Legal

Privacy Policy

Last updated: [Month Year]

At Lumo, privacy is a core principle. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, tools, and services (the “Services”).

1. Information We Collect

We collect only the information necessary to provide and improve the Services.

a) Information You Provide

Depending on how you use Lumo, this may include:

  • Skin type, concerns, preferences, and routine habits
  • Optional written descriptions of your skin
  • Optional photos you choose to upload
  • Email address (if you choose to save or receive routines)

You are not required to upload photos or provide an email address to generate a routine.

b) Automatically Collected Information

When you visit Lumo, we may automatically collect:

  • Device and browser type
  • Pages viewed and interactions
  • Approximate location (country or region level)
  • Referral, analytics, and affiliate tracking data

This information helps us understand usage patterns and improve the platform.

2. How We Use Your Information

We use personal data to:

  • Generate skincare routines and recommendations
  • Personalise your experience
  • Improve recommendation quality and site performance
  • Communicate with you when you request saved or emailed routines
  • Monitor usage trends and optimise content

We do not use personal data for unrelated advertising or resale.

2a. Marketing Communications

We only send marketing emails if you explicitly opt in (for example, by selecting the marketing checkbox when saving a routine).

You can unsubscribe at any time using the link in those emails or by contacting support. Transactional emails you requested (like routine delivery or security notices) are sent regardless of marketing opt-in.

3. AI & Automated Processing

Lumo uses automated systems, including AI models, to generate skincare routines based on user-provided inputs.

Important points:

  • AI outputs are informational only and not medical advice
  • Uploaded photos (if provided) are used solely to inform routine generation
  • Photos are not used for facial recognition, identity verification, or marketing
  • Photos are not sold or shared with third parties
  • Providing photos is optional and always user-controlled

4. Use of Aggregated & Anonymised Data

We may generate aggregated and anonymised insights from how users interact with Lumo.

These insights:

  • Do not identify any individual
  • Cannot reasonably be used to re-identify a person
  • Are derived only after removing personal identifiers

Aggregated insights may be used for:

  • Research and analytics
  • Improving skincare recommendations
  • Understanding ingredient, concern, or routine trends
  • Sharing or licensing insights to third parties, including skincare brands, for market research and product development

We never sell personal data, identifiable user information, or raw user inputs.

5. Affiliate & Analytics Tracking

Lumo participates in affiliate programs. This may involve:

  • Tracking clicks on affiliate links
  • Receiving aggregated conversion data from retailers

Affiliate partners do not receive personal skincare data, photos, or profiles.

We may also use analytics tools to understand site performance and usage behaviour.

6. Cookies & Similar Technologies

Lumo may use cookies or similar technologies to:

  • Enable essential site functionality
  • Analyse usage patterns
  • Support affiliate tracking

You can control cookies through your browser settings. Disabling cookies may affect some features.

7. Data Storage & Security

We implement reasonable technical and organisational measures to protect personal data, including:

  • Secure hosting infrastructure
  • Access controls
  • Encryption where appropriate

No system is completely secure, but we work to minimise risk.

8. Data Retention

We retain personal data only for as long as necessary to: Provide the Services, comply with legal obligations, and improve the platform. You may request deletion of your personal data at any time.

9. Sharing of Information

We do not sell personal data.

We may share limited personal data with:

  • Infrastructure providers (hosting, analytics, email delivery)
  • Service providers necessary to operate Lumo

All partners are required to handle data responsibly and securely.

Regional Privacy Rights

10. United Kingdom & European Union (GDPR)

If you are located in the UK or EU, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (“right to be forgotten”)
  • Restrict or object to processing
  • Request a copy of your data

You may exercise these rights by contacting us.

11. United States (CCPA / CPRA)

If you are a US resident, you have the right to:

  • Know what personal data we collect
  • Request deletion of personal data
  • Opt out of the sale of personal data

Lumo does not sell personal data.

12. Africa & Other Regions

For users in Africa and other regions:

  • We follow internationally recognised privacy principles
  • Local data protection laws may vary by country
  • We aim to provide consistent protections globally

13. Children's Privacy

Lumo is not intended for individuals under the age of 16. We do not knowingly collect personal data from children.

14. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted on this page with a revised date.

15. Contact

If you have questions about this Privacy Policy or your data, contact us at: hello@lumo.skin