Lumo
Private AI chat app
Get(new window)
Lumo by Proton
Last modified: 23rd July 2025

Privacy Policy


By accessing, using and making use of Lumo (the “Services”), you understand that your data in relation with your use of our Services is processed according to the following privacy policy (the "Privacy Policy"). The Privacy Policy states (i) what data we collect through your access and uses of the Services; (ii) the use we make of such data; and (iii) the safeguards put in place to protect your data. The Privacy Policy is to be read and understood as being a complement to our terms and conditions.

1. Legal framework

The Services are operated by Proton AG (the “Company”, “We”), domiciled at route de la Galaise 32, 1228 Plan-les-Ouates, Switzerland. It is therefore governed by the laws and regulations of Switzerland.

2. Data that may be collected using Lumo, and how they may be used

Our overriding policy is to collect as little user information (personal data included) as possible to ensure a private user experience when using the Services.

Data collection is limited to the following:

2.1 Proton data processing activities

In order to provide you with the Services, the Company processes the following data:

2.1.1 Account creation: Your account is linked to an email address you provide at the creation of your account. You can provide an address from a third-party provider or create a Proton Mail address as you create your account for the Services. The legal basis for this processing activity is the execution of a contract.

2.1.2 Account Activity: your inputs are processed by the Services in order to provide outputs. After processing of an input and generation of an output (when you save your chat history within Lumo), the input and output are encrypted with zero-access encryption (meaning we as a provider are not able to decrypt it anymore).

2.1.3 Payment information: If you purchase a Lumo subscription, we rely on third parties to process payments. We do not retain full credit card details, only the last 4 digits of the credit card number. Anonymous cash or Bitcoin payments and donations are accepted. We may use your account data for payment-related matters, including but not limited to sending you emails, invoices, receipts, notices of delinquency, and alerts to update payment information. The legal basis of these processing activities is the necessity to the execution of the contract to provide the Services. In order to respect the principle of data minimisation, we reserve our right to remove payment information from our systems that is no longer valid, without notice.

2.1.4 Native applications: When you use our native applications, we (or the mobile app platform providers) may collect certain information. We may use mobile analytics software, app statistics and crash reporting, Play Store app statistics, App Store app statistics, or self-hosted Sentry crash reporting) to send crash information to our developers in order to rapidly fix bugs. Some platforms, such as Google's Play Store or Apple's App Store may also collect aggregate, anonymous statistics, which may be governed by their respective privacy policies and Terms of Service. Such statistics can include most commonly used devices and operating systems, total number of installs and uninstalls, and the total number of active users.

Our applications do not access or track any location-based information from your device.

2.2 Potential applicability of Proton AG's Privacy Policy:

If you use Lumo via integrations with separate services provided by Proton AG, that usage may be subject to Proton's Privacy Policy in addition to this Privacy Policy. Please carefully read both policies when using the Services as part of an offering from Proton AG.

2.3 Third-party processing activities

2.3.1 Social Media: We are active on different social media platforms. Any information, communication, or material you submit to us via social media platforms is done at your own risk without any guarantee of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

2.4 Fraud and abuse detection

We may use the data mentioned above to detect abusive and fraudulent use of our services, and take appropriate measures. The legal basis of this processing is our legitimate interest to protect our service against non-compliant or fraudulent activities.

3. Data processors

To provide the Services, we rely on different data processors, which process different categories of data. Processors never store data outside of the scope of their specific purpose. Notably, they do not store data in relation with the general day-to-day use of your account and Services, which is exclusively processed by the Company. processors are as follow:

3.1 Third-party processors

Zendesk, Inc.

  • Purpose: Provide services in relation with the processing of customer support data
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Binding Corporate Rules, Certifications

Stripe, Inc.

  • Purpose: Provide services in relation with the processing of payment data
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

PayPal group

  • Purpose: Provide services in relation with the processing of payment data
  • Data processing location: United States, Singapore
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

Chargebee, Inc.

  • Purpose: Provide services in relation with the processing of payment data
  • Data processing location: United States
  • Guarantees for international transfer: Standard Contractual Clauses, Data Processing Agreement

Atlassian Pty Ltd

  • Purpose: store data in relation with customer support
  • Data processing location: European Union, United States, United Kingdom
  • Guarantees for international transfer: Adequacy decision, Standard Contractual Clauses, Certifications

4. Data disclosure

We will only disclose the limited user data we possess on a Lumo account if we are legally obligated to do so by a binding request coming from the competent German authorities.

5. Your privacy using Lumo

Through your account interface, you can directly access, edit, delete, or export personal data processed by the Company in your use of the Services.

If your account has been suspended for a breach of our terms and conditions, and you would like to exercise the rights related to your personal data, you can make a request to our support team.

In case of violation of your rights, you have the right to lodge a complaint to the competent supervisory authority.

6. Modifications to Privacy Policy

Within the limits of applicable law, the Company reserves the right to review and change this Privacy Policy at any time. As long as you are using the Services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the Services after such changes are performed shall constitute your consent to it.


In case of discrepancy between the English version of these Terms and any translated version, the English version shall prevail.