Privacy Policy

Last updated: 2026-05-15

Lume is a privacy-first VPN. We built it because we believe the network shouldn't get to watch you. This policy describes — in plain language — what we do and don't collect.

Our no-logs policy

Lume does not log, monitor, or store records of user VPN sessions, browsing history, DNS queries, IP addresses, or any other user activity while connected to the VPN.

We do not store connection timestamps, bandwidth usage tied to your identity, the websites you visit, the apps you use, or the originating IPs of any session.

What we do collect

Account data (optional)

• If you sign in with email, Apple, or Google: your email address, used only for account management.
• If you use Anonymous mode: nothing — no account, no email, no identifier we can tie back to a real person.

Subscription data

• Apple-managed receipt validation through RevenueCat to determine if you have an active subscription.
• We do not see your payment method. Apple handles billing end-to-end.

Device telemetry (privacy-preserving)

• Device model class only (e.g. "iPhone 17 Pro") — not unique device IDs.
• iOS major version, app build number, and approximate region (country) — used to debug regressions.

What we never collect

• Browsing history, DNS queries, or any content of your traffic.
• Real-time or historical IP addresses associated with your account.
• Contact info (when in Anonymous mode), Health & Fitness, Financial info, Messages, or Search history.
• Advertising identifiers (IDFA). Lume does not use ads, ever.

Encryption keys

Your WireGuard private key is generated on your iPhone and stored in your device's Secure Enclave with thekSecAttrAccessibleAfterFirstUnlockThisDeviceOnly attribute. It is never uploaded to our servers and is not included in any iCloud backup. Only your public key is transmitted, and only to provision your VPN peer.

Sharing

We share data with the minimum number of vendors needed to run the service:

• Apple — App Store billing and receipt validation.
• RevenueCat — subscription state management.
• Clerk — authentication for users who choose to sign in (Anonymous-mode users are never sent to Clerk).
• Cloudflare — DDoS protection and request routing to our API.

We do not sell, rent, or share user data with advertisers, data brokers, or analytics companies.

Government & law-enforcement requests

Because we do not log session activity, we have nothing to hand over even when compelled. Any valid legal request will be met with the only data we hold: subscription status (active/inactive) for signed-in accounts. We commit to publishing a transparency report at least annually.

Your rights

You can delete your Lume account at any time from Settings → Account → Delete account. Anonymous users can simply uninstall the app — there's nothing to delete on our side. EU/UK/California users have additional rights under GDPR/CCPA; contact [email protected] to exercise them.

Changes

If we change this policy, we'll bump the "Last updated" date and surface a notice in-app. Material changes will require your re-consent.

Contact

Questions? [email protected].