LumiFrame

Privacy Policy

Effective Date: March 2, 2026 · Last Updated: April 23, 2026

1. Introduction

LumiFrame (“we,” “us,” or “our”) operates a digital photo-frame mobile application available on iOS and Android (the “App”). This Privacy Policy describes what information we collect, why we collect it, how we use and share it, and the choices available to you.

By creating an account or using the App you agree to the practices described in this Privacy Policy. If you do not agree, do not use the App.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, display name, and profile photo when you register (directly or via Google, Facebook, or Apple sign-in).
  • User Content: Photos, videos, albums, captions, comments, reactions (including GIFs selected through the Giphy integration), and any other material you upload or create.
  • Communications: Any messages you send to our support channels.

2.2 Information Collected Automatically

  • Device Information: Device model, operating system version, unique device identifiers, battery status, and app version.
  • Network Information: IP address and Wi-Fi network name. Wi-Fi network name is used solely for local cast-device discovery (e.g., Chromecast, AirPlay) and is not transmitted to our servers.
  • Photo Metadata: If your photos contain embedded EXIF data (including GPS coordinates, camera model, and timestamps), that metadata is stored alongside the photo. We do not independently track your device’s live GPS location.
  • Usage Data: App interactions, feature usage, session duration, and navigation paths.
  • Crash and Performance Data: Crash reports, error logs, and performance metrics collected via Firebase Performance Monitoring and Sentry.

2.3 Advertising and Tracking

LumiFrame does not show ads on any tier and does not collect ad-interaction data to serve advertising. We do not use platform advertising identifiers for ad personalization in the live product.

2.4 Information from Third-Party Sign-In

When you authenticate with Google, Facebook, or Apple, we receive only basic profile information (name, email, and profile photo) as authorized by you during the sign-in flow. We do not receive or store your password for those services.

3. How We Use Your Information

  • Provide the App: Account info, user content, and device info to operate and maintain the service.
  • Authentication & Security: Email, OAuth tokens, biometric verification data, and device keys to authenticate your identity and secure your account.
  • Sync & Storage: User content and device identifiers to sync content across your devices.
  • Sharing & Social: User content, display name, and profile photo to enable sharing and social features.
  • Notifications: Device tokens (FCM) and user preferences to send push notifications about activity on your content.
  • Diagnostics: Crash data, device info, and usage data to diagnose crashes, errors, and performance issues.
  • Analytics: Usage data and feature engagement metrics to analyze aggregate usage and improve the App.
  • Enforcement: Account info, device info, and usage data to enforce our Terms of Service and detect abuse.
  • Legal Compliance: As required by applicable law.

4. Legal Bases for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, our legal bases for processing your personal data are:

  • Contract: Processing necessary to provide the App and fulfill our agreement with you (account management, content storage, sharing features).
  • Consent: Where you have given explicit consent, including for optional push notifications and device-level permissions. You may withdraw consent at any time through device or App settings.
  • Legitimate Interests: Processing necessary for our legitimate interests that are not overridden by your rights, including product improvement, security, and fraud prevention.
  • Legal Obligation: Processing necessary to comply with applicable law.

5. How We Share Your Information

We do not sell your personal information. We do not use your photos or videos for advertising purposes.

We may share information in the following circumstances:

  • With Other Users: Content you share to frames, albums, or groups is visible to users you invite. Your display name and profile photo are visible to users you interact with.
  • Service Providers: Third-party companies that process data on our behalf to help operate the App (see Section 6).
  • Legal Requirements: When we believe in good faith that disclosure is required by applicable law, regulation, legal process, or enforceable governmental request.
  • Safety: To protect the rights, property, or safety of LumiFrame, our users, or the public.
  • Business Transfers: In connection with a merger, acquisition, bankruptcy, or sale of all or substantially all of our assets. You will be notified via in-app notice or email before your data is transferred.

6. Third-Party Services

The App integrates with the following third-party services. Each service processes data under its own privacy policy.

  • Firebase (Google): Authentication, Firestore database, Cloud Storage, Cloud Functions, Analytics, Performance Monitoring, Cloud Messaging (FCM), Remote Config, App Check. Firebase Privacy
  • Sentry: Error tracking, crash reporting, and performance monitoring. Sentry Privacy
  • Cloudflare (R2 & Workers): Media object storage, content delivery, and media gateway. Cloudflare Privacy
  • Giphy: GIF search and selection within comments. Giphy Privacy
  • Apple / Google (In-App Purchases): Subscription billing and payment processing. We do not receive or store your payment card details.

