Lumio Privacy Policy

Introduction

Lumio (“Lumio”, “we”, “us”, “our”) is a mobile messaging and communications application that enables users to send messages, make voice and video calls, share files/media, and interact with other users.

We take privacy seriously. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, how we protect it, and the choices and rights you have.

This Privacy Policy applies to the Lumio Android mobile application (the “App”) and any related websites, support channels, or services that link to this policy (collectively, the “Services”).

If you do not agree with this policy, please do not use Lumio.

1. Who We Are and How to Contact Us

Data Controller: Lumio Information Technology L.L.C, established in UAE/Dubai, with address: Office No. 316-0247, Al Marar, Dubai

Privacy Contact Email: privacy@lumio.im

Support Email: support@lumio.im

If you have questions, requests, or complaints related to privacy, contact us using the details above.

2. Key Definitions

Personal Data: information relating to an identified or identifiable individual (e.g., phone number, name, device identifiers).

Sensitive Personal Data: categories of data requiring higher protection (e.g., biometrics, health data, precise location, or other categories defined by applicable law).

Processing: any operation performed on personal data (collection, storage, use, disclosure, deletion).

Third Parties: service providers, partners, or other entities that are not you or Lumio.

3. Summary of What We Collect

Depending on how you use Lumio, we may collect:

A) Information you provide

• Account identifiers (e.g., phone number, username, display name).
• Profile information (profile photo, status/bio, optional email).
• Communications and content (messages, files, photos, videos, voice notes) as needed to provide the service and deliver messages.
• Contacts (if you choose to sync your address book).
• Customer support content (messages you send to support, screenshots/logs you share).

B) Information generated by your use

• Usage and diagnostics (app performance, crash logs, error reports).
• Connection and device info (device model, OS version, app version, IP address, language, time zone).
• Messaging/call metadata (e.g., time sent, delivery status, call start/end times, network quality metrics).

C) Information from third parties (limited)

• Push notification token(s) from Android/Google notification services and/or our notification provider.
• Basic security signals (e.g., fraud/spam patterns).

4. Details of Information We Collect

4.1 Account and Identity Data

We collect: phone number (primary identifier for registration and login); display name/username (if you set one); profile photo (optional); and account settings (privacy settings, notification preferences).

Why: to create and manage your account and enable communication with other users.

4.2 Contacts / Address Book (Optional)

If you enable contact sync, we may access and upload contact names, phone numbers, and contact identifiers stored in your device address book.

Why: to help you find people you know on Lumio and to improve the user experience (e.g., “contacts on Lumio”).

Your choice: you can use Lumio without syncing contacts, but some discovery features may be limited. You can disable contact sync at any time in the App settings and (if available) request deletion of synced contact data (see Section 11).

4.3 Messages, Files, Media, and Call Content

Depending on how the service is implemented, we may process message content (text), media (photos/videos) and files you send, voice notes, call signaling data (needed to connect calls), and video/voice call media streams (processed transiently to establish real-time communication).

Why: to provide core messaging, file sharing, and calling features, including delivering messages when recipients are offline.

4.4 Metadata (Messaging and Call)

We may collect message delivery status (sent/delivered/read), timestamps (when messages are sent/delivered/read), call start time, end time, duration, and technical diagnostics (jitter/packet loss), last-seen/online presence (if enabled), and basic anti-abuse signals (e.g., rate limits).

Why: to operate and secure the service, provide receipts/presence features, troubleshoot issues, and prevent spam/abuse.

4.5 Device, Network, and App Data

We may collect device model, OS version, unique app instance identifiers, app version/build number, IP address (used for security and connectivity), language, time zone, approximate region (derived), crash reports, and performance telemetry.

Why: to keep Lumio reliable, secure, and compatible across devices, and to detect fraud/abuse.

4.6 Push Notifications

To send you notifications (new message, missed call), we process push notification tokens provided by your device/OS and notification services and notification delivery events.

Why: to deliver notifications you opt into.

4.7 Customer Support Data

If you contact support, we may collect your contact details (email/phone), the content of your support request, and diagnostic logs you choose to send.

Why: to respond and resolve issues.

5. App Permissions (Android) and Why They’re Needed

Lumio may request permissions such as:

• Contacts: to find friends and show contact names (optional).
• Camera: for taking photos/videos and video calls (when you use them).
• Microphone: for voice notes and calls.
• Storage/Photos/Media: to send and save media and files.
• Notifications: to alert you to messages and calls.
• Network access: required for communications.

You can manage permissions in Android settings. Some features will not function without certain permissions (e.g., calls require microphone).

6. How We Use Your Information (Purposes)

We use personal data for the following purposes:

• Provide and operate the Services (account creation/authentication; messaging, file sharing, calling; contact discovery if enabled; delivery for offline users).
• Security and fraud/abuse prevention (detect spam, malware, fraud; enforce Terms; rate limiting).
• Service reliability, debugging, and performance (crash detection; improving connectivity and call quality).
• User support and communications (responding to support; service messages such as security alerts and policy updates).
• Legal and compliance (meeting legal obligations and responding to lawful requests).

We do not use your private messages/files for advertising. We do not sell personal data.

7. Legal Bases for Processing

Where applicable under UAE data protection principles and other relevant frameworks, we process personal data based on one or more of the following grounds:

• Contractual necessity: to provide the Service you request (e.g., deliver messages/calls).
• Consent: for optional features (e.g., contact sync, certain notifications).
• Legitimate interests: to secure, maintain, and improve the Services (balanced against your rights).
• Legal obligation: compliance with applicable laws and lawful requests.

Where consent is used, you may withdraw it at any time (see Section 11).

