Privacy Policy for Luma
Last Updated: 28 May 2025
1. Introduction
Welcome to Luma (“we,” “our,” or “us”). We are committed to protecting your privacy and handling your personal data with transparency and care.
This Privacy Policy explains how we collect, use, share, and protect your information when you use our mobile application Luma (the “App”), available on the Apple App Store.
2. Information We Collect
2.1 Information Stored on Our Servers
We collect the following information on our secure servers:
– Account information (email address, first name)
– Authentication and session data
– AI token usage data (for cost management and service optimisation)
– App usage analytics (only if you consent)
– Error logs and crash reports (anonymised)
2.2 Information Stored in Your Personal iCloud Account
The following sensitive information is stored in your personal iCloud account and never transmitted to our servers:
– Daily alcohol consumption data and drinking patterns
– Mood, stress levels, energy, and sleep quality ratings
– Personal goals and progress tracking
– Journal entries and personal reflections
– Task completion and habit tracking data
– Check-in responses and questionnaire answers
– Personal preferences and app settings
2.3 Information Processed but Not Stored
When you use our AI coaching feature:
– Your messages and relevant context are sent to OpenAI for processing
– This data is processed in real-time to generate responses
– We do not store conversation content on our servers
– OpenAI may retain data according to their privacy policy
2.4 Automatically Collected Information
We automatically collect:
– Device information (device type, operating system version)
– App usage patterns (screens visited, features used, preferences)
– Performance data (app crashes, loading times)
– Login events and session duration
3. How We Use Your Information
We use your information to:
– Provide and improve our services
– Personalise your experience
– Create your custom alcohol reduction or abstinence plan
– Generate AI coaching responses relevant to your situation
– Monitor trends and analyse usage patterns
– Ensure the security of our services
– Communicate with you about your account
4. Your Consent and Choices
4.1 Privacy Choices
We respect your privacy choices:
– Essential data processing is required for app functionality
– Analytics data collection requires your explicit consent
– You can withdraw analytics consent at any time in Settings
– Withdrawing consent doesn’t affect data processed before withdrawal
– Some features may be limited without certain data processing.
4.2 iCloud Storage Requirements
5. Data Storage and Security
Your data is stored using AWS Amplify and Amazon Web Services (AWS). Your personal health data is stored in your iCloud account using Apple’s CloudKit service. We implement industry-standard security measures including:
– Encryption of sensitive data
– Secure authentication processes
– Regular security assessments
– Access controls for our personnel
Apple’s iCloud provides additional security through:
– End-to-end encryption for your personal data
– Secure sync across your Apple devices
– Protection through your Apple ID and device authentication
6. Data Sharing and Third Parties
6.1 Service Providers
We share data with the following service providers:
– AWS for hosting and storage
– OpenAI for AI coaching features
– Firebase analytics providers for app usage analysis (if you consent)
We never share your iCloud data with third parties – this data remains in your personal iCloud account and is only accessible through the app on your devices.
6.2 OpenAI Processing
When you interact with our AI coach:
– Your messages and relevant context are sent to OpenAI’s API
– We include necessary context (mood, drinking patterns) for personalised responses
– Your full identity and contact details are never shared with OpenAI
– We maintain a secure API connection with OpenAI using AWS
– OpenAI may retain data according to their privacy policy
– AI conversations are processed in real-time and not stored long-term in our systems
6.3 Legal Requirements
We may disclose your information if required by law, legal process, or to protect our rights or the safety of others.
7. Your Rights Under GDPR
If you are in the European Economic Area (EEA), you have these rights:
– Access your personal data
– Correct inaccurate data
– Delete your data (“right to be forgotten”)
– Restrict or object to processing
– Data portability
– Withdraw consent
– Lodge a complaint with a supervisory authority
To exercise these rights, contact us at abigail@bighouseventures.co.
8. Data Retention and Deletion
8.1. Data Retention
We retain your data for as long as your account is active or as needed to provide services.Your iCloud data is retained according to your iCloud storage settings and Apple’s policies. Upon account deletion:
– Your account information will be removed within 30 days
– Anonymised usage data may be retained for analytical purposes
8.2 Data Deletion
You can delete your account and all associated data at any time through the app settings. When you delete your account through the app:
– Your account information is removed from our servers within 30 days
– Your iCloud data is automatically deleted from your iCloud account
– This deletion is permanent and cannot be undone
– You can also manually delete your iCloud data by disabling iCloud for the app in your device Settings
9. Children’s Privacy
Our App is not intended for children under 16. We do not knowingly collect information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.
10. Changes to Privacy Policy
We may update this Privacy Policy periodically. We will notify you of significant changes through the App or via email.