar events alongside your habits, plans, and journal entries; Lumivo does not write to your device calendar)
  • Location (when granted, used to provide weather information and enable location-based journal entries; location data is stored locally with your journal entry and, if cloud sync is enabled, synced with your encrypted data)
  • Bluetooth (used by our device integrity provider for security verification; Lumivo does not use Bluetooth to communicate with external devices or collect Bluetooth device data)

You can deny or revoke permissions in your OS settings; related features may then be limited or unavailable.

3. How We Use Information

We use data to:

  • Provide and operate app functionality
  • Authenticate users and secure access
  • Enable optional cloud sync and multi-device continuity
  • Deliver subscription and purchase-related functionality
  • Enable optional integrations and media providers
  • Provide optional AI insight features that run on-device when enabled (see Section 4.1)
  • Monitor performance, reliability, and abuse/security risk
  • Comply with law and enforce our Terms

4. Local-First Storage, Cloud Sync, and Encryption

Lumivo uses a local-first architecture with optional cloud sync.

  • Local-first storage: app data is stored locally on your device by default.
  • Optional cloud sync: cloud sync is opt-in and requires sign-in.
  • Cloud sync scope: supported collections may sync to cloud databases (for example, user profile data, journal entries, habits, habit logs, plans, plan steps, and plan milestones).
  • Vision board data: currently local-only in core sync flows.
  • Media sync behavior: media file sync may be limited by entitlement state; some media may remain on-device until eligible status.
  • Encryption controls: Lumivo uses local encryption controls and applies field-level AES-256-GCM encryption to configured sensitive fields (such as journal content, habit names, plan titles, and user profile data) in sync payloads. Not every field is necessarily field-level encrypted. Local data is stored in an encrypted SQLCipher database.

No security system is perfect, and we cannot guarantee absolute security.

4.1 On-Device AI Features

Lumivo includes optional AI-powered insight features that are:

  • Local-only: All AI processing runs entirely on your device using platform-native AI capabilities (such as Apple FoundationModels on iOS and ML Kit GenAI on Android). No data is sent to external AI services for inference.
  • Aggregated data only: The AI feature analyzes only aggregated analytics data, such as activity counts, mood distributions, streak lengths, and day-of-week patterns. It does not access your raw journal text, habit descriptions, plan content, or any other user-generated content.
  • Disabled by default: AI features are disabled by default and require you to enable them in Settings.
  • Informational only: AI-generated insights are for personal reflection and informational purposes only. They do not constitute professional medical, mental health, psychological, financial, or other professional advice. We make no guarantees regarding the accuracy, completeness, or reliability of AI-generated content.
  • User-controlled: You can enable or disable AI features at any time in the app’s Settings. AI availability also depends on your device’s hardware and software capabilities.

5. How We Share Information

We do not sell personal information for monetary consideration. We may disclose data to:

  • Service providers/processors that help operate the Service, such as:
    • Google Firebase (Auth, Firestore, Cloud Storage, Analytics, Crashlytics, Remote Config, App Check)
    • Google Fonts (font assets downloaded from Google servers during app use)
    • Google AdMob (ads for eligible users; may use personalized ads by default — see Section 6)
    • Apple SKAdNetwork and participating ad networks (anonymized, aggregated ad attribution data on iOS)
    • RevenueCat (subscription management and entitlement verification)
    • Apple App Store / Google Play (purchase processing and restore flows)
    • Talsec freeRASP (runtime application self-protection — collects device integrity signals such as root/jailbreak status, emulator detection, and app tampering indicators for security purposes)
  • Home screen widgets: When you use Lumivo home screen widgets, aggregated metadata (such as habit names, plan titles, journal streaks, and mood indicators) is made available to your device’s home screen widget system outside the app’s main sandbox. This data remains on your device.
  • Security operations tooling (for example, SIEM forwarding if configured)
  • Authorities and other parties when required by law, legal process, or to protect rights/safety/security
  • Parties involved in a merger, financing, acquisition, or other corporate transaction, subject to lawful safeguards

