Legal

Privacy Policy

Last updated: May 7, 2026

At Lumy ("we", "us", "our"), we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

1. Information We Collect

Information you provide

  • Account information: name, email address when you create an account.
  • Financial data: expenses, budgets, savings goals, and other financial information you enter into the app. This data is stored on your device and synced only if you opt in.
  • Contact information: when you reach out via our contact form or email.

Information collected automatically

  • Device type, operating system, and app version.
  • Usage data such as features used, session duration, and crash reports.
  • IP address and approximate location (country-level only).

2. How We Use Your Information

  • To provide and maintain the Service.
  • To personalize your experience and deliver AI-powered insights.
  • To process your transactions and manage your account.
  • To communicate with you about updates, security alerts, and support.
  • To improve our app based on aggregated, anonymized usage patterns.

3. Data Storage & Security

Lumy is designed with a privacy-first, offline-first architecture. Your financial data is stored locally on your device by default. If you enable cloud sync, data is encrypted in transit and at rest by our infrastructure provider (Supabase Inc.).

We do not sell, trade, or rent your personal information to third parties. We do not connect to your bank accounts or access your banking credentials.

4. Family Sharing

If you use the family sharing feature, financial data is shared only with family members you explicitly invite. Each family member controls their own data visibility settings.

5. Service Providers (Processors)

We use the following service providers (processors) to operate Lumy. Each processes only the data necessary to deliver their service and is bound by a Data Processing Agreement.

  • Supabase Inc. database, authentication, and edge functions. Hosted in the United States. Acts as a processor; data is processed under Standard Contractual Clauses. See https://supabase.com/privacy.
  • RevenueCat Inc. subscription and in-app purchase management. See https://www.revenuecat.com/privacy.
  • Groq Inc. AI inference (primary). Used to power conversational and analytical features. See https://groq.com/privacy-policy.
  • OpenRouter AI inference (fallback). See https://openrouter.ai/privacy.
  • Apple Inc. & Google LLC payments and Sign-in providers. Each has its own privacy policy.

These services have their own privacy policies. We encourage you to review them.

6. International Data Transfers

Lumy uses service providers located in the United States, including Supabase Inc. (our database and infrastructure provider). When you use Lumy from the European Economic Area, the United Kingdom, or Switzerland, your personal data is transferred to and stored in the United States.

We rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for these transfers, as incorporated in our Data Processing Addendum with Supabase Inc. The UK addendum to the SCCs, approved by the UK Information Commissioner's Office, applies to transfers from the United Kingdom.

You may request a copy of the SCCs that apply to your data by emailing [email protected]. We will respond within 30 days.

7. Your Rights

You have the right to:

  • Access, update, or delete your personal data at any time.
  • Export your data in a standard format.
  • Adjust your browser's Do Not Track signal — we honor it for analytics.
  • Request a copy of all data we hold about you.

8. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can remove it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].