Privacy Policy

This policy explains what data Lumoro collects, why we collect it, how we protect it, and what rights you have over it. We believe privacy policies should be readable, so we wrote this one in plain English.

Information We Collect

Account Information

When you sign up for Lumoro, we collect:

Your first name
Phone number
Email address (optional, for updates and receipts)
Preferred wake-up time
Timezone (auto-detected from your device)

Onboarding Data

During the onboarding quiz, we collect:

Challenges you're working through (stress, anxiety, sleep, etc.)
Wisdom style preferences (philosophy, neuroscience, poetry, etc.)
Exercise and grounding preferences
Personal goals and desires
Any free-text responses you provide (intake notes)
Your assigned archetype (determined from your quiz answers)
Age confirmation (self-attestation that you are 18 or older, with timestamp)

Behavioral Data

As you use Lumoro, we collect:

Reply timestamps and response latency
Check-in question responses
Journal replies (your SMS text responses to evening prompts)
Engagement patterns (which days you respond, which you skip)
Skip patterns (which exercises or prompts you tend not to complete)
Detected themes (topics identified from your replies for personalization)
Blocked themes (topics you've asked us to avoid)
Message log (record of messages sent to you and your replies)

Device and Technical Data

We also collect:

IP address (recorded at signup for compliance and used for country detection)
Country code (determined via IP-based geolocation to verify regional availability; your IP address is not stored permanently for this purpose)
Browser type and device type (when visiting our website)
Consent timestamps (when you agreed to receive messages)
Referral source (if you signed up through a shared link)

Waitlist Data

If you are in a region where Lumoro is not yet available, you may provide your email address to join our waitlist. We store your email, detected country, and the date you signed up. We use this only to notify you when Lumoro becomes available in your region.

Analytics

We use PostHog to collect anonymous, aggregate website usage data. This helps us understand how visitors interact with our site. No personal data is shared with PostHog.

How We Use Your Data

Deliver your daily reset, personalized SMS content based on your archetype, preferences, and wake-up time
Assign and evolve your archetype, your quiz answers determine your initial archetype, and behavioral patterns may refine it over time
Personalize your morning text. The questions you answered at signup shape which quotes and prompts you receive.
Improve what you receive over time. Your replies and reflections help us understand what's landing for you and what isn't, so future messages fit better.
Improve the service, aggregate, anonymized patterns help us understand what's working and build better content
Process payments, Stripe processes subscription payments, invoices, payment method details, billing events, and related payment metadata for Lumoro

Where Your Data Lives

Your reflections sit on Lumoro servers. We're honest about the current state. They are not encrypted at the application layer yet. We will update this page the day that changes.

We do not sell your reflections or use them for ads. We do not use them to train any AI model. When you open Reflect, your conversation goes to Anthropic so Claude can respond. Anthropic does not train on API data.

We are a small team. Nobody routinely reads your reflections. If something breaks and we need access to debug, protect the service, respond to your request, or comply with law, we keep that access limited to what is reasonably needed.

You can request deletion from Settings or by emailing us. Some limited records may remain where needed for opt-out suppression, security, billing, dispute, tax, legal, or backup purposes.

How We Don't Use Your Data

We want to be explicit about what we will never do with your information:

We never sell your data to third parties. Not now, not ever.
We never share your reflections or SMS content with advertisers.
We never use your reflections for targeted advertising.
We never share your data with data brokers.
We never share your data for marketing purposes with any third party.

SMS Consent and Communications

You opt in to receive SMS messages from Lumoro by providing your phone number and checking the consent box during onboarding. This constitutes your express written consent under the Telephone Consumer Protection Act (TCPA).

Frequency: Up to 3 messages per day. Message and data rates may apply.
Content: Morning wellness prompts, check-in questions, responses to user replies, and weekly recaps
Rates: Message and data rates may apply depending on your carrier and plan
Opt out: Reply STOP to any Lumoro message at any time. All messages stop immediately.
Support: Reply HELP for assistance

Your consent to receive SMS messages is not a condition of purchasing any goods or services. You can opt out at any time without penalty.

SMS and Mobile Data

We will never share, sell, or distribute your mobile phone number or SMS opt-in data with third parties or affiliates for marketing or promotional purposes. Your phone number is collected solely to deliver the Lumoro SMS wellness program you opted into. Message and data rates may apply. Text STOP to cancel at any time.

