Lumify – Privacy Policy
Effective date: 13/11/2025
This Privacy Policy explains how we collect, use, and protect your personal data when you use the Lumify mobile application and related services.
Lumify is designed to help you express your thoughts, track your emotions, and reflect on your wellbeing. It is not a medical device, does not provide medical diagnosis or treatment, and is not a replacement for professional healthcare or emergency services.
By using Lumify, you agree to this Privacy Policy.
1. Who we are (Data Controller)
The data controller for Lumify is:
Gregoire Girard
Entrepreneur individuel – Micro-entreprise
SIREN: 949 332 993
SIRET (siège): 949 332 993 00029
TVA intracommunautaire: FR33 949332993
Address: Villeneuve-d’Ascq, France
Email:
[email protected]
In this document, “we”, “our” and “us” refer to the Lumify app operated by this business.
2. Scope of this Policy
This Privacy Policy applies to:
• The Lumify mobile app (“App”)
• Any related websites, pages, or online services we operate (collectively, the “Services”)
It does not apply to third-party apps, websites, or services you may access via links or integrations from Lumify. Those are governed by their own policies.
3. Lumify is Not a Medical App
Lumify is a self-reflection and journaling tool. It is meant to help you:
• Express what you feel
• Understand emotional patterns over time
• Reflect on your thoughts, habits, and triggers
Important:
• Lumify does not provide medical, psychiatric, or psychological diagnosis or treatment.
• Lumify is not a medical device and is not intended to treat, cure, or prevent any disease.
• Lumify does not replace a doctor, psychologist, psychiatrist, coach, or therapist.
• Lumify does not provide crisis or emergency support.
If you feel in danger, are thinking about self-harm, or believe you need urgent help, you must contact emergency services or a qualified professional in your country immediately.
4. Personal Data We Collect
The data we collect depends on how you use Lumify and your device settings.
4.1 Data you provide directly
• Display name or username
• Journal & emotional data
• Text entries you write (journals, notes, reflections)
• Voice entries you record (audio, and possibly transcriptions if we process them)
• Mood logs, emotional states, tags, categories, or ratings you choose
• Any other content you voluntarily enter (thoughts, goals, triggers, habits, etc.)
• Subscription & purchase information
• Subscription type (weekly $4.99, monthly $14.99, yearly $49.99)
• Purchase date, renewal status, and basic transaction metadata from App Store / Google Play
• We do not store your full payment card data; payments are processed by the app stores.
• Support & communication
• Content of emails or messages you send us (e.g. support requests)
• Your email address and any information you voluntarily include
4.2 Data collected automatically
When you use Lumify, we may automatically collect:
• Device and technical data
• Device model, OS version, language, time zone
• App version, crash logs, performance metrics
• Usage data
• Screens you visit, buttons you tap, features you use
• Session duration, frequency of use
• Approximate timestamps of entries (e.g. “you logged a mood on this date”)
This information helps us understand how Lumify is used and improve the app.
4.3 Data from third parties
We may receive:
• Technical and aggregated analytics from third-party tools (e.g. crash reporting, usage stats)
• Aggregated purchase/transaction info from app stores for subscription management
We do not buy personal data from data brokers.
5. Why We Use Your Data (Purposes and Legal Bases)
Under the GDPR, we must explain the purposes and legal bases for processing your data.
5.1 To provide and operate Lumify (performance of a contract)
We process your data to:
• Create and manage your account
• Store your journal entries, moods, and reflections
• Generate insights, trends, and summaries based on your data
• Sync your data across devices (if you log in)
• Handle in-app purchases and subscriptions
• Provide customer support
Legal basis: Art. 6(1)(b) GDPR
5.2 To improve Lumify and ensure security (legitimate interests)
We may use your data to:
• Monitor app performance and fix bugs or crashes
• Improve features, UX, and stability
• Prevent abuse, fraud, or misuse
• Protect our systems and infrastructure
Legal basis: Art. 6(1)(f) GDPR – legitimate interests (running, securing, and improving the service).
We do this in a way that respects your rights and minimizes risk (aggregation, pseudonymization where possible).
5.3 Anonymised and aggregated data
We may use your data in an anonymised or aggregated form (no individual identification) for:
• Statistics and analytics
• Improving algorithms and features
• Business reporting
Once data is properly anonymised, it is no longer “personal data” under GDPR.
