Privacy Policy

Last updated: May 2, 2026

Lumi ("we," "our," or "us") operates the Lumi mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information when you use our App, in accordance with the Israeli Privacy Protection Law, 5741-1981 and its amendments.

1. Information We Collect

Account Information: When you create an account, we collect your email address and authentication credentials through third-party sign-in providers (Apple, Google). We do not store your passwords.

Receipt Data: When you scan or upload receipts, we collect the receipt image, extracted text, merchant name, item names, prices, quantities, and purchase dates. This data is used to provide the App's core budgeting features.

Usage Data: We collect information about how you use the App, including features accessed and interaction patterns, to improve the service.

Profile Data: When you set up your profile, we collect your full name, monthly income, fixed monthly expenses, monthly budget, currency preference, and spending profile personality. This data is used to personalize your budgeting experience.

AI-Generated Content: The App generates and stores weekly financial scores, spending insights, AI coach conversation history, and spending profile analysis. This content is derived from your financial data to provide personalized recommendations.

Shopping List Data: Items, prices, and store names you add to your shopping list are stored to provide cloud sync across devices.

Device Information: We collect your device type, device model, operating system version, app version, and language preference. This data is collected for app optimization and error diagnostics.

Data Categories We Collect

The following table summarizes the categories of personal information we collect, with examples and the purpose for collection:

2. How We Use Your Information

• To provide and maintain the App's budgeting and expense tracking features
• To generate personalized spending insights and recommendations
• To compare prices across retailers and identify potential savings
• To process subscription payments through Apple's App Store
• To provide AI-powered financial coaching and personalized advice
• To generate weekly financial scores and personalized reports
• To manage shopping lists with cloud sync
• To improve and optimize the App's functionality
• To diagnose errors and technical issues
• To respond to your feedback and support requests

3. Sensitive Information

The App processes financial information that is considered particularly sensitive under Amendment 13 to the Israeli Privacy Protection Law (effective August 14, 2025). This includes expense data, purchase amounts, income details, and merchant information. We apply enhanced protections to this sensitive data, including encryption at rest and in transit, restricted access controls, and secure storage. By creating an account and entering your financial data, you explicitly consent to the collection and processing of this information for the purposes described in this policy.

4. Automated Processing

The App uses automated processing technologies, powered by artificial intelligence, to:

• Extract text, merchant names, amounts, and dates from receipt images (OCR)
• Automatically categorize expenses into spending categories
• Generate weekly financial scores and spending insights
• Provide personalized financial coaching through the AI coach
• Compare prices across retail chains

These automated processes are used to provide the App's core functionality. All AI-generated outputs are informational only and are not used to make decisions that produce legal or similarly significant effects on you. AI-generated insights, scores, and coaching advice may contain errors and should not be relied upon as professional financial advice.

You have the right to request information about how automated processing is applied to your data, to object to such processing, and to request human review of any AI-generated output. Contact us at adir121@protonmail.com to exercise these rights.

5. Third-Party Service Providers

We use the following categories of service providers to operate the App:

• Cloud infrastructure providers — Database, user authentication, and file storage (receipt images). Servers located in the United States.
• AI processing services — AI-powered receipt analysis (OCR), financial coaching, spending insights, and weekly score generation. Receipt images and spending context are sent for processing. Servers located in the United States.
• Subscription management services — Payment processing coordination. Receives your user ID and subscription status.
• Apple — Payment processing via the App Store and Sign in with Apple authentication.
• Google — Sign in with Google authentication.
• Error monitoring services — When a technical error occurs, anonymized error information (error type, device model, OS version, app version) may be forwarded to our development team for diagnostic purposes.

These providers process data on our behalf under contractual obligations to maintain confidentiality and security.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share data with:

• Service Providers: The third-party services listed in section 5 above, which help us operate the App. These providers are contractually obligated to protect your data and use it only for the purposes specified.
• Legal Requirements: We may disclose information if required by law, court order, or governmental authority.

Aggregated, anonymized data that cannot identify individual users may be used for market research and service improvement.

7. Cross-Border Data Transfer

Your personal data may be stored and processed on servers located in the United States. These transfers are conducted under data processing agreements with our service providers, which include commitments to protect your data at a level no less than that required by Israeli law. We rely on contractual safeguards to ensure adequate protection of your data when transferred outside of Israel. By using the App, you consent to the transfer and processing of your data in the United States as described in this policy.

8. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS), access controls, and secure data storage. All database tables are protected by row-level security policies ensuring users can only access their own data. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Data Retention

We retain your data according to the following schedule:

• Account and financial data: Retained while your account is active. Deleted within 30 days of account deletion.
• Receipt images: Deleted upon account deletion.
• Analytics events: Retained for up to 24 months, then automatically deleted.
• Error logs: Retained for up to 12 months.
• AI coach conversation history: Deleted upon account deletion.

You may delete your account at any time through the App's settings, which will initiate deletion of all your personal data within 30 days. Some data may be retained longer as required by applicable law.

10. Your Rights

Under the Israeli Privacy Protection Law, 5741-1981 and its amendments, you have the right to:

• Access personal information held about you in our databases
• Request correction of inaccurate information
• Request deletion of your data
• Object to the use of your data for direct marketing
• Object to automated processing of your data
• Request a copy of your data in a portable format
• Delete your account and all associated data

To exercise these rights, contact us at adir121@protonmail.com.

You may also file a complaint with the Israeli Privacy Protection Authority at: https://www.gov.il/he/departments/privacy_protection_authority

11. Data Breach Notification

In the event of a security breach that may affect your privacy, we will notify you and the Israeli Privacy Protection Authority without delay, in accordance with the requirements of Israeli law.

12. Do Not Track

The App does not track users across third-party websites and therefore does not respond to Do Not Track (DNT) signals. We do not engage in cross-site tracking.

13. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect and how it is used
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information — we do not sell personal information
• The right to non-discrimination for exercising your CCPA rights
• The right to opt out of automated decision-making technology

In the preceding 12 months, we have collected personal information in the following categories: Identifiers, Financial Information, Usage Data, and Device Information. For details and examples of each category, see the Data Categories table in section 1 above.

We do not use automated decision-making technology to make significant decisions about you as defined under the CCPA.

14. Children's Privacy

The App is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will promptly delete it.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the App. Your continued use of the App after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, contact us at:

Lumi
Email: adir121@protonmail.com

© 2026 Lumi. All rights reserved.