Privacy Policy

Last updated: May 31, 2026

Lumira is a calm, spoiler-free book club. We collect as little as we can, and we never sell your data. This policy explains what we keep and why.

1. Information we collect

• Account — your name, email address, or the identifier from Sign in with Apple / Google. If you register with email, we store a securely hashed password (never the password itself).
• Reading activity — the clubs you join, your current chapter, and the notes and highlights you create. Your chapter is what powers spoiler-free discussion.
• Discussion — comments and replies you post in clubs, and your reactions.
• Approximate location — only if you use “Nearby” to find clubs near you. It is used for that search and is not stored on our servers afterward.
• Diagnostics — basic, non-identifying technical data (e.g. error logs) to keep the service reliable.

2. How we use it

• To run your account and the book clubs you belong to.
• To enforce spoiler-free discussion — showing only comments up to your current chapter.
• To generate reading recommendations and send notifications you’ve enabled.
• To keep the service secure and working.

3. Sign in with Apple & Google

When you use these, we receive a unique identifier and — if you choose to share it — your email and name. We use Apple’s private-relay email when you hide your address. We never receive your Apple or Google password.

4. AI reflection prompts

Lumira generates optional reflection questions for the book and chapter you’re reading. These prompts are produced from the book and chapter only — your private notes, highlights and comments are not sent to generate them.

5. How we share information

We do not sell your personal information. We share it only with infrastructure providers that host the service on our behalf (for example our cloud database and hosting), under agreements that limit them to providing that service, and when required by law.

6. Data retention & deletion

We keep your information for as long as your account is active. You can delete your account at any time from the app, or by emailing privacy@lumira.app. When you do, we delete your personal data, except where we must retain limited records to comply with the law.

7. Security

Traffic is encrypted in transit (HTTPS), passwords are hashed with bcrypt, and access to production data is restricted. No system is perfectly secure, but we work to protect your information.

8. Your rights

Depending on where you live (including under the GDPR and CCPA), you may have the right to access, correct, export or delete your personal data, and to object to certain processing. Contact us to exercise these rights.

9. Children

Lumira is not directed to children under 16, and we do not knowingly collect their data.

10. Changes

We’ll update this page when our practices change and revise the date above. Significant changes will be announced in the app.

11. Contact

Questions? Email privacy@lumira.app.