Lumi Join waitlist

Privacy Policy

Effective: 2026-05-10 · Last updated: 2026-05-10

Hi. This page tells you what information Lumi has about you, what we do with it, and how to take it back. We've written it like a normal person would — not a lawyer. If something here is unclear, please tell us.

Lumi is built and operated by Bishwas Khanal, an independent developer in Nepal. When this page says "we," "us," or "our," that's who we mean.

1. What this covers

This policy is about people who use the Lumi mobile app or visit our website. It is not about other services you connect to Lumi (like Gmail or Google Calendar) — those have their own privacy policies, and you should read them too.

2. What Lumi knows about you

When you sign up

You sign in with Google. We get your email address, your name, your profile picture, and a Google account ID from Google. That's it. We use this to set up your account and recognise you next time.

What you tell Lumi (and what it remembers)

Lumi stores:

  • The chat messages you send (text and the words from your voice messages).
  • Files and photos you upload.
  • Reminders and tasks you make.
  • Profile info you give it ("I'm a vegetarian," "I prefer evenings").
  • Memories. Lumi forms small notes about you over time — things like your routine, names of people who matter to you, what you tend to put off. Every memory is visible in the app. You can edit or delete any of them.

Your voice

If you talk to Lumi, the audio goes to our server, gets turned into text, and is then thrown away. Your voice recording is not saved — only the text it became.

Pro users can enrol their voice for cloning (so Lumi can speak in something like your voice) or for recognition on shared devices. We store a mathematical fingerprint of your voice — not the audio. You can delete the fingerprint any time in Settings.

Notifications you choose to share

Lumi can read the notifications you allow it to (a flight change, a delivery, an email subject) and turn them into useful reminders. This is off by default. When you turn it on:

  • You pick which apps Lumi can listen to. Lumi never sees the rest.
  • We send the notification's title and body text (yes, the actual content), the app it came from, and a timestamp. Our server decides whether to make a reminder out of it.
  • You can turn this off any time from your phone's system settings, with no questions asked.

Connected services (Pro only)

If you connect Gmail, Calendar, Drive, or Google Tasks (Pro feature), Google gives our server a token that lets us call those services for you. The token is encrypted in our database. We never see your password. You can disconnect any service in one tap; we delete the token immediately and revoke it at Google.

Stuff your phone tells us about itself

To keep the service working and safe, we collect some technical info:

  • An ID we make for your install (not the one used by ad networks).
  • Your app version, OS version, and phone model.
  • The IP address of API requests (we delete these from logs after 30 days).
  • A check from Google Play Integrity that your app is the real one running on a real Android phone.
  • A list of your active sign-ins (when, what device, roughly where) so you can see what's logged in and kick out anything you don't recognise.

Push notifications

With your permission, we keep the token your phone gives Firebase Cloud Messaging so we can send reminders. The token rotates by itself and doesn't identify you on its own.

Crash reports

If the app crashes on a release build, Firebase Crashlytics sends us the crash details so we can fix the bug. We never include your messages, photos, or memories in crash reports.

What Lumi never collects

  • Your contacts, photos, SMS, or call logs (we don't even ask).
  • Your live location.
  • What websites you visit outside Lumi.
  • Fingerprints, face data, or anything biometric.
  • Advertising IDs. Lumi doesn't run ads.

3. What we do with all this

We use your information to:

  • Make Lumi work. Run your messages, generate replies, fire your reminders, transcribe your voice, speak back.
  • Make Lumi feel like Lumi. Use your memories and profile so the AI sounds like it knows you, not a stranger.
  • Keep your account secure. Log you in, watch for break-in attempts, kick out stolen sessions.
  • Do the things you ask connected services to do. If you say "email Sarah," we email Sarah. We don't poke around in your inbox otherwise.
  • Fix bugs. From crash reports and anonymous usage stats.
  • Talk to you when needed. Account notices and (only if you opt in) the occasional product update.

We do not sell your data. We do not train any AI model on your messages, your voice, or your memories. Not ours, not anyone's.

