lumi. is operated by SJB Creative Studio Ltd, a company registered in England and Wales, trading as lumi. (referred to in this policy as "lumi."). As the data controller under UK GDPR, lumi. determines what data is collected and how it is used. ICO registration number: C1973098. You can reach lumi. at the contact details at the bottom of this page.
lumi. stores the following in its database, hosted on Railway:
When you record or upload a voice note, the audio file is sent to a transcription service for conversion to text. Once transcription succeeds, the audio file is deleted from the server immediately and is not retained. lumi. does not store audio long-term.
If transcription fails, the file is retained for up to 24 hours, during which lumi. will automatically retry transcription every 30 minutes. This window exists to recover from temporary service outages without losing your recording. Once transcription succeeds or the 24-hour window closes, the file is deleted automatically.
lumi. uses OpenAI's Whisper service as its primary transcription provider, with Groq's Whisper service as an automatic fallback if OpenAI is unavailable. Both services receive only the audio file — no other personal data is sent alongside it. See Section 4 for details on each service's data handling.
lumi. works with a small number of trusted services to deliver its features. Here is exactly what is sent to each one and why.
| Service | What is sent | Why / retention |
|---|---|---|
| OpenAI Whisper API |
Your audio file + a short vocabulary hint containing your name, life area names, goal titles, and common phrases | Speech-to-text transcription. OpenAI does not use API data to train models. Retained up to 30 days for abuse monitoring per OpenAI's policy. |
| Groq Whisper API (backup) |
Your audio file | Backup speech-to-text transcription, used automatically if OpenAI Whisper is unavailable. Groq does not use API data to train models. Retained for a short period for operational purposes per Groq's privacy policy. |
| Anthropic Claude API |
Decrypted journal content — transcripts, summaries, intentions, life context, voice profile, goals, life areas, Google Calendar events | All AI features: tagging, daily questions, weekly signals, monthly summaries, pattern alerts, onboarding extraction, life context synthesis. Anthropic does not use API data to train models by default. lumi. operates under Anthropic's Commercial Terms of Service. Retained up to 30 days for trust and safety monitoring per Anthropic's commercial terms and privacy policy. |
| Clerk Authentication |
Your name, email address, and login credentials | Account creation, login, and session management. lumi.'s own database stores only your Clerk user ID as a reference. Account deletion in lumi. also triggers deletion in Clerk. See Clerk's policy. |
| Google Drive Backups (optional) |
An encrypted backup of the database — Google receives an opaque encrypted file, not readable journal content | Daily encrypted backup if you connect Drive. The last 7 versions are kept; older ones are auto-deleted. You can revoke access at any time. See Google's policy. |
| Railway Hosting |
Application logs — file sizes, entry IDs, processing statuses, character counts | Infrastructure hosting. Logs do not contain readable journal content. Retained for typically 7 days. See Railway's policy. |
Under UK GDPR, lumi. must satisfy two separate legal tests for processing your data: an Article 6 basis (which applies to all personal data) and, where applicable, an Article 9 basis (which applies additionally to special category data). Both are set out below.
| Processing activity | Lawful basis | Notes |
|---|---|---|
| Account creation and login | Contract (Art. 6(1)(b)) | Necessary to provide the service |
| Voice transcription and entry processing | Contract (Art. 6(1)(b)) | Core function of the service |
| AI analysis and summary generation | Contract (Art. 6(1)(b)) | Core function of the service |
| Goal and life area tracking | Contract (Art. 6(1)(b)) | Core function of the service |
| Subscription and billing | Contract (Art. 6(1)(b)) | Necessary to manage a paid subscription |
| Safety and distress monitoring | Legitimate interests (Art. 6(1)(f)) | Assessed in the Legitimate Interests Assessment on file. Interest: protecting user wellbeing. Overriding prejudice test passed. |
| Service operation | Legitimate interests (Art. 6(1)(f)) | Assessed in the Legitimate Interests Assessment on file. |
| Google Calendar sync | Consent (Art. 6(1)(a)) | Optional feature; user connects and can disconnect at any time |
| Google Drive backup | Consent (Art. 6(1)(a)) | Optional feature; user connects and can disconnect at any time |
Journal entries, annotations, and AI-generated content derived from them may contain information about your health, emotional wellbeing, relationships, or other matters that constitute special category personal data under Article 9(1) of UK GDPR. This includes, for example, references to mental or physical health, relationships, or personal circumstances disclosed in the course of journalling.
