Privacy Policy for Lume

Last Updated: May 26, 2026

Introduction

Welcome to Lume (“we,” “us,” or “our”), operated by RIPPPL LLC, doing business as Hibba Ventures. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Lume mobile application (“Lume” or “the App”).

By using Lume, you agree to the practices described in this policy. If you do not agree, please do not use Lume.

Information We Collect

Information You Provide

Profile Information: When you complete onboarding, you provide:

  • Age range
  • Skin type (oily, dry, combination, normal, sensitive)
  • Skincare goals
  • Current routine level
  • Areas you want to improve

Photos: You take photos of your face during scan sessions. These photos are used solely to generate your personalized glow analysis.

Account Information: If you create an account, we collect your email address (optional).

Information Collected Automatically

Usage Data: We collect anonymous usage statistics through Mixpanel, including:

  • Features you use
  • Time spent in the app
  • App crash reports and performance data
  • Approximate location (country-level only)

Device Information: We may collect:

  • iOS version
  • Device model
  • App version
  • Time zone

Subscription Information: Your subscription status and history are managed through Apple’s App Store and Superwall, our subscription management platform.

How We Use Your Information

We use your information to:

  • Generate personalized skin and feature analysis
  • Provide your 30-day glow protocol recommendations
  • Track your progress over time
  • Improve the App’s features and performance
  • Process subscription payments through Apple
  • Respond to support requests
  • Send service-related communications (with your permission)

How Your Photos Are Handled

Your photos are critical to how Lume works. Here’s exactly what happens to them:

Local Storage: Photos are saved to your device’s app sandbox storage. They are not stored in your photo library, camera roll, or anywhere else on your device that other apps can access.

AI Analysis: When you complete a scan, your photos are sent securely to Anthropic’s Claude API for analysis. Anthropic processes the images to generate scores and insights but does not store, train on, or retain your photos according to their data usage policy.

Cloud Sync: To sync your scans across your devices, your scan photos are also uploaded to a private storage bucket on Supabase. The bucket is protected with row-level security so only your account can read or write to your own folder; the photo path is scoped to your user ID.

Deletion: You can delete any scan and its associated photos at any time from within the App. When you delete the App, all photos are removed from your device.

Privacy by Design: Photos are compressed and transmitted only during active scan analysis and cloud sync. They are not transmitted at any other time.

Account Deletion: From Settings → Delete account, you can permanently delete your Lume account. This immediately removes your authentication record, all scans and onboarding answers, and every scan photo from both the device and Supabase cloud storage. The action cannot be undone and does not cancel an Apple subscription — manage that separately in Settings → Apple Account → Subscriptions.

Third-Party Services

Lume uses the following third-party services to operate:

Anthropic (Claude API): Provides AI analysis of your scan photos. See Anthropic’s Privacy Policy at anthropic.com/legal/privacy.

Mixpanel: Provides anonymous app analytics. We do not send personally identifying information to Mixpanel. See mixpanel.com/legal/privacy-policy.

Superwall: Manages our paywall and subscription experience. See superwall.com/privacy.

Apple (App Store): Processes all subscription payments. We do not see or store your payment information. See apple.com/legal/privacy.

Supabase: Provides authentication, user profile storage, and encrypted cloud storage for your scans and scan photos. See supabase.com/privacy.

Data Retention

  • Photos: Stored on your device and in your private Supabase storage folder, until you delete the scan, delete your account, or delete the App. Deleting your account removes all photos from Supabase immediately.
  • Scan results: Stored on your device and in your Supabase account, until you delete them, delete your account, or delete the App.
  • Profile data: Stored on your device and in your Supabase account, until you delete your account or delete the App.
  • Usage analytics: Retained by Mixpanel according to their data retention policies, typically 5 years
  • Subscription data: Retained as required by Apple and applicable law

Your Rights

All Users

You have the right to:

  • Delete your data by deleting the App or specific scans
  • Opt out of analytics tracking through your iOS Settings
  • Contact us about privacy concerns

EU/UK Residents (GDPR)

If you are in the European Union or United Kingdom, you have additional rights:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion of your data
  • Object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

To exercise these rights, email privacy@hibbaventures.com.

California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Request deletion of personal information
  • Opt-out of sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your rights

To exercise these rights, email privacy@hibbaventures.com.

Children’s Privacy

Lume is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has used Lume, please contact us at privacy@hibbaventures.com and we will delete any associated information.

If you are between 13 and 17, please use Lume only with the consent and supervision of a parent or guardian.

Data Security

We take reasonable measures to protect your information:

  • Photos on-device are stored in the iOS app sandbox with system-level protections
  • Cloud-synced photos are stored in a private Supabase bucket protected by row-level security, with paths scoped to your user ID so no other account can read or write to your folder
  • Network transmissions to Anthropic, Supabase, and other services use HTTPS encryption
  • Access to our development and Supabase admin systems is restricted to authorized personnel

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

International Data Transfers

If you access Lume from outside the United States, your information may be transferred to and processed in the United States, where our service providers are located. By using Lume, you consent to this transfer.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last Updated” date. Your continued use of Lume after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or how Lume handles your data, contact us:

Email: privacy@hibbaventures.com
Company: RIPPPL LLC (doing business as Hibba Ventures)
Website: hibbaventures.com