Privacy Policy

PRIVACY POLICY: Luumi AB | Effective Date: January 2025

1. INTRODUCTION

Luumi AB ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service").

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and Swedish data protection laws. Please read this policy carefully. If you do not agree with our practices, do not use our Service.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Registration Information:

- Full name (or username)

- Email address

- Phone number (optional)

- Date of birth

- Gender identity

- Sexual orientation

- Location (city/region)

- Profile photos

- Bio/about section

- Interests and hobbies

- Relationship preferences

Profile Information:

- Detailed profile descriptions you choose to share

- Preferences for matches (age range, location, interests)

- Accessibility needs and accommodations you select

Communication Data:

- Messages and conversations with other users

- Reports you submit about other users

- Communications with our support team

Payment Information:

- Billing address

- Payment method (processed securely through third-party providers)

- Transaction history

- Subscription status and renewal dates

2.2 Information Collected Automatically

Device Information:

- Device type, model, and operating system

- Device identifiers (UUID, IDFA)

- IP address

- Browser type and version

Usage Information:

- Features you use and how frequently

- Time spent on the app

- Profiles you view

- Matches you make and messages you send

- Login times and duration of sessions

- Clicks and interactions within the app

Location Information:

- Approximate location (city/region) based on IP address or GPS (if permitted)

- Location history for match recommendations

Technical Information:

- Crash logs and error reports

- App performance data

- Analytics on feature usage

2.3 Information from Third Parties

- Information from payment processors (confirmation of transactions)

- Information from social media platforms (if you choose to sign up via social login)

- Information from publicly available sources (for verification purposes)

3. LEGAL BASIS FOR PROCESSING

We process your data based on the following legal bases under GDPR:

Consent: Your explicit consent for marketing communications and optional features

- Contract Performance: Processing necessary to provide the Service

- Legal Obligation: Compliance with Swedish and EU laws

- Legitimate Interests: Fraud prevention, security, service improvement, and legal defense

4. HOW WE USE YOUR INFORMATION

We use your information to:

4.1 Provide the Service

- Create and maintain your account

- Match you with compatible users

- Enable messaging and communication

- Deliver accessibility features and customizations

- Process payments and manage subscriptions

4.2 Safety and Security

- Prevent fraud, abuse, and illegal activity

- Verify user identity and age

- Investigate and resolve disputes

- Respond to abuse reports and take enforcement action

- Comply with legal obligations

4.3 Improve the Service

- Analyze usage patterns and user behavior

- Test new features and functionality

- Improve app performance and user experience

- Conduct research and analytics

- Customize your experience based on preferences

4.4 Communication

- Send important updates about your account

- Respond to your inquiries and support requests

- Send transactional emails (receipts, subscription confirmations)

- Send marketing communications (with your consent)

- Notify you of policy changes

4.5 Legal and Regulatory Compliance

- Comply with court orders and legal processes

- Respond to government or law enforcement requests

- Enforce our Terms and Conditions

- Protect our legal rights and interests

5. DATA SHARING AND DISCLOSURE

5.1 Information Shared with Other Users

Your profile information (photos, bio, interests, location) is visible to other users on the platform for matching purposes. You can control visibility through privacy settings.

5.2 Third-Party Service Providers

We share information with trusted vendors who assist us in operating the Service, including:

- Payment processors (Stripe, PayPal, etc.)

- Analytics providers (Google Analytics)

- Cloud storage providers (AWS, Google Cloud)

- Email and communication services

- Customer support platforms

These providers are contractually obligated to use your data only as necessary to provide services to us and are bound by GDPR and data protection agreements.

5.3 Legal Obligations

We may disclose your information when required by law, including:

- Court orders or legal processes

- Law enforcement requests

- Government investigations

- Protection of public safety or national security

5.4 Business Transfers

If Luumi AB is acquired, merged, or undergoes bankruptcy, your data may be transferred as part of that transaction. You will be notified of any such change.

5.5 No Sale of Data

We do NOT sell, trade, or rent your personal information to third parties for marketing purposes.

6. DATA RETENTION

We retain your data according to the following schedule:

- Active Account: Data is retained as long as your account is active

- After Deletion: Data is deleted within 30 days of account deletion, except:

- Data required for legal or regulatory compliance (retained per Swedish law)

- Aggregate, anonymized data used for analytics

- Messages and conversations may be retained by the recipient even after you delete your copy

- Chat History: Messages are retained until deleted by either party or account is deleted

- Payment Records: Retained for 7 years for tax and accounting purposes

- Abuse Reports: Retained for minimum 1 year for safety and legal purposes

7. YOUR RIGHTS UNDER GDPR

You have the following rights regarding your personal data:

7.1 Right to Access

You can request a copy of all personal data we hold about you.

