Privacy Policy

Deutsche Version

1. Controller

Lumilnar UG (haftungsbeschränkt)
Ackerstraße 44
41516 Grevenbroich
Germany

Represented by: Alexander Declan Nikolai
Commercial Register: HRB 23699 (Amtsgericht Mönchengladbach)
Email: info@lumilnar.de

2. Data we process

Depending on how you use Lumilnar, we may process the following categories of personal data:

  • Account data such as email address, username, authentication data, and consent status
  • Health and wellness data such as nutrition, supplements, sleep, vitals, symptoms, routines, workouts, illnesses, and bloodwork
  • Uploaded content such as photos, documents, exam images, food images, and similar user uploads
  • Audio and text inputs such as voice recordings, chat messages, notes, and other free text
  • Location data if you explicitly enable location-based features
  • Device and app-related data such as push tokens, technical status data, and account-linked identifiers
  • Data from connected sources such as Apple HealthKit or Oura if you authorize those integrations
  • Subscription and purchase status data related to the iPhone Pro subscription

3. Apple subscriptions and RevenueCat

On iPhone, Lumilnar Pro may be offered as an auto-renewable Apple App Store subscription.

When you purchase, restore, or manage a subscription:

  • billing is handled by Apple through your Apple ID
  • we do not receive full payment card details
  • we and our service providers may process subscription status, entitlement status, product identifiers, renewal status, restore status, and account-linked identifiers
  • we use RevenueCat to manage and validate subscriptions technically
  • we may store your plan tier in our backend so Pro features can be unlocked correctly

Refunds and billing questions are generally governed by Apple's rules.

4. Purposes and legal bases

Where GDPR applies, we rely in particular on the following legal bases:

  • Contract performance: for account access, app functionality, synchronization, and subscription access
  • Consent: especially for health data, connected health data, AI features, and optional integrations
  • Legitimate interests: especially for security, abuse prevention, stability, and service improvement

5. Recipients and service providers

Depending on the feature used, data may be processed by or shared with:

  • Supabase for database, authentication, storage, and backend services
  • Apple for App Store subscriptions, Apple Health, and platform services
  • RevenueCat for subscription management and entitlement validation
  • AI providers such as OpenAI, xAI (Grok), or OpenAI Whisper where relevant and consented to
  • Oura or other expressly connected health services if you enable those connections

6. International transfers

Some third-party providers, especially AI providers, may process data outside the EU/EEA, including in the United States. Where required, we rely on appropriate safeguards or other lawful transfer mechanisms.

7. Retention

We keep personal data only as long as necessary for the purposes described above or as required by law. After account deletion, personal data is generally deleted or anonymized through our processes unless legal obligations require otherwise.

8. Your rights

Subject to applicable law, you may have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.

9. Contact

For privacy questions, contact us at info@lumilnar.de.