7. Advertising and Tracking

LumiFrame does not show ads on any tier. We do not use advertising identifiers to personalize ads in the live product.

If our advertising policy changes in the future, we will update this Privacy Policy before that change goes live.

8. Data Security

We use commercially reasonable technical and organizational measures to protect your information, including:

  • All data transmitted between the App and our servers is encrypted using HTTPS/TLS.
  • Sensitive credentials (device authentication tokens, third-party OAuth tokens) are stored on-device using the platform’s secure keychain (iOS Keychain / Android EncryptedSharedPreferences) and are not backed up or synced across devices.
  • Biometric authentication (Face ID, Touch ID, fingerprint) is available for App lock. Biometric data never leaves your device — we verify a cryptographic signature produced by the device’s secure enclave, not the biometric itself.
  • Firebase App Check is used to verify that requests originate from the authentic LumiFrame app.
  • User content is served over HTTPS via Cloudflare’s global CDN.

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security and accept no liability for unauthorized access resulting from circumstances beyond our reasonable control.

9. Data Retention and Deletion

  • Active Accounts: We retain your data for as long as your account exists and as necessary to provide the App.
  • Account Deletion: You may permanently delete your account at any time from App settings. Deletion is processed immediately and includes removal of your profile, all uploaded media (from both Firebase Storage and Cloudflare R2), social data, device registrations, and all subcollection data.
  • Anonymization: Where your content has been shared with other users (e.g., comments on others’ posts), references to your account are anonymized to “Deleted User” to preserve the integrity of other users’ content.
  • Backups: Residual copies may persist in automated infrastructure backups for a limited period (typically up to 30 days) before being overwritten.
  • Legal Holds: We may retain data longer where required by applicable law or to resolve ongoing disputes.

10. Your Privacy Rights

10.1 All Users

Regardless of where you live, you may:

  • Access and update your account information in App settings.
  • Delete individual photos, videos, albums, or comments at any time.
  • Delete your entire account and all associated data from App settings.
  • Manage push-notification preferences in App or device settings.
  • Manage device-level privacy permissions in your system settings.

10.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising.
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information collected in the preceding 12 months: Identifiers (name, email, device IDs); internet activity (usage data); audiovisual information (photos, videos); geolocation (photo EXIF metadata only); inferences drawn from the above.

To exercise your CCPA/CPRA rights, email privacy@lumiframeapp.com.

10.3 EEA and UK Residents (GDPR / UK GDPR)

If you are in the European Economic Area or United Kingdom, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Erasure (“Right to Be Forgotten”): Request deletion of your personal data.
  • Restriction of Processing: Request that we restrict how we use your data in certain circumstances.
  • Data Portability: Request your data in a structured, commonly used, and machine-readable format. Note: We do not currently offer an automated data-export feature. Portability requests will be fulfilled manually within 30 days.
  • Object: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Lodge a Complaint: You have the right to lodge a complaint with your local data-protection supervisory authority.

To exercise these rights, contact privacy@lumiframeapp.com. We will respond within 30 days.

10.4 Canadian Residents (PIPEDA)

Canadian users may request access to, correction of, or deletion of their personal information by contacting us at privacy@lumiframeapp.com.

11. Children’s Privacy

LumiFrame is not directed at children under the age of 13 (or the applicable minimum age in your jurisdiction — for example, 16 in certain EU member states). We do not knowingly collect personal information from children under this age.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@lumiframeapp.com and we will delete that information promptly.

12. International Data Transfers

Your information is processed and stored on servers operated by our service providers, which may be located in the United States and other countries outside your jurisdiction. These transfers are necessary to provide the App.

Where data is transferred from the EEA/UK to countries not deemed to provide an adequate level of protection, we rely on the safeguards provided by our service providers, including Google’s and Cloudflare’s data-processing agreements and Standard Contractual Clauses approved by the European Commission.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page.
  • Provide notice through an in-app notification or, where practicable, by email.

Your continued use of the App after the updated Privacy Policy takes effect constitutes your acceptance of the changes. If you do not agree, you should stop using the App and delete your account.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Privacy inquiries: privacy@lumiframeapp.com
General support: support@lumiframeapp.com
Website: https://lumiframeapp.com