LumeLume

This document is currently available in English only. We are working on translations for other languages.

Privacy Policy

Last updated: 11/15/2025

Effective date: January 1, 2025

GDPR Compliant
CCPA Compliant
COPPA Compliant

Introduction

ProcessFlow, Inc., doing business as Lume ("Lume," "we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website (lume.gg), and related services (collectively, the "Service").

Important: Lume provides support for gaming addiction recovery. The information you share may be considered sensitive health-related data under various privacy laws. We take extra precautions to protect this information.

Quick Navigation

1. Information We Collect2. How We Use Your Information3. Legal Basis for Processing (GDPR)4. Information Sharing5. Data Retention6. Your Privacy Rights7. Children's Privacy (COPPA)8. California Privacy Rights (CCPA)9. Delaware Residents10. International Data Transfers11. Data Security12. Contact Us

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, username, password (encrypted), date of birth (for age verification)
  • Profile Information: Display name, profile picture, bio (optional)
  • Recovery Data: Sobriety start date, check-in history, personal goals, journal entries
  • Community Content: Posts, comments, messages to peer mentors, reactions
  • Support Requests: Communications with our support team
  • Payment Information: Processed by RevenueCat/Apple/Google (we do not store full credit card numbers)

1.2 Information Automatically Collected

  • Device Information: Device type, operating system, unique device identifiers, mobile network information
  • Usage Data: Features used, session duration, navigation paths, interaction patterns
  • Analytics Data: Collected via PostHog (only with your consent) - See our Cookie Policy
  • Location Data: Approximate location based on IP address (we do not collect precise GPS location)
  • Error and Performance Data: Crash reports, error logs (via Sentry)

1.3 Information from Third Parties

  • Authentication Providers: If you sign in with Apple/Google, we receive basic profile information (name, email)
  • Payment Providers: Transaction confirmations from RevenueCat, Apple App Store, Google Play

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Account management, sobriety tracking, community features, peer mentorship matching
  • Personalization: Customized insights, milestone celebrations, relevant content recommendations
  • Communication: Important notifications, service updates, emergency support resources
  • Improvement and Development: Analyze usage to improve features, develop new functionality, fix bugs
  • Safety and Security: Prevent fraud, enforce community guidelines, protect users from harm
  • Legal Compliance: Comply with applicable laws, respond to legal requests
  • Business Operations: Customer support, payment processing, dispute resolution

4. Information Sharing and Disclosure

We Never Sell Your Personal Information

Your privacy is not for sale. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your information in the following circumstances:

4.1 With Your Consent

  • Community Features: Content you post in forums or share with peer mentors
  • Public Profile: Username, profile picture (if you choose to make them public)

4.2 Service Providers

We work with trusted third-party service providers who process data on our behalf:

Service ProviderPurposeData Shared
SupabaseDatabase hosting, authenticationAll user data
PostHogAnalytics (with consent)Usage data, device info
SentryError trackingError logs, device info
RevenueCatPayment processingSubscription status, user ID
Apple/GoogleApp distribution, paymentsAccount info, purchase data

4.3 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities, including to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the safety of users or the public

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: Data retained while your account is active and for 90 days after deletion (for recovery purposes)
  • Deleted Accounts: Personal data permanently deleted after 90-day grace period
  • Anonymized Analytics: May be retained indefinitely for research and service improvement
  • Legal Requirements: Some data may be retained longer to comply with legal obligations (e.g., financial records for 7 years)
  • Backups: Data in backups will be deleted within 30 days of account deletion

6. Your Privacy Rights

Depending on your location, you have the following rights regarding your personal information:

Access

Request a copy of the personal information we hold about you

Correction

Request correction of inaccurate or incomplete information

Deletion

Request deletion of your account and personal data

Portability

Export your data in a machine-readable format

Opt-Out

Withdraw consent for marketing or analytics

Objection

Object to processing based on legitimate interests

How to Exercise Your Rights

To exercise any of these rights, please contact us at contact@lume.gg or use the in-app privacy settings.

We will respond to your request within 30 days (45 days for complex requests). We may need to verify your identity before processing your request.

