Privacy Policy

Last Updated: March 7, 2026

Lumiea ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

            Summary: We collect only the data necessary to provide our AI-powered skincare analysis and personalized routine services. Skin photos are temporarily uploaded for analysis and automatically deleted afterward. We do not sell your personal information to third parties.
        

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address - Used for account authentication and communication
Display name - Your chosen name shown in the app
Authentication data - If you sign in with Apple or Google, we receive your name and email from those services

1.2 Skin Analysis Data

To personalize your skincare routine, we collect:

Onboarding responses - Your skin concerns, skin type, goals, and lifestyle factors
Skin photos - Photos you take for AI analysis (temporarily uploaded, automatically deleted after processing)
Analysis results - Skin factors, severity assessments, and personalized recommendations generated by our AI

1.3 Routine & Progress Data

Skincare routine - Your personalized AM/PM routine steps and weekly extras
Daily logs - Which routine steps you've completed each day
Streaks & achievements - Your consistency data, badges, and mission progress

1.4 Subscription Information

Purchase records - Subscription type, transaction ID, and expiration date
Payment processing is handled entirely by Apple's App Store or Google Play. We do not receive or store payment card information.

2. How We Use Your Information

Data Type	Purpose
Account info	Authentication, account management, and customer support
Skin photos	AI-powered skin analysis via GPT-4o Vision; deleted automatically after analysis
Analysis results	Generating personalized skincare routines and tracking skin health
Routine data	Daily routine tracking, streak calculations, and progress monitoring
Subscription info	Managing premium features and subscription status

3. Third-Party Services

We use the following third-party services to operate our app:

3.1 Firebase (Google)

Firebase Authentication - Secure user sign-in and account management
Cloud Firestore - Cloud storage for user profiles, analysis results, and routine data
Cloud Storage - Temporary storage for skin photos during analysis
Cloud Functions - Server-side processing for AI analysis

Firebase Privacy Policy: firebase.google.com/support/privacy

3.2 OpenAI (Third-Party AI Service)

            AI Data Sharing Disclosure: When you use the skin analysis feature, your photos are sent to OpenAI for processing. Before any data is shared, the app asks for your explicit consent.
        

Service provider: OpenAI, L.L.C. (San Francisco, CA, USA)
API used: GPT-4o Vision API
What data is sent: Only your skin photos (image data). No personal information such as your name, email address, account ID, or any other identifying data is included in the request.
Why data is sent: To analyze your skin condition (e.g. dryness, breakouts, pigmentation) and generate personalized skincare recommendations.
How data is protected: Photos are transmitted over encrypted HTTPS connections. OpenAI processes the images in memory and does not store them beyond the duration of the API request.
Data retention by OpenAI: Per OpenAI's API Data Usage Policy, data submitted through the API is not used to train or improve their models. OpenAI retains API inputs for up to 30 days for abuse monitoring, then deletes them.
Data retention by Lumiea: Photos are automatically deleted from our servers (Firebase Cloud Storage) immediately after the analysis is complete. Only the text-based analysis results are retained.
Your consent: The app requests your permission before sending any photos for AI analysis. You may decline, in which case no data is shared with OpenAI.

OpenAI Privacy Policy: openai.com/privacy

OpenAI API Data Usage Policy: openai.com/policies/api-data-usage-policies

3.3 RevenueCat

Manages in-app subscriptions and purchase verification
Receives anonymized user identifiers for subscription management

RevenueCat Privacy Policy: revenuecat.com/privacy

3.4 Apple Services

Sign in with Apple - Authentication service
App Store - In-app purchase and subscription processing

Apple Privacy Policy: apple.com/privacy

3.5 Google Sign-In

Optional authentication method
We receive only your email and display name

Google Privacy Policy: policies.google.com/privacy

4. Photo Processing & Deletion

            Your Privacy Matters: Skin photos you take for analysis are uploaded temporarily to our secure servers (Firebase Cloud Storage), sent to OpenAI's GPT-4o Vision API for analysis, and then automatically deleted from our servers. We do not retain your photos after analysis is complete. Only the text-based analysis results (skin findings and recommendations) are stored to provide your personalized routine. No personal information (name, email, etc.) is included when photos are sent to OpenAI.
        

5. Data Storage & Security

5.1 Cloud Storage (Firebase)

The following data is stored securely in the cloud:

Account information and user profile
Skin analysis results and personalized routines
Daily routine logs and streak data
Badges and mission progress

5.2 Security Measures

All data transmitted to our servers uses SSL/TLS encryption
Firebase provides enterprise-grade security for cloud data
Passwords are never stored in plain text (handled by Firebase Authentication)
Skin photos are automatically deleted after AI analysis

6. Device Permissions

Permission	Purpose
Camera	Take skin photos for AI analysis
Photo Library	Select existing photos for skin analysis

7. Data Retention

Account data - Retained until you delete your account
Skin photos - Automatically deleted after AI analysis is complete
Analysis results & routines - Retained until you delete them or your account
Routine logs - Retained until you delete your account

8. Your Rights & Choices

You have the right to:

Access - View all data we have about you within the app
Delete - Delete your account and all associated data
Export - Request a copy of your data

To exercise these rights, contact us at the email below or use the in-app account settings.

9. Children's Privacy

Lumiea is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States where our service providers (Firebase, OpenAI) operate. These countries may have different data protection laws than your country of residence.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: support@lumiea.app

App: Lumiea

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to know whether personal information is sold or disclosed
Right to say no to the sale of personal information (we do not sell your data)
Right to equal service and price

14. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Right of access to your personal data
Right to rectification of inaccurate data
Right to erasure ("right to be forgotten")
Right to restrict processing
Right to data portability
Right to object to processing