Privacy Policy

Effective date: May 23, 2026

1. Introduction

LumAlma is a wellness companion app helping you track moods, journal, and take care of your emotional health. We respect your privacy and keep data collection minimal. This policy explains what we collect, how we use it, and your rights.

2. Data we collect

• Account (Contact Info): email address, password hash, display name, birth date (optional), gender (optional). Birth date and gender are used to tune the AI companion's tone.
• Avatar photos (User Content → Photos): optional. You may upload an avatar from your camera or photo library. The image is stored on our server, linked to your account, never shared with third parties, and never analyzed by AI. You may remove or replace it at any time.
• Voice recordings (User Content → Audio Data): optional, when using voice input in the journal. The recording is transmitted to our server, transcribed via a local faster-whisper model, and immediately deleted — we do not store raw audio. Only the transcribed text remains.
• Wellness content (Sensitive Info / Other User Content): mood entries, journal entries, dream descriptions, AI-generated reflections and dream interpretations. May contain sensitive mental health information. Used only for in-app personalization, never shared with third parties.
• Location (Precise Location): optional. If you enable weather insights or grant geolocation, we store your city name, country code, coordinates (lat/lon, ~1 meter precision), and timezone. Used to fetch weather and the geomagnetic activity index (Kp) — these signals help the companion adjust its tone. Location, weather and geomagnetic alerts can be disabled independently in Settings. We do not track location in the background.
• Identifiers:
  • Internal User ID (UUID, not Apple ID, not IDFA)
  • Apple ID sub — when signing in with Apple, for account identification
  • Apple refresh token — stored to allow us to revoke the Apple connection when you delete your account (Apple App Store Guideline 5.1.1(v))
  • Device ID — APNs push token and a local device identifier for sending notifications to your device
  • Purchases — Apple transaction ID and subscription status in our DB to verify access to premium features. Payment details (card numbers, banking info) are never received — all handled by Apple StoreKit.
• Diagnostics (Crash Data): when the app crashes we receive an anonymized error report (stack trace, iOS version, device model) via our self-hosted Bugsink service. PII (email, journal text, tokens) is redacted before sending. Used only to fix bugs.

3. How we use your data

• Provide and personalize wellness features (insights, AI reflections, dream interpretation).
• Send notifications you opt-in to (mood reminders, weekly reports).
• Process subscription verification through Apple In-App Purchase (StoreKit 2 + App Store Server API).
• Improve the app via anonymized error reports (Bugsink on our infrastructure).

We do not sell your data. We do not share it with advertisers or data brokers. We do not use third-party analytics SDKs (no Firebase, Mixpanel, Amplitude, etc.). We do not request IDFA (no App Tracking Transparency prompt).

4. AI features

For dream interpretation, journal reflections and personal insights, your text is sent to our self-hosted language model (Ollama gemma3 on private Hetzner infrastructure in Germany). It is processed in real time and is not retained beyond the response. We do not use your content to train third-party models. No third-party AI services (OpenAI, Anthropic, Google) receive your text.

5. Apple Sign In

If you sign in with Apple, we receive the Apple ID identifier (sub) and, optionally, an email or relay address you choose to share. We also store an Apple refresh token to allow us to revoke the Apple connection when you delete your account (Apple App Store Guideline 5.1.1(v)).

6. Subscriptions

Subscriptions are billed through your Apple ID. We use our own integration with the App Store Server API V2 (without intermediaries such as RevenueCat) — the client sends an Apple-signed JWS, our server verifies the signature via Apple Root CA certificates, and stores the subscription record. Payment details (card, banking) are stored by Apple — we never receive or store them.

7. Your rights

• Access: view your data in the app at any time.
• Export: Settings → Data → Export — full JSON of your moods and journal.
• Delete: Settings → Delete account — irreversibly removes all your data.
• Withdraw consent: disable notifications, location, or AI features in Settings.

8. Security

Passwords are hashed with bcrypt. Traffic uses HTTPS (HTTP/2 and HTTP/3 via QUIC). JWT tokens for sessions. We never log raw passwords or full credit card numbers.

9. Children

LumAlma is intended for users 13 years and older. We do not knowingly collect data from children under 13. If you believe a child has provided personal data, contact us and we will delete the account.

10. Not a medical service

LumAlma is a wellness and self-awareness companion, not a medical device. It does not diagnose, treat, or cure any condition. If you experience emotional distress, please contact a qualified mental health professional.

11. Contact

Questions or requests: [email protected]

12. Changes

We will notify you about material changes via the app or by email. Continued use after the effective date constitutes acceptance of the updated policy.

Русская версия