4. Where your data lives

Lumi runs on servers we operate ourselves. Servers are physically located in Nepal, where Bishwas is. Some pieces of the operation use Google's services (sign-in, push notifications, crash reporting, the Google APIs you've connected) — those run wherever Google runs them, which can be anywhere in the world. Google's policy covers what they do with your data: policies.google.com/privacy.

Honest about shared infrastructure: on the paid and free tiers, your data lives on the same servers as everyone else's. It is walled off — your account can only see your own stuff — but it's still our hardware. If you want it on hardware you own, the whole thing is open source and you can self-host it. Self-hosters don't have us in the picture at all.

5. Who else can see your data

  • You. Through the app, you can see every memory, every message, every file, and every connected service.
  • Bishwas Khanal (the operator), only when needed for support, debugging a problem you reported, or investigating abuse. We log every time someone on our end opens an account.
  • Service providers who help us run things — Google (for sign-in, push, crash reports, optional Gmail/Calendar/Drive), and our hosting and DNS providers. They have to use your data only to do the job we hired them to do.
  • Authorities, only when we are legally required (a valid court order under Nepali law). We push back where we can, give them only what they're entitled to, and tell you about it unless we are legally forbidden.

6. How long we keep things

  • Your account and what's in it: as long as your account exists.
  • Memory window: Free users keep 90 days of memories — older ones get auto-pruned. Pro users keep memories indefinitely. You can delete any memory at any time on either tier.
  • If you delete your account: 30 days to change your mind, then it's permanently gone (more on this below).
  • Server logs (IP addresses, request paths): 30 days.
  • Security records (login attempts, alerts): 90 days.
  • Crash reports: 90 days (Firebase's default).

7. Things you can do

In the app, right now

  • See, edit, or delete any memory Lumi has about you.
  • Delete any single message, conversation, or uploaded file.
  • Disconnect any Google service in one tap.
  • Turn off voice match or notification listening at any time.
  • Sign out of every device at once ("Logout all").
  • Delete your account (see below).

Deleting your account

Settings → Delete account. You get a 30-day grace window — sign in again during that time and the account comes back, untouched. After 30 days, your account, conversations, memories, files, photos, voice fingerprint, and connected-service tokens are deleted from our active storage. Backups are rotated within 60 days, so within 90 days of you asking, you're out of every system we run.

Getting a copy of your data

Email us via the contact form and ask for an export. We'll send you a machine-readable file (JSON + media) within 30 days, free.

Other rights you might have

Where you live affects what rights you have over your data — to see it, correct it, restrict how it's used, take it elsewhere, or object to it being processed. To use any of these, ask via the contact form. We'll respond within 30 days.

8. Children

Lumi is not for children under 13, and we do not knowingly collect information from anyone under 13. If you're a parent or guardian and think your child has signed up, tell us via the contact form and we'll delete the account. If you're 13 to 18, please use Lumi only with a parent or guardian's involvement.

9. Security — what we actually do

Honest version, not the marketing one:

  • When data moves: everything between your phone and our server uses HTTPS (TLS 1.2 or higher). The mobile app pins the certificate, so a hijacked Wi-Fi can't read the traffic.
  • When data sits in the database: sensitive fields (refresh tokens, connected-service credentials) are encrypted at the application layer. Other content is protected by access controls but not separately encrypted.
  • On your phone: your sign-in tokens live in Android's hardware-backed Keystore where available, so even root access on your phone shouldn't extract them.
  • Sensitive actions (deleting your account, managing devices) require you to re-authenticate so a stolen unlocked phone can't do them.
  • Anomaly detection watches for brute-force sign-in attempts and suspicious refresh-token use, and kills the affected sessions automatically.

No system is unbreakable. If something does go wrong, we'll tell every affected user within 72 hours of figuring out what happened.

10. Changes to this page

We update this page when Lumi changes. If we make a meaningful change, we'll tell you in the app and by email at least 14 days before it takes effect. The date at the top is when we last touched it.

11. Talk to us

Questions about your data, your account, or this page —
Bishwas Khanal
Nepal
Use the contact form. A real person reads every message.