LUMA Privacy Policy

Overview

This Privacy Policy explains how the Luma mobile application (“Luma”, “we”, “us”) collects, uses, and stores information when you use the app. It summarizes behavior implemented in the app and its backend services and is intended to be clear, concise, and easy to read.

By using Luma, you agree to this Policy. If you do not agree, please do not use the app.

Information We Collect

• Email (authentication): Used to send a one-time code for passwordless login.
• Profile information: Name (optional), native language, learning language, and self-assessed level (A1–C2).
• Chat content: Messages you send and assistant responses, processed to provide chat functionality.
• Permissions map: Feature flags retrieved from the backend to determine what is available to your account (e.g., whether chat is enabled).
• Local error logs: On-device logs of failures (e.g., network errors) including message text, HTTP status, and stack traces. These remain on your device unless you choose to share them.

How We Use Information

• To authenticate you and keep you signed in using access and refresh tokens.
• To provide and improve chat features, including streaming assistant responses.
• To store and apply your profile settings to personalize your in-app experience.
• To determine access to features using the permissions map.

Where Information Is Stored

• On your device: Access/refresh tokens and the permissions map so the app can function and keep you signed in.
• Backend services: Account data, profile, permissions, chat messages, and related operational data processed through the app’s API.

Third-Party Sign-In

If you use Google Sign-In, Luma uses your Google ID token only to obtain an access token from the backend for your session. It is not used for other purposes.

Data Sharing

We share information only as necessary to operate the app and its backend (for example, to process authentication). We do not disclose your chat content or profile to unrelated third parties for their independent marketing purposes.

Retention

Information is retained for as long as needed to provide the service and maintain legitimate business operations (for example, account management and security). Local error logs remain on your device unless you clear them or remove the app. Tokens stored on your device are cleared when you log out.

International Transfers

Depending on your location and the location of our service providers, your information may be processed outside your country. Where required, we rely on appropriate safeguards to protect your information.

Security

We implement technical and organizational measures designed to protect your information. No system is perfectly secure, and we cannot guarantee absolute security, but we work to protect information against unauthorized access, use, alteration, or destruction.

Your Choices

• Update profile: Edit your name, languages, and level in the Profile screen.
• Log out: Use the Logout option to clear tokens stored on your device.
• Error logs: View on-device logs in the Logs screen; these are not sent automatically.

Your Rights

Depending on your location, you may have rights such as access, rectification, deletion, portability, restriction of processing, and objection. You may also withdraw consent where processing is based on consent. You can exercise applicable rights using the options provided in the app (for example, updating your profile or logging out). If additional assistance is needed, contact us using the support options made available in the app.

You may also have the right to lodge a complaint with your local data protection authority.

Changes to This Policy

We may update this Policy from time to time. If changes are material, we will take steps to inform you, such as updating the date at the top of this page or providing a notice in-app.