6. Advertising, Analytics, and Diagnostics

  • Analytics and diagnostics may be used to monitor app usage and stability. Analytics events may be linked to your user ID for reporting purposes.
  • Ads may be shown to users on the free plan. Google AdMob may use personalized ads by default, which may involve the collection and use of device identifiers (such as IDFA on iOS or Advertising ID on Android) and ad interaction data.
  • On iOS, if applicable, you will be prompted via App Tracking Transparency (ATT) before any cross-app tracking occurs. You may decline tracking, and ads will be shown in non-personalized mode.
  • For users in the European Economic Area (EEA) and UK, you will be presented with a consent prompt (via a Google-certified Consent Management Platform integrated with IAB Transparency and Consent Framework) for personalized advertising in accordance with applicable data protection law. You may choose to accept, decline, or manage your consent preferences at any time.
  • For users in US states with applicable privacy laws (including California, Virginia, Colorado, and Connecticut), you will be presented with relevant consent or opt-out options as required by law.
  • Ad/analytics providers may process identifiers and event data under their own terms.
  • You can manage certain ad/tracking preferences through device/provider controls.
  • Lumivo recognizes Global Privacy Control (GPC) signals. When a GPC signal is detected from your browser or device, we treat it as a valid opt-out of the “sale” or “sharing” of personal information under applicable U.S. state privacy laws, and we apply restricted data processing for advertising accordingly.
  • Some ad-tech disclosures may be considered “sharing” under certain U.S. state laws (including California), and applicable opt-out rights are described in Section 9.

7. Data Retention

We retain data only as long as reasonably necessary for the purposes in this Policy, including:

  • Account/cloud data while needed to operate the Service, enforce anti-abuse protections, and meet legal obligations
  • User content (journal entries, habits, plans, vision boards, and related data) is retained until you delete it through in-app controls or uninstall the app; there is no automated content deletion
  • Local device data until removed by your actions (for example, clear/delete/export workflows) or uninstall
  • Security audit records under configured retention controls (default approximately 90 days; configurable bounds in app logic)
  • Trial/entitlement and anti-abuse metadata as needed for eligibility and integrity controls. This includes a cryptographically hashed device identifier stored on platform servers (Apple DeviceCheck) or in our database for the sole purpose of preventing trial abuse. This hash cannot be reversed to identify you or your device and contains no personal information. This data is retained after account deletion under the legitimate interest basis for fraud prevention (GDPR Recital 47)
  • Media files stored in cloud sync persist until you delete them or request account data deletion
  • Firebase Analytics event data is retained according to Google’s data retention settings (typically up to 14 months, as configured in our Firebase project)
  • Firebase Crashlytics crash and error logs are retained according to Google’s policies (typically 90 days for crash data)
  • RevenueCat subscription and purchase records are retained by RevenueCat in accordance with their privacy policy and applicable legal requirements, including after account deletion

Retention periods may vary due to legal obligations, dispute handling, fraud prevention, and platform constraints.

8. Your Rights and Choices

Depending on where you live, you may have rights to:

  • Access personal information
  • Correct inaccurate personal information
  • Delete personal information
  • Restrict/object to certain processing
  • Receive portable copies where applicable
  • Withdraw consent where processing is based on consent
  • Lodge complaints with a regulator/supervisory authority

8.1 In-App Controls

Lumivo includes controls such as:

  • Cloud sync enable/disable
  • Data export (available to signed-in users with active subscription) in multiple formats including JSON, CSV, PDF, Markdown, HTML, and XLSX
  • Local data clear/delete controls
  • Sign-out and account/session controls
  • Permission controls via device OS settings
  • AI feature enable/disable toggle in Settings
  • Ad consent management (review and change your advertising consent preferences)

