lumi. Privacy Policy — plain-English explanation of how your journal data is collected, stored, and protected.

lumi.
Privacy policy
Last updated: May 2026  ·  Private beta  ·  ICO registration: C1942494
lumi. is a private journal. Everything you record, reflect on, and work through here is personal — and it deserves to be treated that way. This policy explains clearly what data lumi. collects, where it goes, and how it's protected. No jargon, no burying the important bits.
1 — Who is responsible for your data

lumi. is operated by Sarah-Jane Barton trading as lumi. (referred to in this policy as "lumi."). As the data controller under UK GDPR, lumi. determines what data is collected and how it is used. ICO registration number: C1942494. You can reach us at the contact details at the bottom of this page.

2 — What lumi. collects and stores

lumi. stores the following in its database, hosted on Railway:

Your journal content
  • Journal entry transcripts (converted from your voice recordings)
  • Your own annotations and written reflections
  • A life context statement — background you share about yourself
  • Session notes and between-session actions (if you use the Sessions feature)
AI-generated content
  • Entry summaries, daily questions, weekly signals, monthly summaries
  • Intentions — micro-goals extracted from your entries, in your own words
  • A voice and writing profile built up from your entries over time
Your goals and life structure
  • Life areas, goals, and a journal purpose statement (set during onboarding)
Connected services
  • Google Calendar events — read-only, synced to provide context in monthly summaries
  • Your name and email address, stored by Clerk (the login service lumi. uses)
Sensitive fields — transcripts, summaries, intentions, annotations, session notes, life context, daily questions, weekly signals, and actions — are encrypted with AES-256-CBC before being stored. Metadata like entry dates, sentiment scores, energy levels, and life area tags is stored unencrypted.
3 — Audio recordings

When you record or upload a voice note, the audio file is sent to a transcription service (OpenAI Whisper). Once transcription succeeds, the audio file is immediately and permanently deleted from the server. lumi. never stores your audio long-term.

If transcription fails, the file is kept temporarily so you can retry. Once you retry successfully or discard the entry, the file is deleted.

4 — Third-party services: what leaves the app and why

lumi. works with a small number of trusted services to deliver its features. Here is exactly what is sent to each one and why.

Service What is sent Why / retention
OpenAI
Whisper API		 Your audio file + a short vocabulary hint containing your name, life area names, goal titles, and common phrases Speech-to-text transcription. OpenAI does not use API data to train models. Retained up to 30 days for abuse monitoring per OpenAI's policy.
Anthropic
Claude API		 Decrypted journal content — transcripts, summaries, intentions, life context, voice profile, goals, life areas, Google Calendar events All AI features: tagging, daily questions, weekly signals, monthly summaries, pattern alerts, onboarding extraction, life context synthesis. Anthropic does not use API data to train models by default. Retained up to 30 days for trust and safety monitoring per Anthropic's policy.
Clerk
Authentication		 Your name, email address, and login credentials Account creation, login, and session management. lumi.'s own database stores only your Clerk user ID as a reference. Account deletion in lumi. also triggers deletion in Clerk. See Clerk's policy.
Google Drive
Backups (optional)		 An encrypted backup of the database — Google receives an opaque encrypted file, not readable journal content Daily encrypted backup if you connect Drive. The last 7 versions are kept; older ones are auto-deleted. You can revoke access at any time. See Google's policy.
Railway
Hosting		 Application logs — file sizes, entry IDs, processing statuses, character counts Infrastructure hosting. Logs do not contain readable journal content. Retained for typically 7 days. See Railway's policy.
5 — Why lumi. processes your data

Under UK GDPR, lumi. relies on the following legal bases:

  • Contract — processing necessary to provide the service you signed up for (transcription, AI analysis, goal tracking, summaries)
  • Legitimate interests — operating and improving the service; safety monitoring (distress detection to surface support resources)
  • Consent — optional features such as Google Calendar sync and Google Drive backup
6 — How long data is kept
DataRetention
Audio recordingsDeleted immediately after successful transcription
Journal entries, summaries, goals, intentions, session dataKept indefinitely — the longitudinal record is central to what lumi. does. You can delete individual entries at any time.
Google Drive backupsLast 7 versions kept; older ones auto-deleted
Railway application logsTypically 7 days
All data on account deletionPermanently and immediately deleted — see section 7
7 — Your rights

Under UK GDPR, you have the following rights. To exercise any of them, contact lumi. using the details at the bottom of this page.

Access
Request a copy of the data lumi. holds about you.
Rectification
Ask for inaccurate data to be corrected.
Erasure
Delete your account and all associated data at any time via Settings. This is immediate and permanent.
Portability
Request your data in a portable format.
Restriction
Ask lumi. to pause processing your data in certain circumstances.
Objection
Object to processing based on legitimate interests.
Account deletion removes all data across all tables — entries, summaries, intentions, sessions, goals, life areas, voice profile, and your Clerk account — permanently and immediately. The most recent Google Drive backup(s) may persist for up to 7 days before being pruned. If you delete your account and believe some data was not removed, please contact lumi. straight away.
8 — What lumi. does not do
  • No analytics or behavioural tracking (no Google Analytics, Mixpanel, or similar)
  • No advertising — lumi. is ad-free
  • No selling of your data to any third party
  • No payment processing — no financial data is collected
  • Readable journal content never appears in application logs
9 — Safety monitoring

lumi. performs a local keyword check on your journal entries before any content is sent to external services. This is designed to detect signs of significant distress. If certain language is detected, the normal AI analysis may be suppressed for that entry, and crisis support resources are shown instead. This check runs on the server before any content leaves lumi.'s systems.

lumi. is not a mental health service and does not provide therapeutic support. If you are in distress, please reach out to a professional. In the UK: Samaritans — 116 123 (free, 24/7).

10 — Beta period

lumi. is currently in a private testing phase with a small number of users. During this period, features may change and — in exceptional circumstances — data may be reset with advance notice. This policy will be updated if anything material changes. The current version date is shown at the top.

11 — Cookies and local storage

lumi. uses session cookies and local storage only as required for authentication (via Clerk) and to remember your in-app preferences. No advertising or tracking cookies are used.

12 — Changes to this policy

If this policy changes materially, you will be notified in the app. The date at the top of this page always reflects when it was last updated.

13 — Questions and complaints

If you have any questions about this policy or how your data is handled, please get in touch.

Contact: lumi.journalling@gmail.com

If you are not satisfied with how a concern is handled, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.