Privacy Policy

LUMREN ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the LUMREN mobile application and website (collectively, the "Service").

Please read this policy carefully. By using LUMREN you agree to the practices described here. LUMREN is not a healthcare provider and is not HIPAA-covered.

1. Information We Collect

Information you provide directly:

• Name and age (provided during onboarding — you must be 13 or older to use LUMREN)
• Wellness intentions and personal goals
• Journal entries and mood logs
• Companion conversation messages
• Companion name and voice preferences

Biometric and health data:

• Heart rate (BPM) and heart rate variability (HRV) measurements
• Estimated breathing rate and perfusion index
• Stress level and recovery score estimates
• Scan history and timestamps

These measurements are computed on-device from your phone camera. Raw camera data is never stored or transmitted — only the computed wellness metrics are saved. Camera access is only active during an active scan in the foreground.

Mental health and emotional data:

• Journal entries, mood logs, and emotional state ratings
• AI companion conversation summaries and emotional pattern observations
• A personalised companion profile ("soul data") including emotional patterns, breakthroughs, and session history — built over time to personalise your experience

This data is stored on your device and optionally synced to our servers when you are signed in. You can delete it at any time from within the app.

Usage data:

• Session length and app interaction patterns
• Wellness tool usage (breathwork, sound, mudra, healing codes)
• Clarity streak and daily activity logs
• Device type, operating system version, and app version

2. How We Use Your Information

We use the information we collect to:

• Provide, personalise, and improve the LUMREN Service
• Power AI companion responses with context about your current state
• Generate personalised wellness recommendations based on your biometric data
• Track your clarity streak, dimensional level, and progress over time
• Send push notifications when enabled (nudges, insights, reminders)
• Analyse aggregate usage to improve app features and performance
• Comply with legal obligations

We do not use your health or biometric data for advertising purposes. We do not sell your personal data to third parties.

3. Data Storage and Security

Your data is stored using the following systems:

• On-device storage: Most app state (preferences, recent scans, messages) is stored locally on your device using AsyncStorage and is not accessible to us unless you sign in and sync.
• Supabase (cloud): When you are signed in, the following may be synced to our secure Supabase database for backup and cross-device access: completed heart scan data, journal entries, your personalised companion profile ("soul data" — including emotional patterns, session history, and breakthroughs). Data is encrypted in transit and at rest.

We implement industry-standard security measures including TLS encryption for all data in transit, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure.

4. Device Permissions

LUMREN requests the following device permissions. Each is optional unless noted, and can be revoked at any time in your device Settings.

• Camera: Used solely during a heart scan to read subtle colour changes in your fingertip via the rear camera and torch. No images or video are recorded, stored, or transmitted. Camera is only active during an active foreground scan session.
• Microphone: Used in the Talk screen for voice conversations with your AI companion. Audio is processed in real time — speech is converted to text on-device or via a secure API call, then sent as text to generate a response. Raw audio is never stored or sent to third parties.
• Notifications: Used to send daily check-in reminders, wellness nudges, and insight updates. You can enable or disable notifications at any time from device Settings. We do not send marketing emails or third-party promotional notifications.
• Screen Time / Family Controls (iOS): Used by the optional Digital Reset feature to temporarily block selected apps. Requires explicit setup by you — never enabled automatically. See Section 6 for full details.
• Usage Access (Android): Used by the optional Digital Reset feature to detect when a blocked app comes to the foreground. Never used to log or transmit your general app usage. See Section 6 for full details.

5. Digital Reset — App Blocking (iOS and Android)

LUMREN offers an optional Digital Reset feature that temporarily blocks apps you choose for 68 seconds before allowing access. This feature is entirely voluntary and requires explicit setup by you.

iOS (Family Controls):

• Digital Reset on iOS uses Apple's Family Controls framework. You select which apps to block using Apple's native app picker — this selection is processed entirely by Apple's system and is never transmitted to LUMREN's servers.
• LUMREN does not know, record, or store which apps you choose to block. App selection data stays on your device inside Apple's secure Family Controls container.
• When a blocked app is opened, a shield screen appears powered by Apple's ManagedSettings framework. LUMREN does not monitor your app usage outside of the shield interaction itself.
• Your current wellness state (stress level, HRV, recovery score, mental state) is written to a shared on-device container so the shield screen can suggest the most relevant 68-second tool. This data never leaves your device.

Android (Usage Access):

• Digital Reset on Android requires Usage Access permission (via Android's UsageStatsManager) and the ability to display over other apps (SYSTEM_ALERT_WINDOW). Both permissions are optional and must be granted by you in Android Settings.
• Usage access is used solely to detect when a blocked app comes to the foreground so the reset screen can appear. We do not log, transmit, or analyse your general app usage patterns.
• The list of apps you choose to block is stored locally on your device using Android SharedPreferences. It is never transmitted to LUMREN's servers.
• After your 68-second reset completes, a cooldown period (set by you) prevents the reset screen from appearing again for that app until the cooldown expires.

The Digital Reset feature collects no data that is transmitted off your device beyond what is already described in this policy. It is a tool for your personal wellness and attention management — not a monitoring system.

6. AI Services and Data

LUMREN uses two third-party AI services:

• Anthropic (Claude): Processes conversation text to generate your AI companion responses. Only the text of the conversation is sent — no health metrics, no biometric data, no personally identifiable information beyond the conversation content itself. Anthropic does not use your data to train AI models under our agreement.
• ElevenLabs: Converts text to speech for voice responses. Only the text of the AI reply is sent — no user audio, no health data. ElevenLabs does not receive your voice recordings.

Neither service uses your data to train AI models. This is disclosed in the app on the paywall and Talk screens.

7. Third-Party Services

We use the following third-party services:

• Anthropic (Claude API): AI language model for companion responses
• ElevenLabs: Text-to-speech voice synthesis (text-to-speech only; no audio recordings sent)
• Supabase: Cloud database and authentication
• RevenueCat: In-app subscription and purchase management
• PostHog: Product analytics (screen views, feature usage, session events — no health data, no email address collected)
• Sentry: Crash reporting and error monitoring (crash logs and stack traces only; no personal health data is sent to Sentry)
• Expo / React Native: App framework and push notification infrastructure

Each third party processes data under their own privacy policies. We encourage you to review those policies.

8. Children's Privacy

LUMREN is rated 13+ and is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@lumren.app and we will delete it promptly.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability
• Withdraw consent at any time

To exercise these rights, contact us at privacy@lumren.app. We will respond within 30 days.

You can also delete all your data immediately from within the app: go to Settings → Delete Everything. This permanently erases all your data from our servers and your device.

10. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. You can delete all your data immediately at any time via Settings → Delete Everything in the app — this performs immediate erasure from both your device and our servers. If you request deletion by email, we will complete it within 30 days, except where retention is required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notice or email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: privacy@lumren.app
• Website: lumren.app