Privacy Policy
Lumo Cards is a learning app for young children, used with a parent or caregiver. We take privacy seriously — especially for families. This policy explains what we collect, why, and the choices you have.
1. Who this is for
Lumo Cards is designed for children ages 2–5 to use with an adult. Accounts, purchases, and any personal information are created by and belong to the parent or caregiver. We do not knowingly collect personal information directly from children.
2. Information we collect
- Account information — email address, optional name, and (for email/password accounts) a hashed password. If you sign in with Apple or Google, we receive the account identifier and email address they share with us.
- Subscription + billing — handled by Stripe (web) or Apple / Google (mobile). We store the subscription status and identifiers they return; we do not store your payment card details.
- Content you create — custom flashcard decks, AI prompt text, and any images generated through the app.
- Usage + diagnostics — request logs (IP, user agent, timestamps) kept for security and debugging, and aggregate counts of how often features are used.
We do not use advertising trackers and we do not sell personal information.
3. How we use information
- Provide the service — sign you in, sync decks, process payments.
- Enforce usage limits for AI image generation (monthly quota).
- Prevent abuse — spam, fraud, and misuse of AI prompts.
- Reply to your support emails.
4. Third-party services
We use a small number of providers to run Lumo Cards:
- Stripe — web subscription billing.
- Apple App Store / Google Play — mobile subscription billing.
- RevenueCat — subscription state sync between app stores and our server.
- Google and Apple — “Sign in with” identity providers, if you choose them.
- Wavespeed — generates AI illustrations from the text prompts you write.
- Cloudflare — hosting, CDN, and image storage.
5. AI-generated images
Prompts you enter are sent to an AI image provider and are filtered for safety both before sending and afterwards. Generated images are stored on our CDN so your decks keep working. Do not include personal information or photos in prompts.
6. Data retention
We keep your account and decks as long as your account is active. You can delete your account at any time by emailing [email protected]; we will remove your personal information and content within 30 days, except where we're required to keep records (e.g., tax / payment records).
7. Security
Passwords are hashed with Argon2. Traffic is encrypted end-to-end with TLS. Access to production systems is restricted and logged. No system is perfectly secure, so please use a strong, unique password.
8. Children's privacy
Lumo Cardsis intended for use by parents with children. We do not knowingly create accounts for children under 13, and we do not direct advertising to children. If you believe a child has created an account without parental involvement, please contact us and we'll remove it.
9. Your rights
You may request access to, correction of, or deletion of your personal information by emailing [email protected]. Depending on where you live (EU/UK, California, etc.), you may have additional rights under local law; we honor those requests.
10. Changes to this policy
If we make material changes, we will update the effective date above and, for significant changes, notify you by email before they take effect.
11. Contact
Questions? Email [email protected].