8. Where Your Data Is Stored (UAE Data Residency)

Lumio is designed with UAE data residency in mind.

Our primary hosting and storage is in the United Arab Emirates using Amazon Web Services (AWS).

Data may be processed within our UAE cloud infrastructure, including services such as AWS EKS, AWS RDS (MySQL), AWS S3, AWS ElastiCache (Redis), and AWS CloudWatch (for monitoring/logging), as applicable to the Lumio backend architecture.

Note: Some limited data may transit through global networks due to how the internet and mobile networks route traffic. Where cross-border transfers occur, we apply safeguards described in Section 9.

9. International Data Transfers

We aim to keep data in the UAE. However, certain processing may involve cross-border data transfers in limited cases, for example:

• Delivery of push notifications through platform services.
• Fraud/security signals and network routing.
• Support communications if you contact us from outside the UAE.

When transfers occur, we take steps to ensure appropriate safeguards (contractual protections, vendor due diligence, security controls, and limiting data to what is necessary).

10. Data Retention (How Long We Keep Data)

We retain data only as long as needed for the purposes described above, unless a longer period is required by law.

Typical retention rules (adjust to your implementation):

• Account data: kept while your account is active.
• Messages and shared content: stored to enable delivery and message history where the feature exists. If you delete a message (and the feature is supported), we delete it from our servers within a reasonable timeframe, subject to backups and technical constraints.
• Call metadata and diagnostics: retained for a limited period for security and quality improvement.
• Logs (security/diagnostics): retained for a limited period and then deleted or anonymized.
• Backups: may persist briefly after deletion due to backup cycles, then are overwritten/expired.

We also may retain certain data to comply with legal obligations, resolve disputes, enforce agreements, and prevent harm and abuse.

11. Your Rights and Choices

Depending on applicable UAE laws and your location, you may have rights such as access, correction, deletion, withdrawal of consent, objection/restriction in certain cases, and data portability where feasible.

11.1 Account Deletion

Lumio provides an in-app method to delete your account: App → Settings → Account → Delete Account (or equivalent).

If you cannot access the app, you can request deletion by emailing privacy@lumio.app from your registered phone/email with the subject “Account Deletion Request”.

After deletion: your account will be disabled and deleted; certain residual data may remain temporarily in backups (Section 10); and some data may be retained if legally required or for security (e.g., abuse prevention).

11.2 Managing Contacts

You can disable contact sync in the app settings and/or in Android permissions. If Lumio stores uploaded contacts, you can request deletion of synced contacts via settings or by contacting us.

11.3 Notifications

You can enable/disable notifications in-app and in your phone settings.

12. How We Share Your Information

We share personal data only as needed to operate the Service, comply with law, or protect users.

12.1 Service Providers (Processors)

We use trusted vendors to host and operate the service. These providers process data on our instructions and under contractual obligations. We limit the data shared to what is necessary and require security measures.

Examples may include:

• AWS (hosting, databases, object storage, monitoring/logging).
• Push notification providers: OneSignal.
• Games provider: MarketJS limited

12.2 Other Users

When you use Lumio, other users may see:

• Your display name and profile photo (if set).
• Your phone number or username (depending on product design).
• Your status/last seen/online presence (if enabled).
• Messages and content you send them.

12.3 Legal Requests

We may disclose information if we believe it is reasonably necessary to comply with applicable law, regulation, legal process, or lawful governmental request; enforce our Terms/policies; or protect the safety, rights, and property of users and the public.

12.4 Business Transfers

If Lumio is involved in a merger, acquisition, restructuring, or sale of assets, your data may be transferred as part of that transaction, subject to appropriate protections and notice where required.

We do not sell your personal data.

13. Security Measures

We implement administrative, technical, and physical safeguards designed to protect personal data, such as:

• Encryption in transit (e.g., HTTPS/TLS).
• Access controls and least privilege.
• Segmentation of services and secure cloud configurations.
• Monitoring, logging, and alerting.
• Regular patching and vulnerability management.
• Secure key/secret management (where applicable).

No system is 100% secure. You are responsible for keeping your device secure and for protecting your authentication credentials.

14. Children’s Privacy

Lumio is not intended for children under [13-16]. We do not knowingly collect personal data from children. If you believe a child has provided personal data, contact us so we can take appropriate action.

15. Cookies and Similar Technologies

The Lumio mobile app does not use browser cookies in the same way websites do. However, we may use device identifiers, local storage, and similar technologies to remember settings, maintain sessions, and improve reliability and security.

If we operate a website, it may use cookies; those will be described on the website.

16. Third-Party Links and Services

Lumio may allow you to interact with third-party services or links. We are not responsible for third-party privacy practices. Please review their policies.

17. Changes to This Privacy Policy

We may update this policy to reflect changes in our Services or legal requirements. If changes are material, we will provide notice (e.g., in-app notice). The “Last updated” date indicates when it was revised.

18. Complaints and Regulatory Contact

If you have a concern, contact us at privacy@lumio.im. You may also have the right to lodge a complaint with the relevant supervisory authority, depending on applicable law and jurisdiction within the UAE or other regions.

Appendix A — Service-Specific Disclosures

This appendix provides a clearer mapping of data categories to purposes, third parties, and user controls to help ensure transparency and alignment with Google Play requirements.

A1) Data Categories and Purposes

A2) Third Parties Used

• Amazon Web Services (AWS) - hosting and storage in UAE (e.g., S3, RDS MySQL, EKS, ElastiCache Redis, CloudWatch).
• OneSignal - push notification delivery (if enabled in the app).

A3) User Controls

• Disable contacts sync (if enabled).
• Control last-seen / online presence (if provided).
• Block and report users.
• Export and/or delete account (where supported).
• Notification preferences.