Privacy Policy

1. Overview

This Privacy Policy describes how Lumia Interactive Ltd. (“Lumia,” “we,” “us,” or “our”) collects, uses, and shares information about you when you use our mobile applications, website, and related services (collectively, the “Services”).

By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

2. Data We Collect

2.1 Information You Provide

• Account data: Name, email address, date of birth, and profile photo when you register.
• Profile information: Bio, interests, languages spoken, and other optional fields you choose to complete.
• Communications: Messages and media you send through the platform (stored encrypted end-to-end — we cannot access these).
• Verification data: Government ID documents submitted for identity verification (processed by our third-party KYC partner and not stored by Lumia after verification is complete).
• Support data: Information you provide when contacting our support team.

2.2 Automatically Collected Data

• Usage data: Features you use, screens you view, interactions you make — used to improve the platform.
• Device data: Device type, operating system version, app version, and crash logs for debugging purposes.
• Location data: Coarse location (city-level) for regional content and matching. We never collect precise GPS location without your explicit consent.
• Log data: IP addresses, access timestamps, and API calls for security monitoring.

2.3 Data We Do NOT Collect

We do not collect: your contacts list, microphone or camera access outside of active sessions, browsing history outside the app, financial data (unless you subscribe to a paid plan, which is handled by Stripe), or any biometric data beyond what is required for ID verification.

3. How We Use Data

We use the data we collect to:

• Provide, maintain, and improve the Services
• Generate AI-powered connection recommendations personalized to you
• Detect and prevent fraud, abuse, and harmful behavior
• Communicate with you about your account and service updates
• Comply with legal obligations
• Analyze aggregate, anonymized usage trends to guide product development

We never use your data to show you advertisements. Our business model is based on subscriptions, not advertising.

4. Data Sharing

We share personal data only in these limited circumstances:

• Service providers: Trusted third parties who help operate the platform (cloud hosting, analytics, payment processing), bound by strict data processing agreements.
• Legal requirements: When required by law, court order, or to protect the rights, property, or safety of Lumia or our users.
• Business transfers: In the event of a merger or acquisition, with advance notice to you and continuation of this privacy policy.
• With your consent: Any other sharing only with your explicit permission.

We do not sell, rent, or trade your personal data to any third party. Ever.

5. Data Retention

We retain your data for as long as your account is active, plus up to 90 days after account deletion to handle support requests or legal compliance requirements. After this period, data is permanently and irreversibly deleted from all systems.

Message content is stored only on your device and on the devices of your conversation partners. Our servers facilitate encrypted delivery but do not retain message content once delivered.

6. Your Rights

Depending on your location, you have rights including:

• Access: Request a copy of all data we hold about you
• Correction: Fix inaccurate or incomplete data
• Deletion: Delete your account and all associated data
• Portability: Export your data in a machine-readable format
• Objection: Object to certain processing activities
• Restriction: Limit how we use your data in certain circumstances

To exercise any right, contact us at privacy@lumiaapp.com or use the Privacy Controls section in the app. We respond to all requests within 30 days.

7. Security

We employ industry-leading security measures: AES-256 encryption at rest, TLS 1.3 for all data in transit, end-to-end encryption for all messages, multi-factor authentication, and continuous penetration testing by independent third parties. Our infrastructure is SOC 2 Type II certified.

No system is perfectly impenetrable. In the event of a breach affecting your data, we will notify you within 72 hours as required by GDPR and applicable laws.

8. Cookies

Our website uses strictly necessary cookies for authentication and security, and optional analytics cookies (with your consent). We do not use advertising, tracking, or third-party profiling cookies. You can manage cookie preferences via your browser settings.

8.1 GDPR (EU/EEA Users)

Our lawful bases for processing are: performance of contract (providing the service), legitimate interests (safety and fraud prevention), legal obligation, and consent (where required). For data transfers outside the EEA, we use Standard Contractual Clauses and/or adequacy decisions.

9. Children's Privacy

Lumia is not directed to children under 17. We do not knowingly collect data from users under 17. If we discover a user is under 17, their account will be terminated and their data deleted. If you believe a child under 17 has registered, please contact safety@lumiaapp.com.

10. Contact Us

For privacy-related inquiries:

• Email: privacy@lumiaapp.com
• Data Controller: Lumia Interactive Ltd., 548 Market St, Suite 92900, San Francisco, CA 94104
• EU Representative: Lumia EU Ltd., 1 Canada Square, London E14 5AB, UK

We are registered with the UK Information Commissioner's Office (ICO) and the Irish Data Protection Commission.