7. Children's Privacy (COPPA Compliance)

Age Requirements

  • Minimum Age: You must be at least 13 years old to use Lume
  • Ages 13-17: Parental awareness is required (see Parental Consent section)
  • Under 13: We do not knowingly collect data from children under 13

7.1 Information from Minors (Ages 13-17)

For users aged 13-17, we collect and use information in accordance with COPPA and state-specific laws. We recommend that parents or guardians be aware of their minor child's use of Lume.

7.2 Parental Rights

Parents or legal guardians of users under 18 have the right to:

  • Review the personal information collected from their child
  • Request deletion of their child's account and data
  • Refuse to allow further collection of their child's information
  • Learn about our data practices by reviewing this Privacy Policy

To exercise these rights, please contact us at contact@lume.gg with "Parental Consent" in the subject line and proof of guardianship.

7.3 If We Learn a Child Under 13 Has Registered

If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete that information as quickly as possible. If you believe a child under 13 has registered, please contact us immediately at contact@lume.gg.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

8.1 Categories of Personal Information Collected

CategoryExamplesCollected?
IdentifiersEmail, username, device IDYes
Personal InformationName, contact informationYes
Protected ClassificationsAge, date of birthYes
Commercial InformationPurchase history, subscriptionsYes
Internet ActivityBrowsing history, app usageYes
GeolocationApproximate location (IP-based)Yes
Sensitive Personal InformationHealth data (addiction recovery)Yes
InferencesUser preferences, behavior patternsYes

8.2 Your California Rights

  • Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
  • Right to Delete: Request deletion of personal information (with certain exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out: Opt-out of sale or sharing of personal information (Note: We do not sell your data)
  • Right to Limit Use of Sensitive Information: Limit use of sensitive personal information
  • Right to Non-Discrimination: Exercise your rights without discriminatory treatment

Do Not Sell My Personal Information

We do not sell your personal information. We have not sold personal information in the past 12 months and do not have plans to do so.

To exercise your California privacy rights, email us at contact@lume.gg with "California Privacy Request" in the subject line.

9. Delaware Residents (DPDPA)

If you are a Delaware resident, you have rights under the Delaware Personal Data Privacy Act (DPDPA), effective January 1, 2025:

  • Right to confirm whether we process your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to delete your personal data
  • Right to obtain a copy of your personal data in a portable format
  • Right to opt-out of targeted advertising, sale of personal data, and profiling

To exercise these rights, contact us at contact@lume.gg. We will respond within 45 days.

10. International Data Transfers

Lume is based in the United States. If you access our Service from outside the U.S., please be aware that your information may be transferred to, stored, and processed in the United States and other countries.

For users in the EEA, UK, and Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs): Approved by the European Commission
  • Adequacy Decisions: Where applicable
  • Data Processing Agreements: With all service providers handling EU data

By using Lume, you consent to the transfer of your information to the United States and other jurisdictions as described in this Policy.

11. Data Security

We implement industry-standard security measures to protect your personal information:

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access, multi-factor authentication for staff
  • Regular Audits: Security assessments and penetration testing
  • Monitoring: 24/7 monitoring for suspicious activity
  • Incident Response: Documented procedures for data breaches

Important: No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, contact us immediately at contact@lume.gg with "Security Issue" in the subject line.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated policy on this page
  • Updating the "Last updated" date at the top of this page
  • Sending you an in-app notification or email (for significant changes)

Your continued use of Lume after changes become effective constitutes your acceptance of the revised Privacy Policy.

13. Right to Lodge a Complaint

If you are in the EEA, UK, or Switzerland and believe we have not addressed your privacy concerns satisfactorily, you have the right to lodge a complaint with your local data protection supervisory authority.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ProcessFlow, Inc. (d/b/a Lume)

A Delaware Corporation

Email: contact@lume.gg

Please include a clear subject line (e.g., "Privacy Inquiry", "Parental Consent Request", "Security Issue") to help us route your message appropriately.

Website: https://lume.gg

Registered Agent:

Legalinc Corporate Services Inc.
131 Continental Dr, Suite 305
Newark, DE 19713
United States

Your Privacy is Protected with Lume

Start your recovery journey with confidence knowing your data is secure.

Download Lume
Privacy Policy - Lume