Privacy Policy
Last updated: 5 June 2026
This Privacy Policy explains how Lumen(the “App”) handles your information. Lumen is an iOS PDF reader with an optional AI assistant. We designed it to keep as much as possible on your device.
1. Who we are
The App is provided by the Lumen developer (the “Provider”, “we”). For privacy questions, contact emilio.arnold99@gmail.com.
2. What we process
- Your PDFs & reading data (files you import, reading progress, chat history, settings) are stored locally on your device. We do not upload or store them on our servers.
- AI assistant.When you use “Ask AI”, the text of the current document (truncated) and the message you type are sent over an encrypted connection to our backend, which forwards them to Google’s Gemini API to generate a response. The App asks for your explicit consent before sending any document text or message to this third-party AI service, and sends nothing until you agree. Our backend is a stateless proxy: it does not store your documents, messages, or responses. This data is used solely to generate the answer you requested.
- Purchases. Subscriptions are handled by Apple via the App Store. We receive only your subscription status — never your name, card, or payment details.
- No accounts, no tracking. Lumen has no login and includes no third-party analytics or advertising SDKs.
3. Legal basis (GDPR)
For users in the EU/EEA, we process the limited data above to perform the contract(Art. 6(1)(b) GDPR) — i.e. to deliver the AI feature you ask for — and on the basis of our legitimate interest (Art. 6(1)(f)) in keeping the service secure and preventing abuse.
4. Third parties
- Google (Gemini API) — processes the text you submit to generate AI responses.
- Vercel — hosts our backend proxy.
- Apple — operates the App Store and processes purchases.
We share only the minimum data needed to deliver the feature you request, and we require each provider to protect your information to a standard equivalent to this Policy. These providers may process data outside the EEA (e.g. the United States) under appropriate safeguards such as the EU Standard Contractual Clauses.
5. Retention
Documents, chats, and settings remain on your device until you delete them or remove the App. Our backend retains nothing after a request completes.
6. Your rights
Because your content lives on your device, you control it directly — delete a document, clear a chat, or remove the App to erase your data. EU/EEA users also have rights of access, rectification, erasure, restriction, and to lodge a complaint with a supervisory authority. Contact us to exercise them.
7. Children
The App is not directed to children under 16, and we do not knowingly process their data.
8. Changes
We may update this policy; material changes will be reflected by the date above.