8.2 Account and Data Deletion

  • You may delete your authentication account through in-app account/auth flows (for example, email/password deletion flow where available).
  • When you delete your account, Lumivo automatically deletes your synced cloud data from our Firestore database (including journal entries, habits, habit logs, plans, plan steps, plan milestones, and user profile data). This deletion is typically completed within 30 days.
  • The following data may persist after account deletion:
    • A minimal, anonymous fraud-prevention marker (a cryptographic hash with no personal data) to prevent trial abuse, as permitted under applicable law
    • Firebase Analytics historical event data associated with your former user ID, retained by Google according to their data retention settings
    • Firebase Crashlytics crash logs that may contain your former user ID, retained by Google according to their policies
    • RevenueCat subscription and purchase records, retained by RevenueCat in accordance with their privacy policy
    • Media files in Firebase Cloud Storage are deleted as part of account deletion; however, CDN-cached copies may persist briefly
  • Local data on your device is not automatically removed when you delete your account. To erase local data, use in-app clear/delete controls and/or uninstall the app.
  • If you believe any cloud data was not fully removed, contact us at business@shiftunlock.com.
  • We will process verifiable deletion requests within the timelines required by applicable law.

9. Regional Disclosures

9.1 EEA/UK

Where applicable, legal bases for processing may include:

  • Contract performance
  • Legitimate interests (for example, security, abuse prevention, reliability)
  • Consent (where required, including for personalized advertising)
  • Legal obligations

You have the right to object to processing based on legitimate interests. To exercise this right, contact business@shiftunlock.com.

9.2 California

California residents may have rights under CCPA/CPRA (subject to statutory exceptions), including rights to:

  • Know/access categories and specific pieces of personal information
  • Delete personal information
  • Correct inaccurate personal information
  • Opt out of certain “sale” or “sharing” uses (as those terms are defined by law)
  • Limit certain uses of sensitive personal information
  • Non-discrimination for exercising privacy rights

Journal entries containing health, mood, or wellness-related content may constitute “sensitive personal information” under CPRA. You may request to limit the use and disclosure of such information.

To exercise applicable California rights, contact: business@shiftunlock.com.

9.3 Other US States

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Indiana, Kentucky, and Rhode Island — may have similar rights to access, correct, delete, and opt out of targeted advertising and certain data processing activities.

Lumivo honors Global Privacy Control (GPC) signals as a universal opt-out mechanism for targeted advertising and data sharing across all applicable U.S. state jurisdictions. When we detect a GPC signal, we automatically apply restricted data processing for advertising.

To exercise your rights under applicable state law, contact: business@shiftunlock.com.

9.4 Brazil (LGPD)

If you are located in Brazil, the following disclosures apply under the Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018):

  • Legal basis: We process your personal data primarily based on your consent and, where applicable, for the performance of a contract, compliance with legal obligations, or the exercise of rights in judicial, administrative, or arbitration proceedings.
  • Data Protection Officer (Encarregado): For LGPD-related inquiries, contact our Data Protection Officer at business@shiftunlock.com.
  • Data erasure: You may request deletion of your personal data. We will process erasure requests within 15 days of verification, unless retention is required by law.
  • International transfers: Your data may be transferred to countries outside Brazil where our service providers operate. We rely on Standard Contractual Clauses approved by the ANPD or your explicit consent for such transfers.
  • Breach notification: In the event of a security incident involving personal data, we will notify the ANPD and affected data subjects within the timelines required by ANPD Resolution No. 15/2024 (typically 3 business days of confirmation).
  • Children and adolescents: Under the LGPD, processing of personal data of children (under 12) requires specific parental consent. Processing of adolescent data (ages 12-17) must be in their best interest.

9.5 India (DPDP Act 2023)

If you are located in India, the following disclosures apply under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the DPDP Rules, 2025:

  • Consent: We process your personal data based on your consent. You may withdraw consent at any time through in-app controls or by contacting us; withdrawal does not affect the lawfulness of prior processing.
  • Children: Under the DPDP Act, a “child” is defined as any person under the age of 18. If you are under 18, verifiable parental or guardian consent is required before using the Service. We do not engage in behavioral monitoring or targeted advertising directed at children.
  • Data erasure: You may request erasure of your personal data. We will process verified erasure requests within 7 days, unless retention is required by law.
  • Breach notification: We will report any personal data breach to the Data Protection Board of India as required under the DPDP Act, regardless of the severity of the breach.
  • Grievance redressal: For any grievances related to the processing of your personal data, contact: business@shiftunlock.com. We will acknowledge your grievance and respond within the timelines prescribed by applicable law.

