Privacy Policy

Effective date: July 8, 2026

This Privacy Policy explains how Lumeria Labs, Inc. ("Lumeria", "we", "us", or "our") collects, uses, stores, and shares information when you use the Lumeria mobile app and related services (the "Service").

Lumeria is a personal skin- and wellness-tracking app for people optimizing their own skin. It is not a medical device and does not provide medical advice or diagnosis. We have designed the Service so your data stays under your control: on your device, and, if you sign in, in a private account space that only you can access.

Our commitment: your skin data belongs to you

The skincare industry has a data problem. For decades, the record of what is actually happening with your skin, what you've tried, what worked, how your skin has changed over time, has been scattered across brand quizzes, store loyalty programs, and files you never see. Companies collect that information, use it to sell you the next product, and hand almost nothing back. Your data ends up everywhere except in your control.

Lumeria exists to change that. We believe you should own your skin data and the insights that come from it, and that belief shapes how the product is engineered, not just how this policy is worded:

  • Your history stays yours. Your scan history, skin metrics, and lifestyle logs live on your device and, when you sign in, sync to a private space in our encrypted database that row-level security restricts to you alone. Syncing exists so your history can follow you across devices, not so we can look at it: we do not browse your scans or mine your history for marketing.
  • Analysis, not harvesting. When you take a scan, your photo is transmitted securely to our AI vision model for one purpose: to analyze your skin and return your metrics. If you are signed in, your scan photos are also kept in private, access-controlled storage so your history survives a lost phone; they are never pooled into a shared library, used for advertising, or sold.
  • Inference only, ever. Data sent to our AI provider is used solely to generate your result for that request. Per the provider's API terms it is not used to train their models, and we never sell your data or use it for advertising.
  • What we store, we protect. Everything we keep for you (your sign-in details, profile, and synced history) lives in an encrypted database and private media storage protected by row-level security, so your records are accessible only to you.
  • You get the insights, and the exit. You can see your full history, export your reports, and delete everything: on-device data instantly from within the app, and your account with all synced data using the in-app "Delete account" control.

The rest of this policy is the detailed, legally precise version of those commitments.

1. A note on where your data lives

Understanding the three places your data can live is the key to this policy:

  • On your device. The app works fully on-device: your scan photos, skin metrics, voice-note text, lifestyle inputs (sleep, hydration, supplements, products, environment, diet, exercise, stress), and interview answers are stored locally on your device. If you use the app without signing in, this is the only place your data lives.
  • In your private account space (when you sign in). Signing in turns on sync so your history can follow you across devices and survive a lost phone: your scan records and photos, skin metrics, lifestyle inputs (including values synced from Apple Health or location sharing, if you connect them), preferences, Lumi chat history, and saved dermatologist contacts are stored in an encrypted database and private media storage, protected by row-level security so each user can access only their own records. Your sign-in details (email, username, and a securely hashed password) and basic profile (display name and optional avatar) are stored the same way.
  • Sent to our AI provider for inference only. When you capture a scan, your photo is sent securely to our AI provider's vision model to be analyzed, and the resulting skin metrics are returned to your device. Likewise, when you ask for AI recommendations or chat with our in-app guide ("Lumi"), the specific data needed for that request is sent to our AI provider to generate a response. In every case, the data is used only to produce your result, not to train the provider's models (see "AI features and third parties" below).

2. Information you provide

  • Account information: email address, username, and password (the password is hashed by our authentication provider; we never store it in plain text). You may optionally add a display name and avatar.
  • Skin scan data: photos you capture or select, the skin metrics derived from them (such as hydration, evenness, redness, and pigmentation scores), and any voice notes you record (stored as transcribed/entered text).
  • Lifestyle and wellness inputs: information you choose to enter about sleep, water intake, supplements, skincare products, environment and location, diet, exercise, and stress, plus answers to optional in-app interview questions.
  • Connected data (optional, off by default): if you turn these on in Profile, sleep hours and the start date of your most recent period read from Apple Health (iPhone only, read-only), and a city name plus current temperature and humidity resolved from your approximate location. Both feed the same lifestyle fields you could type by hand and are handled exactly like manually entered values.

3. Device permissions

With your permission, the app accesses the following device capabilities. You can grant or revoke these at any time in your device settings.

  • Camera: to capture skin scan photos.
  • Microphone: to record optional voice notes during a scan.
  • Photo library: to let you pick an existing photo for a scan and to save scan reports you export.
  • Apple Health (optional, iPhone only): read-only access to sleep and menstrual-flow data, used solely to fill in your sleep hours and cycle dates automatically. We never write to Apple Health, and you can revoke access at any time in the iPhone Health app (Settings > Privacy & Security > Health).
  • Location (optional): read when you turn on location sharing, and refreshed when you open the app while it stays on, to look up your city and current weather. Coordinates are rounded to roughly 1 km on your device before any lookup, and your precise position is never stored or transmitted.

4. Information collected automatically

Lumeria does not include third-party analytics, advertising, or tracking SDKs, and we do not use cookies for tracking. We do not build advertising profiles about you.

Our infrastructure providers (for authentication, hosting, and AI processing) may generate standard technical logs, such as IP address, request timestamps, and error diagnostics, as a normal part of operating and securing their services. These logs are used for security and reliability, not to track you across other apps or websites.

5. How we use information

  • To provide the core features of the Service, recording scans, computing and showing your metrics and trends, and storing your account.
  • To generate AI recommendations and chat responses when you request them.
  • To authenticate you and keep your account secure.
  • To diagnose problems, maintain reliability, and protect against fraud or abuse.
  • To comply with legal obligations and enforce our Terms of Service.