6. How We Share Your Data
We do not sell your personal data.
We only share your data with:
6.1 Service providers (processors)
We may use third-party providers to help us operate Lumify, for example:
• Cloud hosting and storage
• Analytics and crash reporting
• Email delivery
• Payment/subscription processing (via Apple/Google)
These providers process your data only on our instructions, under data processing agreements, and only for the purposes described in this policy.
6.2 App stores and payment platforms
When you subscribe, Apple App Store or Google Play process your payment.
They act as independent controllers for payment data under their own terms and privacy policies.
6.3 Legal and safety reasons
We may disclose data if we reasonably believe it is necessary to:
• Comply with a law, regulation, or legal request
• Protect our rights, property, or safety
• Protect users or the public from harm or fraud
6.4 Business changes
If we ever change structure (e.g. transfer the app to another entity), user data may be transferred as part of that transaction, but always under conditions that respect this Privacy Policy and applicable laws.
We do not share your journal content with advertisers or use your intimate reflections to build advertising profiles.
7. International Data Transfers
Your data may be stored and processed on servers located inside or outside the European Economic Area (EEA), depending on our service providers (for example, cloud providers).
When we transfer personal data outside the EEA:
• We use appropriate safeguards, such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms required by EU law.
• We require our providers to protect your data to a level essentially equivalent to EU standards.
8. Data Retention
We keep your data only for as long as necessary for the purposes described above, in particular:
• As long as you have an active account
• As long as necessary to provide you with the Services
• As long as necessary to comply with legal obligations (e.g. accounting records) or resolve disputes
You can:
• Delete entries inside the app (where functionality is available)
• Request deletion of your account and associated personal data (see Section 10)
Once deletion is confirmed, we will remove or irreversibly anonymise your personal data, except where we are legally required or legitimately allowed to keep some of it (e.g. billing records).
9. Data Security
We implement technical and organisational measures designed to protect your data against:
• Loss
• Misuse
• Unauthorized access
• Disclosure
• Alteration or destruction
However, no system is 100% secure. You are responsible for:
• Keeping your device secure
• Using a strong password or secure login methods
• Not sharing your account with others
If you believe your account or data has been compromised, contact us at
[email protected]
10. Your Rights (GDPR / EU)
If you are in the EU/EEA or the UK, you have the following rights regarding your personal data:
• Right of access
You can ask if we process your data and request a copy.
• Right to rectification
You can ask us to correct inaccurate or incomplete data.
• Right to erasure (“right to be forgotten”)
You can ask us to delete your personal data, in particular when it is no longer needed or you withdraw consent (where applicable), subject to legal obligations to retain some data.
• Right to restriction of processing
You can ask us to temporarily limit the use of your data in certain situations.
• Right to data portability
You can request your data in a structured, commonly used, machine-readable format and ask us to transfer it to another controller where technically possible.
• Right to object
You can object to processing based on our legitimate interests (including certain analytics or communications). We will stop processing unless we have compelling legitimate grounds that override your interests or we must keep processing for legal reasons.
• Right to withdraw consent
Where processing is based on your consent, you can withdraw it at any time. This doesn’t affect past processing but stops future processing based on that consent.
To exercise any right, contact:
[email protected]
We may ask you to verify your identity before acting on your request.
11. Children’s Privacy
Lumify is not intended for children under 16 years old.
• We do not knowingly collect personal data from children under 16.
• If we learn that we have collected data from a child under 16 without proper consent, we will delete it.
If you believe a child has used Lumify and provided data, contact us at
[email protected].
12. Cookies and Similar Technologies
If we operate a website or web version of Lumify, we may use:
• Cookies
• Analytics scripts
• Similar technologies
Purposes may include:
• Basic site/app functionality
• Security
• Analytics and performance
Where legally required, we will request your consent for non-essential cookies and provide options to manage your preferences.
13. Changes to this Policy
We may update this Privacy Policy from time to time, for example if:
• We add or change features in Lumify
• Our processing changes
• Laws or regulations change
If we make material changes, we will:
• Update the “Effective date” at the top
• Inform you in the app or by email where appropriate
Your continued use of Lumify after updates means you accept the revised policy.
14. Contact
For any questions, requests, or concerns about this Privacy Policy or your data:
Email:
[email protected]
Postal address:
Gregoire Girard
Villeneuve-d’Ascq
France