9.6 Japan (APPI)

If you are located in Japan, the following disclosures apply under the Act on the Protection of Personal Information (APPI):

  • Purpose of use: We use your personal information for the purposes described in Section 3 of this Policy. We will not use your information beyond those stated purposes without your prior consent.
  • Special care-required personal information: If your journal entries or other user content contain information related to medical history, health status, religious beliefs, race, or other categories designated under the APPI, such information is treated with special care. We apply field-level encryption to journal content and do not access raw content for AI or analytics processing.
  • Cross-border transfers: Your personal information may be transferred to countries outside Japan where our service providers (including Google and RevenueCat) operate. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place.
  • Disclosure and correction: You may request disclosure, correction, or deletion of your personal information held by us. Contact: business@shiftunlock.com.
  • Arbitration: Under the Japanese Arbitration Act, consumers have the right to unilaterally terminate arbitration agreements. Our Terms do not include mandatory arbitration.

9.7 Indonesia (UU PDP)

If you are located in Indonesia, we process your personal data in accordance with Indonesia’s Personal Data Protection Law (Undang-Undang Pelindungan Data Pribadi, UU PDP). You may exercise your rights under the UU PDP, including the right to access, correct, and delete your personal data, by contacting: business@shiftunlock.com.

10. Children’s Privacy

Lumivo is a general-audience personal productivity application. Lumivo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. We do not serve child-directed advertising or apply child-directed ad content flags.

In jurisdictions where “child” is defined differently (for example, under 18 in India under the DPDP Act, or under 12 in Brazil under the LGPD), we comply with the applicable age thresholds and parental/guardian consent requirements as described in Section 9.

If you believe a child under the applicable age threshold in your jurisdiction has provided personal information through Lumivo without required consent, please contact us so we can investigate and take appropriate action, including deleting such information as required by applicable law.

11. International Data Transfers

Your information may be processed in countries other than your own, including countries where our service providers operate (for example, the United States, where Google and RevenueCat maintain servers).

Where required by applicable law, we rely on the following transfer mechanisms and safeguards:

  • Standard Contractual Clauses (SCCs): Our key processors (including Google/Firebase) incorporate EU-approved Standard Contractual Clauses in their data processing agreements.
  • EU-US Data Privacy Framework: Where applicable, our US-based processors may rely on the EU-US Data Privacy Framework for transfers from the EEA.
  • Supplementary technical measures: Lumivo applies AES-256-GCM field-level encryption to sensitive data fields before transmission to cloud services. Local data is stored in encrypted SQLCipher databases. These measures ensure that even if data is accessed by a third party during transit or storage, the content remains protected.
  • We have conducted a Transfer Impact Assessment (TIA) to evaluate the level of data protection in recipient countries and the effectiveness of our supplementary measures.

12. Third-Party Services and Links

Third-party integrations and links are governed by third-party terms and policies, not this Policy. Review those third-party policies directly.

13. Open-Source Software

The Service incorporates open-source software components. License notices for these components are available within the app’s Settings/About section.

14. Data Protection and Privacy Assessments

  • We have conducted a Data Protection Impact Assessment (DPIA) covering our on-device AI features, cloud sync processing, and field-level encryption architecture.
  • For privacy inquiries, data protection concerns, or to exercise your rights under applicable law, contact our privacy team at: business@shiftunlock.com.
  • For LGPD-related inquiries (Brazil), our Data Protection Officer (Encarregado) can be reached at: business@shiftunlock.com.

15. Changes to This Policy

We may update this Policy periodically. We will post the updated version with a revised “Last Updated” date. Material changes may also be communicated in-app or through other reasonable channels. We will provide at least 30 days’ advance notice of material changes where practicable.

16. Contact

For privacy requests or questions:

  • Legal entity: ShiftUnlock
  • Email: business@shiftunlock.com
Scroll to Top