6. AI features and third parties (sub-processors)

Some features rely on trusted third-party service providers who process data on our behalf. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

  • AI provider (Anthropic), inference only. When you capture a scan, we send your photo to Anthropic's Claude API (a vision model) to analyze your skin and compute your metrics, which are returned to your device. When you request recommendations, we send the relevant scan photo, the scan's metrics, your recent metric trend, and your lifestyle inputs to generate suggestions. When you use Lumi chat, we send a photo-free summary of your scans, metrics, and lifestyle along with your messages. In all cases the data is sent for inference only: Anthropic processes it to return your result and, per its API terms, does not use data submitted through its API to train its models. We do not attach your name, email, or account identifiers to these requests. See Anthropic's privacy policy for details.
  • Authentication, account database, and private media storage (Supabase). Stores your account credentials and profile, and, when you sign in, your synced app data (scan records and photos, lifestyle inputs, preferences, chat history, and saved dermatologist contacts) under row-level security.
  • Reverse geocoding (BigDataCloud), only if you turn on location sharing. We send your coordinates, rounded to roughly 1 km on your device, to BigDataCloud's reverse-geocoding service to resolve your city and region name. No name, email, or account identifier accompanies the request, and we do not store the coordinates.
  • Weather (Open-Meteo), only if you turn on location sharing. The same rounded coordinates are sent to Open-Meteo to fetch the current temperature and humidity for your area, again with no account identifiers attached.
  • Apple Health data, a special note. Values read from Apple Health (sleep hours and cycle dates) become part of your lifestyle inputs and are treated exactly like values you typed: stored on your device, synced to your private account space when you are signed in, and included in the lifestyle context of AI requests you make. We never use Apple Health data for advertising or marketing, never share it with data brokers, and never disclose it to third parties beyond the processing described in this section.
  • Hosting and serverless functions (Vercel). Hosts the web experience and the serverless functions that relay AI requests; your AI API key is held server-side and is never placed in the app.
  • App distribution (Apple App Store / Google Play). When you install or purchase through an app store, that store processes your information under its own privacy policy.

7. How we share information

We share personal information only in these limited circumstances:

  • With the service providers listed above, who may process it only to provide services to us.
  • To comply with the law, a valid legal request, or to protect the rights, safety, and property of you, us, or others.
  • In connection with a merger, acquisition, or sale of assets, in which case we will notify you and any successor will be bound by this policy.
  • With your consent or at your direction (for example, if you export and share a report yourself).

8. Data retention

Data stored on your device remains until you delete it from within the app (for example, using the delete and reset controls in Profile) or uninstall the app.

Account information and synced app data are retained for as long as your account is active. When you delete your account, we delete your account data and synced history (including any scan photos in your private storage), except where we must retain something to meet a legal obligation or resolve disputes.

Data sent to our AI provider for a request is processed to return a response and handled under that provider's retention practices; the only copy of your scan photos we keep is the one in your private account space when you are signed in.

9. Security

We use reasonable technical and organizational measures to protect your information, including encryption in transit (HTTPS), hashed passwords, and access controls (row-level security) that restrict account records so each user can access only their own. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

10. Your privacy rights

Depending on where you live, you may have some or all of the following rights. To exercise them, contact us using the details in the "Contact us" section. We will not discriminate against you for exercising these rights.

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to fix inaccurate or incomplete information.
  • Deletion: ask us to delete your personal information.
  • Portability: receive your information in a portable format.
  • Restriction and objection: ask us to limit or stop certain processing.
  • Withdraw consent: where we rely on consent, withdraw it at any time.

11. European/UK users (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data under the following legal bases: performance of our contract with you (to provide the Service); your consent (for device permissions such as camera and microphone, for the optional connected-data features that read Apple Health data or your approximate location, and for sending data to our AI provider when you capture a scan or request a recommendation or chat response); our legitimate interests (to secure and improve the Service); and compliance with legal obligations. Health-related data you choose to connect is processed only with your explicit consent, which you can withdraw at any time by turning the feature off and revoking access in your device settings.

You have the right to lodge a complaint with your local data protection authority. Where data is transferred outside your region, we rely on appropriate safeguards such as Standard Contractual Clauses.

12. California users (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request deletion or correction, and to not be discriminated against for exercising your rights.

We do not sell your personal information and we do not share it for cross-context behavioral advertising. The categories of information we collect are described in this policy. To make a request, contact us at contact@lumeria.skin.

13. How to delete your data

  • On-device data: use the controls in Profile (for example, "Delete all scan history" and the reset controls) to remove data stored on your device, or uninstall the app to remove all local data.
  • Account and synced data: use "Delete account" in Profile to permanently delete your account and everything synced to it (profile, scans and photos, metrics, preferences, and Lumi chat history), or contact us at contact@lumeria.skin and we will do it for you.

14. Children's privacy

Lumeria is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us personal information, contact us and we will delete it.

15. International users

We are based in the United States and our service providers may process data in the United States and other countries. By using the Service, you understand that your information may be processed in countries whose data-protection laws differ from those of your country.

16. Not medical advice

Lumeria and its AI features provide general wellness and optimization information only. They are not a substitute for professional medical advice, diagnosis, or treatment. AI-generated content is labeled as such in the app. Always consult a qualified dermatologist or other healthcare provider about any medical concern.

17. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice in the app.

18. Contact us

If you have questions or requests about this policy or your data, contact Lumeria Labs, Inc.: