Privacy Policy

Last Updated: February 17, 2026
Effective Date: February 17, 2026

This Privacy Policy explains how Lumivo ("Lumivo", "we", "us", or "our") collects, uses, shares, and protects information when you use the Lumivo mobile application and related services (collectively, the "Service").

If you have questions, contact:

Legal entity: [[INSERT LEGAL ENTITY NAME]]
Email: [[INSERT PRIVACY CONTACT EMAIL]]
Mailing address: [[INSERT BUSINESS ADDRESS]]

1. Scope

This Policy applies to data processed through:

The Lumivo iOS and Android applications
In-app account, subscription, sync, export/import, and support flows
Third-party providers we use to operate app features

This Policy does not apply to third-party services we do not control, including app stores and external websites/services, which are governed by their own privacy policies.

2. Information We Collect

2.1 Information You Provide

Depending on features you use, we may collect:

Account information: name, email address, authentication provider data, Firebase user ID, profile image
User content and settings: journal entries, ideas, habits, habit logs, tags, notes, media attachment data, voice note data, feature settings, and related metadata
Communications you send to us (for example, support requests or feedback)

2.2 Information Collected Automatically

We may automatically collect:

Analytics/usage events (for example, feature usage, screen views, search queries, and subscription-related events), which may be linked to your user ID
Diagnostics and crash/error data (including stack traces, error context, and user identifiers for debugging)
Security audit events (for example, authentication and security-setting events)
Device and app context data needed for reliability, fraud/abuse prevention, and service operations (for example, app version, OS version, device model)

2.3 Information From Third Parties

When enabled or used by you, we may receive:

Authentication data from Firebase Auth and enabled sign-in providers (for example, Google or Apple)
Subscription and entitlement metadata from RevenueCat and app stores
Advertising response data from Google AdMob

2.4 Permissions-Based Data

Depending on the features you use, Lumivo may request device permissions, including:

Camera/photos/files (media capture and selection)
Microphone (voice notes)
Biometric authentication (Face ID / Touch ID / fingerprint — used for local device authentication only; biometric templates are managed by your device OS and are not accessed or stored by Lumivo)
Notifications (local reminders)
Calendar/reminders (calendar integration features)

You can deny or revoke permissions in your OS settings; related features may then be limited or unavailable.

3. How We Use Information

We use data to:

Provide and operate app functionality
Authenticate users and secure access
Enable optional cloud sync and multi-device continuity
Deliver subscription and purchase-related functionality
Enable optional integrations and media providers
Provide optional AI insight features that run on-device when enabled
Monitor performance, reliability, and abuse/security risk
Comply with law and enforce our Terms

4. Local-First Storage, Cloud Sync, and Encryption

Lumivo uses a local-first architecture with optional cloud sync.

Local-first storage: app data is stored locally on your device by default.
Optional cloud sync: cloud sync is opt-in and requires sign-in.
Cloud sync scope: supported collections may sync to cloud databases (for example, user profile data, journal entries, habits, habit logs, ideas, idea steps, and idea milestones).
Vision board data: currently local-only in core sync flows.
Media sync behavior: media file sync may be limited by entitlement state; some media may remain on-device until eligible status.
Encryption controls: Lumivo uses local encryption controls and applies field-level encryption to configured sensitive fields in sync payloads. Not every field is necessarily field-level encrypted.

No security system is perfect, and we cannot guarantee absolute security.

We do not sell personal information for monetary consideration. We may disclose data to:

Service providers/processors that help operate the Service, such as:
- Google Firebase (Auth, Firestore, Storage, Analytics, Crashlytics, Remote Config, App Check)
- Google Fonts (font assets downloaded from Google servers)
- RevenueCat (subscription management)
- Apple App Store / Google Play (purchase processing and restore flows)
- Google AdMob (ads for eligible users; may use personalized ads by default — see Section 6)
Security operations tooling (for example, SIEM forwarding if configured)
Authorities and other parties when required by law, legal process, or to protect rights/safety/security
Parties involved in a merger, financing, acquisition, or other corporate transaction, subject to lawful safeguards

