Privacy Policy

This site and all Lumen Labs apps are operated by NOVA-LUMEN LABS LLP, a Limited Liability Partnership incorporated in India on 2 April 2026. For the GDPR, UK GDPR, and India's Digital Personal Data Protection Act 2023 (DPDP), we are the data controller / data fiduciary for personal data processed through our apps and this website.

• Trading name: Lumen Labs
• LLPIN: ACW-8836
• Registered office: Plot No 10/A, Rail Nagar, Belgaum, Karnataka 590001, India
• General contact & Grievance Officer: [email protected]

This policy covers (a) the Lumen Labs apps generally and (b) this website. Individual apps that handle sensitive or account data carry their own app-specific privacy policy linked from the app's page; where an app-specific policy differs, it governs that app.

By default, on your device.Most of our apps store what you create — entries, logs, balances, documents, prayers, charts — locally on your device. We don't receive or store it, and there is usually no account.

• Opt-in analytics: some apps use PostHog for anonymous, opt-in product analytics (screen/feature events tied to a random identifier) — never your content, never your name.
• Opt-in crash reporting: some apps use Sentry to receive anonymous crash diagnostics, stripped of personal content.
• Apple Health: apps that read HealthKit process it entirely on-device; it is never transmitted to us, and never used for advertising or data-mining (per Apple's terms).
• Purchases: handled by Apple/Google; we receive only an anonymised entitlement (“this anonymous ID has Pro”) via RevenueCat.
• Accounts & backends: a small number of apps need an account or server to work (e.g. Naksha uses a phone-number sign-in and a backend for certain features). Those apps disclose it in-app and in their app-specific policy, and process only what the feature needs.

The website does not run advertising pixels, ad cookies, or third-party tracking. We do process:

• Newsletter & waitlist emails: if you submit one, we store your email address (and, for a waitlist, which app you're interested in) to send you that one notification or dispatch. These are stored in a database hosted by Cloudflare. We do not sell them; you can unsubscribe or request deletion anytime.
• A hashed IP: we store a one-way hash of your IP for short-lived spam and rate-limit protection on form submissions. It is not used to identify you.
• Server logs: our host (Cloudflare) processes standard request logs (IP, user-agent, timestamp) to deliver and secure the site.
• Functional cookies only: minimal cookies for things like a theme preference or keeping a form session intact — nothing that profiles you.

We use the data above only to provide and secure our apps and website, process purchases, send a newsletter/waitlist email you asked for, understand (anonymously, with consent) how the apps are used, fix crashes, and meet legal obligations. Under the GDPR/UK GDPR our legal bases are:

• Contract — to provide the app/feature and process your purchase;
• Consent — for optional analytics, crash reporting, push notifications, and newsletter/waitlist emails (withdraw anytime);
• Legitimate interests — to keep our services secure and working, balanced against your rights.

Under the DPDP Act we process personal data on the basis of your consent or other legitimate uses permitted by the Act.

We don't sell or share your data for advertising. The only third parties involved are the processors that make our products work, each under contract and for a limited purpose:

• Apple & Google — app distribution, in-app billing, and (where used) HealthKit/iCloud.
• RevenueCat — validates purchase/subscription entitlements (anonymous IDs).
• Sentry — opt-in crash diagnostics.
• PostHog — opt-in, anonymous product analytics.
• Cloudflare — website hosting, the newsletter/waitlist database, and security.
• OneSignal — push notifications, in the apps that offer them.
• Supabase — account sign-in and backend for the few apps (e.g. Naksha) that require one.

Some of these providers may process limited data on servers outside your country, including outside the EEA, the UK, or India. Where that happens we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an equivalent mechanism — together with the providers' own compliance programmes, to protect your data to the standard the law requires.

On-device app data is kept until you delete it or remove the app. Newsletter/waitlist emails are kept until you unsubscribe or ask us to delete them. Where an app uses a backend, we keep account data only as long as the account exists and delete or anonymise it within a reasonable period after deletion. Anonymous analytics/crash data is retained in aggregate for a limited period and can't be tied back to you.

We use reasonable, industry-standard safeguards — on-device storage by default, encryption in transit, at-rest encryption where applicable, and access controls on any backend. No system is perfectly secure, but if a personal-data breach occurs that is likely to affect your rights, we will notify the relevant supervisory authority and affected users as required by law.

Because most data lives on your device, deleting an entry in the app — or deleting the app — removes it. For apps with an account (e.g. Naksha), you can delete your account and associated data from within the app's settings, or by emailing [email protected] — we will delete it and instruct our processors to do the same, except where we must retain limited records by law. To leave the newsletter or a waitlist, use the unsubscribe link or email us.

If GDPR-equivalent rights apply to you, you may:

• access the personal data we hold about you;
• correct inaccurate data;
• erase your data (“right to be forgotten”);
• receive a portable copy;
• object to or restrict processing, and withdraw consent for optional processing.

Email [email protected]; we respond within the time the law allows. You may also complain to your supervisory authority (e.g. your EU DPA or the UK ICO).

California residents may know what personal information we hold, request deletion or correction, and opt out of “sale” or “sharing”. We do not sell or share personal information (as those terms are defined) and have not in the preceding 12 months, so there is nothing to opt out of. We will not discriminate against you for exercising any right. Email us to make a request.

As a Data Principal you have the right to access, correct, and erase your personal data, to grievance redressal, and to nominate another person to exercise your rights in the event of death or incapacity. Contact our Grievance Officer at [email protected] — we acknowledge within 72 hours and aim to resolve within 30 days. You may also complain to the Data Protection Board of India.

Most of our apps are not directed at children under 13 and we do not knowingly collect their personal data. Apps intended for young children (e.g. Acorn) are designed to be set up and supervised by a parent or guardian, run on-device, contain no advertising, and do not collect personal data from children. If you believe a child has provided us data, email us and we will delete it.

We use only strictly-necessary/functional cookies and honour browser “Do Not Track” and Global Privacy Control signals where applicable. We do not make decisions producing legal or similarly significant effects about you through solely automated means, and we do not profile you across other apps or sites.

If we change this policy we'll update the date above and flag material changes on the site; we don't make changes retroactively damaging to your rights. This policy is governed by the laws of India, and disputes fall within the exclusive jurisdiction of the courts of Karnataka, India, without prejudice to mandatory protections in your country of residence.

NOVA-LUMEN LABS LLP · LLPIN ACW-8836 · Plot No 10/A, Rail Nagar, Belgaum, Karnataka 590001, India · [email protected]