Legal

Privacy Policy

Plain language, no surprises. Here's exactly what we collect and why.

Last updated: June 12, 2026

The short version: we collect only what Lumio needs to work, we encrypt everything, we never sell your data, and you can export or delete it anytime.

1. Information We Collect

When you use Lumio, we collect:

  • Account information — your name, email address, and password (stored as a salted hash).
  • Content you create — tasks, projects, notes, and schedule preferences you add to Lumio.
  • Calendar data — if you connect Google Calendar or Outlook, we read event times to schedule around them. We do not store event contents longer than needed for scheduling.
  • Usage data — feature usage and crash reports, used solely to improve the product.
  • Payment information — handled entirely by our payment processor; we never see or store your card number.

2. How We Use Your Information

  • To provide and operate the Lumio service, including AI scheduling.
  • To sync your data across your devices.
  • To send essential service emails (receipts, security alerts). Marketing emails are opt-in and have one-click unsubscribe.
  • To diagnose problems and improve features, using aggregated or anonymized data.

3. AI Features and Your Data

Lumio's scheduling suggestions are generated from your own tasks, deadlines, and focus patterns. AI models are trained on anonymized, aggregated patterns — never on your identifiable content. Your tasks and notes are not used to train models that serve other users.

4. What We Never Do

  • We never sell your personal data to anyone.
  • We never show you third-party advertising.
  • We never read your content for any purpose other than providing the service.

5. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted, logged, and protected by multi-factor authentication. We undergo periodic independent security reviews.

6. Data Retention and Deletion

Your data is kept for as long as your account is active. You can export all your data in standard formats at any time from Settings. If you delete your account, your data is permanently removed from our systems within 30 days, except where law requires longer retention.

7. Third-Party Services

We use a small number of trusted processors (hosting, payments, email delivery) that are contractually bound to protect your data and use it only to provide their service to us. A current list is available on request.

8. Cookies

We use essential cookies for sign-in and security, and a privacy-friendly analytics tool that does not track you across other websites. We do not use advertising cookies.

9. Your Rights

Depending on your location, you may have rights to access, correct, export, restrict, or delete your personal data. To exercise any of these, email privacy@lumio.app — we respond within 30 days.

10. Children

Lumio is not directed at children under 13 (or the minimum age in your jurisdiction), and we do not knowingly collect their data.

11. Changes to This Policy

If we make material changes, we'll notify you by email and in-app at least 14 days before they take effect.

12. Contact Us

Questions about privacy? Email privacy@lumio.app or write to: Lumio, Level 10, Menara Example, Kuala Lumpur, Malaysia.