Lumorie – Privacy Policy

1. General

Lumorie uses end-to-end encryption (e2ee). Everything you upload is encrypted on your device with keys we never receive or hold. We do not collect, store, or process your content for analytics, advertising, or commercial purposes — and architecturally, we cannot.

2. Data Security

Photos and event content are encrypted on your device before they reach our servers. The decryption keys stay on your device (and, if you have iCloud Keychain backup enabled, in your Apple Keychain).
We see only opaque encrypted bytes. We cannot read, alter, search, or share your content.
Event participants you authorize hold the relevant keys on their own devices. They decrypt the content locally on their devices.
Lumorie staff and our cloud infrastructure providers cannot read your content.

To protect accounts from abuse, the app uses Apple's App Attest to confirm requests come from a genuine, unmodified app. This produces a device assertion only — it does not identify you or read your content.

3. Sharing Between Users

You can choose to share content with others via QR codes, links, or encrypted keys.
When you share, you are responsible for who gains access.
Lumorie cannot recover, revoke, or monitor shared keys, as sharing is end-to-end encrypted.

4. Account and Recovery

Account recovery is available in limited scope to help users regain access.
Recovery is subject to a fair use limit due to extra resource requirements.
We do not store additional personal information in connection with recovery.

5. Data Retention & Account Deletion

We retain encrypted data only as long as your account is active. When you delete your account through the app, we permanently remove from our systems:

Your account and device public keys
Your encrypted recovery file
Your event memberships
Encrypted content for events where you were the only participant

Events have a fixed lifetime and their content is deleted after the event's retention window ends.

We do not delete encrypted content you shared with other event participants. That content was decrypted on their devices using event keys we never held; the resulting local copies on their devices remain under their control. This is an inherent property of end-to-end encryption — see Section 15.

Event purchases are delivered immediately and are non-refundable through Lumorie; refunds are handled by the Apple App Store (see Section 10 of our Terms of Service). If Apple grants a refund, we treat it as immediate forced reclamation: we revoke access and permanently delete that event's data from our systems at once, with no grace period and no export window.

6. User Control

You control the content you upload. You may delete content at any time, and we will remove it from our systems. Because content is end-to-end encrypted, copies that other event participants have already decrypted on their own devices stay under their control after you delete them from our systems.

7. Data Export

You can export the content you have uploaded at any time from within the app. Because your content is end-to-end encrypted, export happens on your device using keys only you hold.

8. Payments

Purchases are processed by Apple (App Store) or Google (Play). Lumorie does not receive or store your card details. We receive only the transaction confirmation needed to enable your purchase.

9. Third Parties

We do not share personal data with third parties for marketing or analytics. We rely on third-party cloud storage and authentication providers to operate the service. All user content stored through these providers remains encrypted and inaccessible to them. These providers may have their own terms and privacy policies that apply when using their services.

10. Roles & Your Rights

Lumorie’s role under the GDPR differs based on the type of data:

Account data (your keys, device registrations, sync state): Mosbek ApS is the data controller. We use this data only to provide the encrypted service, on the basis of legitimate interest.
Event content (photos, videos, metadata uploaded to an event): the event owner is the data controller for that event’s content. They invited the participants, set the purpose of the event, and decide who has access. Mosbek ApS only hosts the encrypted bytes — we have no visibility into what is stored or who uploaded what. This mirrors how a workspace owner is the controller of messages in a Slack workspace.

Under the GDPR you have the right to:

Access your data — we can provide the encrypted bytes we hold; we cannot decrypt them for you
Delete your account and the personal data we control (see Section 5)
Export your encrypted content for data portability
Contact us regarding your privacy rights at support@lumorie.app

For content uploaded to an event, deletion or access requests should be directed to the event’s owner. They are the controller for that event’s content. Mosbek ApS, as the encrypted hosting provider, has no technical means to identify, decrypt, or selectively remove a participant’s contributions from within an event.

Where the right to erasure (Article 17) conflicts with other event participants’ right to retain their own copies of content shared with them (Article 17(3)(a) — freedom of expression and information), the latter prevails for content that has already been shared.

11. No Cookies or Tracking

Lumorie does not use cookies, tracking technologies, or third-party analytics.

12. Changes

We may update this Privacy Policy as needed. Updates take effect once published in the app.

13. Governing Law

This Privacy Policy is governed by the laws of Denmark. Any disputes shall be resolved by the courts of Denmark.

14. Contact

Mosbek ApS
CVR: 45899756
General inquiries: support@lumorie.app
Privacy inquiries: support@lumorie.app
Legal inquiries: support@lumorie.app

15. How encryption shapes what we can do

Lumorie is architected around end-to-end encryption. Some consequences flow from that architecture rather than from policy:

We never see your name, photos, messages, or any other content in the clear.
We cannot link a specific encrypted blob to a specific person without your decryption keys, which we never hold. Under GDPR Article 11, we are not required to maintain identification mechanisms we do not need for our service.
When you delete your account, we delete the keys that prove your identity to our systems and any data we can identify as solely yours.
Content you have shared with other event participants stays in those events. Their devices decrypted it using event keys we have never possessed, and the resulting local copies on their devices are under their control, not ours.
This is not a workaround. It is the reason Lumorie exists: our inability to access your content is the privacy guarantee.