Luma app icon
Luma Privacy Policy

Privacy Policy

Last updated: March 27, 2026
App: Luma (com.cryonexcorp.luma)
Website: https://luma-app.space
Contact: support@luma-app.space
Operator jurisdiction: Ukraine

This Privacy Policy explains how Luma collects, uses, stores, shares, and protects information when you use the Luma mobile application and related services.

1. Scope

This Policy applies to the Luma Android app, its cloud-backed features, AI processing flows, optional rewarded advertising, optional subscription features, and support or legal communication related to the app.

2. Information we collect

2.1 Account and profile data

  • email address and Firebase Authentication account metadata
  • sign-in provider information such as email or Google Sign-In
  • first name, last name, age-confirmation status, gender selection, profile image
  • language, timezone, notification settings, and personalization choices
  • selected AI personality and Pro or tariff status

2.2 Content users create

  • chat messages and recent conversation context
  • voice-call transcripts or speech-derived text where voice features are used
  • organizer events, notes, plans, dictionaries, memories, and growth workspaces
  • custom AI personalities, feedback, support tickets, bug reports, and feature requests
  • images users attach to chat or profile flows

2.3 Billing, rewards, and verification records

  • Google Play subscription product identifiers, purchase tokens, token hashes, and expiry states
  • purchase verification records and subscription history metadata
  • Luma Coin balances, redemptions, and purchase history
  • rewarded ad verification records, response identifiers, reward statuses, timestamps, and anti-fraud metadata

We do not receive or store full payment card numbers. Payments are processed by Google Play.

2.4 Device, app, and security information

  • Firebase Cloud Messaging token for push notifications
  • app integrity signals such as Firebase App Check or Google Play Integrity results
  • request metadata and security logs generated by Google Cloud and related infrastructure
  • an app-scoped installation identifier stored locally for anti-abuse, reward verification, and limit enforcement
  • basic encrypted local cache used for app continuity and performance

Luma does not receive or store raw fingerprint templates, face templates, or similar biometric templates. Biometric matching is handled by the device or operating system.

3. How we use information

  • create and secure user accounts
  • provide chat, organizer, planner, dictionary, memory, and Growth Hub features
  • process AI requests through our backend and cloud AI providers
  • apply personalization and AI personality settings
  • deliver notifications and reminder flows selected by the user
  • verify subscriptions and maintain Pro access
  • verify rewarded ads, credit rewards, and prevent abuse or duplicate rewards
  • debug, maintain, improve, and secure the app
  • respond to support, deletion, and legal requests

4. When information may be shared

We do not sell personal or sensitive user data for money.

We may share information with service providers and platforms needed to operate Luma, including:

  • Google Firebase and Google Cloud, including Firestore, Cloud Functions, Storage, App Check, and Messaging
  • Google Cloud Vertex AI for AI generation or moderation workflows
  • Google Play and Google Play Billing for subscription purchases and verification
  • Google Sign-In if the user chooses that sign-in method
  • Google AdMob and related Google systems for optional rewarded advertising
  • Resend for verification and password reset emails
  • regulators, authorities, advisers, or successors where legally required or operationally necessary

5. AI processing

When users send chat prompts, use voice interactions, attach images, work in Growth Hub, or ask Luma to create structured content, relevant information may be transmitted to Luma's backend and cloud AI services so the feature can function.

AI output may be inaccurate, incomplete, outdated, or unsuitable for high-risk decisions, even when it sounds confident. Users are responsible for reviewing AI output before acting on it.

6. Ads, ad-request data, and reward verification

Luma includes optional rewarded ads. If a user chooses to watch one, Google AdMob and related Google systems may process ad-request, device, diagnostic, measurement, and advertising-related information according to Google's own policies.

For rewarded ads, Luma also stores and processes reward-verification metadata needed to:

  • validate that a reward callback is legitimate
  • prevent duplicate rewards or reward fraud
  • apply per-user and per-install anti-abuse limits
  • credit the correct reward outcome

This reward-verification metadata may include app-scoped installation identifiers, pseudonymous user linkage, reward callback identifiers, ad verification timestamps, and anti-fraud signals used by our backend.

7. Local storage and sync

Some content remains locally on the device by default. Selected features may also sync data to cloud storage or cloud-backed databases when the user chooses to use those flows.

8. Retention and deletion

We retain data for as long as reasonably necessary to operate, secure, and support the app, comply with law, prevent abuse, resolve disputes, and maintain billing or reward integrity.

  • account and user content are generally retained while the account is active
  • verification codes are short-lived and expire automatically
  • reward and anti-fraud records may be retained for operational or dispute windows
  • purchase and subscription verification records may be kept for billing, tax, fraud prevention, and compliance
  • limited pseudonymous anti-abuse records may remain when necessary to protect the service

If a user deletes an account, we generally delete or de-identify the associated app-account data unless some categories must be retained for fraud prevention, billing, legal compliance, dispute handling, or service security.

9. User choices and rights

Depending on the user's location and applicable law, there may be rights to access, correct, delete, restrict, or object to certain processing, or to lodge a complaint with a supervisory authority.

Users can already manage or delete parts of their content directly in the app. For broader requests or deletion issues, contact support.

10. Children

Luma is not intended for children under 13, or a higher age where local law requires parental consent. If a child is believed to have provided data in violation of this rule, contact us and we will review the case.

11. Security

We use reasonable safeguards such as authenticated access controls, HTTPS/TLS, server-side validation, App Check, anti-abuse controls, and encrypted local storage where supported. No service can guarantee absolute security.

12. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes may be reflected in the app, on the website, or through another appropriate channel.

13. Contact

For privacy questions, account deletion requests, or data-related requests, contact:
support@luma-app.space
https://luma-app.space