Lumen.← Home

Privacy Notice

Last updated: May 2, 2026

1. Who we are

LUMEN ("Lumen", "we", "us") operates the Lumen looksmaxing analysis service. For the personal data we process about you in connection with your account and use of the service, LUMEN acts as the data controller.

2. Data we collect

  • Account data: email address, authentication identifiers, and optional profile details you provide.
  • Photographs you upload: front, left, and right facial images submitted for analysis. Treated as biometric/sensitive data and stored privately to your account.
  • Scan results: AI-generated measurements, scores, and recommendations derived from your photos.
  • Support communications: messages you send us.
  • Usage & device data: log data, IP address, device/browser identifiers, timestamps, and basic telemetry needed to operate and secure the service.
  • Payment-related metadata: order IDs, plan/entitlement status, and purchase events. Card numbers and full billing details are collected and processed directly by our reseller, Paddle — we do not see or store them.

3. How we use your data & legal basis

  • Provide the scan service and deliver your results — performance of contract.
  • Process your photos with AI vision models to generate analysis — performance of contract; for sensitive/biometric data, your explicit consent given when you upload.
  • Maintain your account, entitlements, and purchase history — performance of contract.
  • Secure the service, prevent fraud and abuse — legitimate interests and legal obligation.
  • Improve product quality and fix bugs using aggregated/de-identified usage data — legitimate interests.
  • Customer support — performance of contract / legitimate interests.
  • Send transactional emails (receipts, security notices) — performance of contract / legal obligation.
  • Comply with legal, tax, and accounting obligations — legal obligation.

We do not use your photos to train third-party AI models, and we do not sell your personal data.

4. Who we share data with

  • Paddle — our Merchant of Record. Paddle handles checkout, payments, subscription management, billing, tax, invoicing, and refunds, and acts as an independent controller for that activity. See the Paddle Privacy Notice.
  • Cloud hosting & database providers — to host the application, store your account, photos, and scan results.
  • AI model providers — your photos and prompts are sent to vetted AI vision providers solely to generate your scan results.
  • Email & support tooling — to send transactional emails and respond to your inquiries.
  • Professional advisers — legal, accounting, and compliance advisers, where necessary.
  • Authorities — where required by law, court order, or to protect rights and safety.

5. International transfers

Some of our service providers are located outside your country, including outside the UK/EEA. Where applicable, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or adequacy decisions to protect your data during transfer.

6. Retention

We keep your account data and scan history for as long as your account is active. You can delete individual scans (including the underlying photos) from the app, and you can request deletion of your account at any time. After deletion, we remove or anonymize your data within a reasonable period, except where we must retain limited records to comply with legal, tax, or accounting obligations or to resolve disputes.

7. Your rights

Subject to the laws of your country, you have the right to: access your data; correct inaccurate data; request deletion; restrict or object to processing; withdraw consent (including for biometric processing of photos); request portability; and lodge a complaint with your local data protection authority. To exercise any right, contact us via the support channel in the app. We will respond within the period required by applicable law (typically one month under UK/EU GDPR).

8. Security

We use appropriate technical and organizational measures to protect your data, including encryption in transit, access controls, isolated per-user storage for photos, and regular review of our hosting providers. No system is perfectly secure; we will notify affected users and authorities of any qualifying breach as required by law.

9. Cookies

We use a minimal set of cookies and similar technologies that are strictly necessary to keep you signed in and to operate the service securely. We do not use advertising cookies. If we add analytics or marketing cookies in the future, we will request your consent first.

10. Children

Lumen is not directed to children under 13 (or the equivalent minimum age in your country). Do not use the service or upload photos if you are below that age.

11. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated via the service or by email.

12. Contact

For privacy questions or to exercise your rights, contact LUMEN via the support channel in the app. For payment-related privacy questions, contact Paddle at paddle.net.