Privacy Policy

1. Introduction

Lumi Health ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered fitness service. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

Personal Information You Provide:

• Account information (name, email address, password)
• Profile information (age, gender, height, weight, fitness goals)
• Health information (medical conditions, injuries, limitations)
• Fitness preferences and equipment availability
• Communication data (messages sent to our AI chatbot)

Automatically Collected Information:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, features used, time spent)
• Cookies and similar tracking technologies
• Log data (access times, errors, referral URLs)

AI Interaction Data:

• All conversations with our AI assistant
• Generated workout plans and recommendations
• Feedback on AI-generated content
• Usage patterns and preferences

3. How We Use Your Information

We use your information for the following purposes:

• To provide personalized AI-generated workout plans and fitness advice
• To improve our AI models and service quality
• To communicate with you about your account and service updates
• To ensure safety and prevent misuse of the Service
• To comply with legal obligations
• To analyze usage patterns and improve user experience
• To detect and prevent fraud or security issues

4. AI and Machine Learning

IMPORTANT DISCLOSURE: Your interactions with our Service involve AI technology:

• Your conversations are processed by AI models to generate responses
• We may use your data to improve our AI models, but will anonymize it first
• AI-generated content is not reviewed by humans unless you report an issue
• Your data may be used for model training after anonymization
• We use third-party AI services (like OpenAI) which have their own privacy policies

5. Data Sharing and Disclosure

We may share your information in the following circumstances:

• Service Providers: With third-party vendors who assist in operating our Service
• AI Providers: With AI service providers (e.g., OpenAI) to process your requests
• Legal Requirements: When required by law or to respond to legal process
• Protection of Rights: To protect our rights, privacy, safety, or property
• Business Transfers: In connection with a merger, sale, or acquisition
• Anonymized Data: We may share anonymized, aggregated data publicly
• With Your Consent: When you explicitly agree to sharing

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Secure data storage and backup procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. Specifically:

• Account information: Until you delete your account
• Chat history: Up to 2 years or until you request deletion
• Usage data: Up to 1 year
• Anonymized data: Indefinitely for research and improvement

8. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Receive your data in a portable format
• Objection: Object to certain processing activities
• Restriction: Request limited processing of your data
• Withdraw Consent: Where processing is based on consent

9. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn we have collected information from a child under 18, we will delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers.

11. Third-Party Services

Our Service uses third-party services that have their own privacy policies:

• OpenAI (for AI processing)
• Supabase (for data storage and authentication)
• Analytics providers

We encourage you to review their privacy policies. We are not responsible for the privacy practices of third parties.

12. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to:

• Know what personal information we collect, use, and share
• Request deletion of your personal information
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

13. European Privacy Rights

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our legal bases for processing include:

• Consent: For AI processing and health data
• Contract: To provide our services
• Legitimate interests: For service improvement and security
• Legal obligations: To comply with laws

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Material changes will be notified via email or prominent notice on our Service.

15. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our Contact Us page.

For data protection inquiries or to exercise your rights, please email us with "Privacy Request" in the subject line.