6. Advertising, Analytics, and Diagnostics

Analytics and diagnostics may be used to monitor app usage and stability. Analytics events may be linked to your user ID for reporting purposes.
Ads may be shown to users on the free plan. Google AdMob may use personalized ads by default, which may involve the collection and use of device identifiers (such as IDFA on iOS or Advertising ID on Android) and ad interaction data.
On iOS, if applicable, you will be prompted via App Tracking Transparency (ATT) before any cross-app tracking occurs. You may decline tracking, and ads will be shown in non-personalized mode.
For users in the European Economic Area (EEA) and UK, you will be presented with a consent prompt for personalized advertising in accordance with applicable data protection law.
Ad/analytics providers may process identifiers and event data under their own terms.
You can manage certain ad/tracking preferences through device/provider controls.
Some ad-tech disclosures may be considered "sharing" under certain U.S. state laws (including California), and applicable opt-out rights are described below.

7. Data Retention

We retain data only as long as reasonably necessary for the purposes in this Policy, including:

Account/cloud data while needed to operate the Service, enforce anti-abuse protections, and meet legal obligations
User content (journal entries, habits, ideas, vision boards, and related data) is retained until you delete it through in-app controls or uninstall the app; there is no automated content deletion
Local device data until removed by your actions (for example, clear/delete/export workflows) or uninstall
Security audit records under configured retention controls (default ~90 days; configurable bounds in app logic)
Trial/entitlement and anti-abuse metadata as needed for eligibility and integrity controls
Media files stored in cloud sync persist until you delete them or request account data deletion

Retention periods may vary due to legal obligations, dispute handling, fraud prevention, and platform constraints.

8. Your Rights and Choices

Depending on where you live, you may have rights to:

Access personal information
Correct inaccurate personal information
Delete personal information
Restrict/object to certain processing
Receive portable copies where applicable
Withdraw consent where processing is based on consent
Lodge complaints with a regulator/supervisory authority

8.1 In-App Controls

Lumivo includes controls such as:

Cloud sync enable/disable
Data export (available to signed-in users) and data import (feature availability may depend on plan/state)
Local data clear/delete controls
Sign-out and account/session controls
Permission controls via device OS settings

8.2 Account and Data Deletion

You may delete your authentication account through in-app account/auth flows (for example, email/password deletion flow where available).
When you delete your account, Lumivo automatically deletes your synced cloud data (including Firestore documents such as journal entries, habits, ideas, and related records). Local data on your device is not automatically removed.
To erase local data, use in-app clear/delete controls and/or uninstall the app.
If you believe any cloud data was not fully removed, contact us at [[INSERT PRIVACY CONTACT EMAIL]].
We will process verifiable deletion requests within the timelines required by applicable law.

9. Regional Disclosures

9.1 EEA/UK

Where applicable, legal bases for processing may include:

Contract performance
Legitimate interests (for example, security, abuse prevention, reliability)
Consent (where required)
Legal obligations

9.2 California

California residents may have rights under CCPA/CPRA (subject to statutory exceptions), including rights to:

Know/access categories and specific pieces of personal information
Delete personal information
Correct inaccurate personal information
Opt out of certain "sale" or "sharing" uses (as those terms are defined by law)
Limit certain uses of sensitive personal information
Non-discrimination for exercising privacy rights

To exercise applicable California rights, contact: [[INSERT PRIVACY CONTACT EMAIL]].

10. Children’s Privacy

Lumivo is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child provided personal information, contact us so we can investigate and take appropriate action.

11. International Data Transfers

Your information may be processed in countries other than your own, including countries where our service providers operate. Where required, we apply lawful transfer mechanisms and safeguards.

12. Third-Party Services and Links

Third-party integrations and links are governed by third-party terms and policies, not this Policy. Review those third-party policies directly.

13. Changes to This Policy

We may update this Policy periodically. We will post the updated version with a revised "Last Updated" date. Material changes may also be communicated in-app or through other reasonable channels.

14. Contact

For privacy requests or questions:

Email: [[INSERT PRIVACY CONTACT EMAIL]]
Address: [[INSERT BUSINESS ADDRESS]]