7.2 Right to Rectification

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your data, subject to legal retention requirements.

7.4 Right to Restrict Processing

You can request that we limit how we use your data.

7.5 Right to Data Portability

You can request your data in a structured, commonly-used format for transfer to another service.

7.6 Right to Object

You can object to processing for marketing purposes and automated decision-making.

7.7 Right to Withdraw Consent

You can withdraw consent for optional processing at any time.

7.8 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@luumi.se with your request. We will respond within 30 days (extendable to 60-90 days for complex requests).

8. SECURITY MEASURES

We implement industry-standard security measures to protect your data, including:

- Encryption: Data transmitted via HTTPS/TLS encryption

- Access Controls: Limited access to data based on need-to-know basis

- Authentication: Secure password requirements and optional two-factor authentication

- Regular Audits: Security testing and vulnerability assessments

- Employee Training: Staff trained on data protection and confidentiality

- Incident Response: Procedures for addressing potential data breaches

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. CHILDREN AND MINORS

Luumi is not intended for users under 18 years old. We do not knowingly collect data from minors. If we become aware that a minor has provided personal information, we will delete such information and terminate the minor's account immediately.

If you believe a minor has accessed Luumi, please contact us immediately at support@luumi.se.

10. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country.

When we transfer data internationally, we use appropriate safeguards, including:

- Standard Contractual Clauses approved by the EU Commission

- Data Processing Agreements complying with GDPR

By using Luumi, you consent to the transfer of your information to countries outside your country of origin, including the United States and other countries.

11. MARKETING AND COMMUNICATIONS

11.1 Marketing Emails

We may send you promotional emails about new features, special offers, and news about Luumi. You can opt out by:

- Clicking the unsubscribe link in any email

- Updating your notification preferences in app settings

- Contacting us at support@luumi.se

11.2 Push Notifications

We may send push notifications about matches, messages, and updates. You can disable these in your device settings or app settings.

11.3 Transactional Communications

We will always send you essential communications (account confirmations, password resets, billing notifications) regardless of your marketing preferences.

12. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to:

- Remember your preferences and settings

- Analyze usage patterns

- Deliver personalized content

- Prevent fraud and maintain security

12.1 Types of Cookies

- Essential Cookies: Required for the app to function

- Preference Cookies: Remember your choices

- Analytics Cookies: Track usage for improvement

- Marketing Cookies: Track advertising effectiveness

12.2 Your Cookie Choices

You can disable cookies through your browser settings, though this may affect functionality.

13. ACCESSIBILITY AND SPECIAL CATEGORIES OF DATA

Luumi collects information about accessibility needs and accommodations. This may include:

- Neurodivergence (autism, ADHD, etc.)

- Mental health conditions

- Physical disabilities

- Communication preferences

This information is treated with extra care and is only used to provide appropriate accommodations and services. You have full control over what accessibility information you share.

14. AUTOMATED DECISION-MAKING AND PROFILING

Our matching algorithm uses your profile information to suggest compatible matches. This involves automated decision-making but does not create legally binding decisions about you. You can request human review of match suggestions.

15. DATA PROCESSING AGREEMENT

If you represent an organization, we can enter into a Data Processing Agreement (DPA) for compliance purposes. Contact us at privacy@luumi.se for details.

16. THIRD-PARTY LINKS

Luumi may contain links to third-party websites and services. We are not responsible for their privacy practices. Please review their privacy policies before providing information.

17. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

- Right to know what personal information is collected

- Right to delete personal information

- Right to opt-out of sale or sharing of data

- Right to non-discrimination for exercising these rights

To exercise CCPA rights, contact us at privacy@luumi.se.

18. CONTACT US

If you have questions about this Privacy Policy or our data practices, contact us:

Luumi AB

Email: support@luumi.se

Swedish Data Protection Authority:

If you believe your rights have been violated, you can file a complaint with:

Integritetsskyddsmyndigheten (IMY)

Box 8500, 10420 Stockholm, Sweden

19. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice in the app. Your continued use of the Service constitutes acceptance of updated terms.

Last Updated: January 2025

Luumi AB is committed to protecting your privacy and operating transparently. We welcome your questions and feedback.