SMS Encryption

SMS messages are not end-to-end encrypted. Standard carrier transmission applies. Lumoro cannot guarantee the security of SMS messages in transit. For maximum privacy, manage your device's message history and screen lock settings.

Data Storage and Security

Your data is stored on secure servers with industry-standard encryption in transit and at rest. Access to personal data is restricted to essential personnel only. We conduct regular security reviews of our infrastructure and practices.

No system is 100% secure. While we take every reasonable measure to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you promptly.

Lumoro does not store full credit card numbers, bank account details, or other full payment method details. Stripe processes subscription payments, invoices, payment method details, billing events, and related payment metadata under its own security standards and PCI compliance. See Stripe's Privacy Policy.

Data Retention

Active accounts: Your data is retained for as long as you use Lumoro.
After opt-out: When you text STOP, we delete your personal data within 30 days. We retain only your phone number and opt-out status to ensure we never message you again.
Full deletion: Email hello@trylumoro.com and we will remove all of your data, including your phone number and opt-out status, within 7 business days.
Anonymized data: Aggregate, anonymized usage data (with no personally identifiable information) may be retained indefinitely to improve the service.

Third-Party Services

We use a small number of third-party services to operate Lumoro. Each processes only the minimum data necessary for their function.

Twilio, delivers SMS messages on our behalf. Twilio processes your phone number for message delivery and delivery status reporting. See Twilio's Privacy Policy.
Stripe, handles subscription payments, invoices, payment method details, billing events, and related payment metadata under its own privacy policy and PCI compliance. See Stripe's Privacy Policy.
PostHog and Meta Pixel, help us understand site usage and ad performance. Your reflections and SMS content are not sent to these tools. See PostHog's Privacy Policy and Meta's Privacy Policy.
Anthropic (Claude API), processes your intake notes and SMS replies to generate personalized wellness content. Anthropic receives the text of your responses but does not use your data to train AI models. See Anthropic's Privacy Policy.
ipapi.co, determines your country from your IP address during signup to verify regional availability. Only your IP address is sent; no other personal data is shared. Your IP is not permanently stored for this purpose.

We do not use any other third-party services that receive your personal data.

Cookies & Analytics

We use two types of cookies on trylumoro.com:

Necessary cookies — session and security cookies required for the site to function. These include member sign-in cookies that remember your device so you do not need a new SMS code every time you open Lumoro. They are set automatically and cannot be disabled except by logging out, unchecking "Remember this device" during sign-in, or clearing your browser cookies.
Measurement cookies — used by PostHog and Meta Pixel to understand site usage, onboarding flow, feature usage, and ad performance. No reflection or SMS content is sent to these tools, and no data is sold to third parties.

On your first visit you will see a cookie banner. You can accept all, reject all, or manage preferences per category. You can change your choice at any time using the "Do Not Sell or Share My Personal Information" link in the footer, or by clearing your browser's local storage.

The cookie banner controls PostHog analytics preferences. Meta Pixel is used for ad measurement; it does not receive reflection or SMS content.

Your Rights

You have the right to:

Opt out of all SMS messages at any time by replying STOP
Access a copy of all personal data we hold about you
Delete all of your personal data from our systems
Correct any inaccurate information we have about you
Port your data in a machine-readable format upon request

To exercise any of these rights, email hello@trylumoro.com. All requests are processed within 7 business days.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

Right to know, you can request a detailed description of the personal information we have collected about you in the past 12 months, including the categories of data, the sources, the business purpose, and any third parties with whom it was shared.
Right to delete, you can request that we delete all personal information we have collected about you, subject to certain exceptions permitted by law.
Right to opt out of sale, we do not sell your personal information. We have never sold personal information and have no plans to do so.
Right to non-discrimination, we will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, a different quality of service, or be denied service for making a privacy request.

To submit a CCPA request, email hello@trylumoro.com with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days as required by law.

Children

Lumoro is not intended for anyone under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a user under 18, we will delete their data and cancel their account immediately. If you believe a minor has signed up for Lumoro, please contact us at hello@trylumoro.com.

Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes to how we collect, use, or share your data, we will notify you via SMS before the changes take effect. Minor clarifications or formatting changes may be made without notice.

Continued use of Lumoro after notification of changes constitutes acceptance of the updated policy. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

For any questions about this privacy policy, your data, or to exercise your rights, contact us at:

hello@trylumoro.com

We respond to all privacy inquiries within 7 business days.