For this processing, lumi. relies on explicit consent under Article 9(2)(a). This consent is collected separately from the Terms of Service at the point of onboarding, before any journal entries are recorded. It is specific to the processing of special category data for the purposes of delivering the journalling and reflection service.
| Processing activity | Article 9 basis | Notes |
|---|---|---|
| Journal entry content Health, emotional state, or other special category data | Explicit consent (Art. 9(2)(a)) | Consent collected at onboarding, separate from ToS. Withdrawable at any time — see Section 7. |
| AI analysis and summaries Derived from special category entry content | Explicit consent (Art. 9(2)(a)) | Derived processing covered by the same consent as above. |
| Voice profile Built from entry content over time | Explicit consent (Art. 9(2)(a)) | Longitudinal profile may reflect patterns in emotional state and wellbeing. |
Some of the third-party services lumi. uses are based outside the United Kingdom, which means your personal data may be transferred to and processed in countries outside the UK. This applies in particular to Anthropic (United States), OpenAI (United States), Groq (United States), and Clerk (United States).
Where personal data is transferred outside the UK, lumi. relies on appropriate safeguards to protect it. For transfers to the United States, lumi. relies on the standard contractual clauses approved for use under UK GDPR, or on the adequacy decisions and transfer mechanisms maintained by the services themselves under their published data processing agreements.
You can find details of the transfer safeguards each service relies on in their respective privacy policies, linked in the third-party services table above. A solicitor review of these transfer mechanisms is planned before public launch.
| Data | Retention |
|---|---|
| Audio recordings | Deleted immediately after successful transcription. If transcription fails, retained for up to 24 hours with automatic retry every 30 minutes, then auto-deleted. |
| Journal entries, summaries, goals Including intentions, session data and special category data | Kept for as long as your account is active — the longitudinal record is central to what lumi. does. You can delete individual entries at any time. All special category data is deleted promptly on account deletion or consent withdrawal. |
| Google Drive backups | Last 7 versions kept; older ones auto-deleted |
| Railway application logs | Typically 7 days |
| All data on account deletion | Removed from active systems promptly on deletion. Residual copies in encrypted backups are purged according to the backup retention schedule (up to 7 days). See section 7. |
Under UK GDPR, you have the following rights. To exercise any of them, contact lumi. using the details at the bottom of this page.
lumi. performs a local keyword check on your journal entries before any content is sent to external services. This is designed to detect signs of significant distress. If certain language is detected, the normal AI analysis may be suppressed for that entry, and crisis support resources are shown instead. This check runs on the server before any content leaves lumi.'s systems.
lumi. is not a mental health service and does not provide therapeutic support. If you are in distress, please reach out to a professional. In the UK: Samaritans — 116 123 (free, 24/7).
lumi. is in active development. Features may change from time to time. This policy will be updated if anything material changes to the way personal data is processed. The current version date is shown at the top of this page. Continued use of lumi. after a policy update constitutes acceptance of the revised terms.
lumi. uses session cookies and local storage only as required for authentication (via Clerk) and to remember your in-app preferences. No advertising or tracking cookies are used.
If this policy changes materially, you will be notified in the app. The date at the top of this page always reflects when it was last updated.
If you have any questions about this policy or how your data is handled, please get in touch.
Contact: lumi.journalling@gmail.com
If you are not satisfied with how a concern is handled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.