Privacy Policy
Last updated: 2026-06-05
Information We Collect
Parent Account Data
When you create a Lumi account, we collect:
- Email address
- Full name
- Family members' names and ages (parents and kids)
Child Profile Data
For each child in your family:
- Child's name and age
- Family pairing code (used for child device enrollment)
- Note: Children do not create accounts or provide email addresses
Chore Verification Photos
When children submit photos to verify chore completion, we:
- Receive and temporarily store the photo
- Send it to OpenAI's API for AI-based verification
- Delete the photo from our servers within 30 days
- Retain only the verification result (approved/rejected)
- Never use photos for any purpose beyond that specific verification request
Push Notification Tokens
We collect Apple Push Notification (APNs) device tokens to send family notifications about chore completion and rewards.
In-App Purchase Transaction Data
For Lumi Pro subscriptions, we receive StoreKit transaction metadata from Apple, including:
- Purchase date and subscription tier
- Auto-renewal status
- Entitlement information
- Apple's transaction ID
- Note: We do not process credit card information; Apple handles all billing
Family Controls Authorization
On child devices with Family Controls enabled, we store authorization tokens that allow the app to:
- Access the child's screen time data (read-only)
- We do not access: Apple Health, Contacts, Location, Microphone, or any other sensitive data
Analytics Data
We use Firebase Analytics and Meta SDK to track standard product and funnel events (e.g., account creation, chore completion). Analytics data:
- Does not include personally identifiable information (PII)
- Does not include Identifier for Advertisers (IDFA) unless you explicitly consent via App Tracking Transparency
- Is aggregated to understand product usage and improve Lumi
How We Use Your Information
We use the information collected for:
- Account management and family enrollment
- Chore verification and gamification features
- Push notifications for family engagement
- Processing and storing subscription entitlements
- Improving Lumi's features and user experience via analytics
- Responding to legal requests or preventing abuse
How We Share Your Information
Third-Party Service Providers
- Apple: In-app purchases, push notifications, Family Controls, App Tracking Transparency
- OpenAI: Chore verification photos are sent to OpenAI's API for image analysis. OpenAI's API terms apply; we do not retain photos after verification
- Amazon Web Services (AWS): Cloud hosting and data storage
- Google Firebase: Analytics and analytics infrastructure
- Meta Platforms, Inc.: Analytics via Meta SDK
Legal and Safety
We may disclose information if required by law, court order, or government request, or to prevent fraud or protect the security of our service.
Business Transfers
If Scriptstash is acquired or merged, your information may be transferred as part of that transaction.
Data Retention
- Chore verification photos: Automatically deleted within 30 days of submission
- Account data (profile, family members): Retained until you request deletion
- Financial ledgers and audit logs: Retained indefinitely for accounting and legal compliance
- Push notification tokens: Retained while the app is active; deleted after device removal
- Analytics data: Aggregated and retained per Firebase and Meta's data retention policies
Your Privacy Rights
Access and Download
You have the right to request a copy of the personal information we hold about your family. Email [email protected] with the subject line "Data Subject Access Request" and include your email address and family name.
Correction
You may request corrections to any inaccurate or incomplete personal data. Contact [email protected].
Deletion
You have the right to request deletion of your account and all associated family data. This will:
- Remove your parent account
- Remove all child profiles and pairing codes
- Delete pending chore records
- NOT delete historical financial ledgers (required for accounting)
- To delete your account, email [email protected] with the subject line "Account Deletion Request"
Opt-Out of Analytics
You can opt out of analytics collection in Lumi's settings. This disables Firebase and Meta SDK tracking while preserving app functionality.
Opt-Out of Marketing Communications
We do not currently send marketing emails. If we do in the future, you may opt out by clicking "Unsubscribe" in any email or by contacting us at [email protected].
Children's Privacy
Children Under 13
- Parental consent is required and obtained through the parent account sign-up process
- Children cannot create their own accounts or provide direct consent
- All child data is managed by the parent account
- Children's data is used only for family chore tracking, screen time monitoring, and in-app rewards
- We do not share children's data with third parties for marketing or profiling
Third-Party SDKs and Services
International Data Transfers
Lumi is operated in the United States. Your information is processed and stored in the US. If you are located outside the US, by using Lumi you consent to the transfer of your information to the US and its processing under US law. We comply with applicable data protection laws, including GDPR (EU), CCPA (California), and VCDPA (Virginia), regardless of where you reside.
Security
We implement reasonable security measures including encryption in transit (HTTPS), secure data storage, and access controls to protect your information. However, no security measure is 100% guaranteed. If you believe your account has been compromised, please contact us immediately at [email protected].
Changes to This Privacy Policy
We may update this Privacy Policy at any time. We will notify you of material changes by updating the "Last updated" date above and, if required by law, via email or in-app notification.
Contact Us
If you have questions about this Privacy Policy or our privacy practices, please contact us at:
Scriptstash
Email: [email protected]