Privacy Policy

Last updated: 16 May 2026

Lume is published by Appwide OÜ, a company registered in Tallinn, Estonia. This policy describes the personal data we process when you install or use the Lume application, the purposes we process it for, and the choices you have. It applies alongside our Terms of Service.

Summary

• You can use Lume with or without creating an account.
• Apple processes your payment. Card details are not shared with us.
• We do not sell personal data and we do not run advertising.
• We collect only what is necessary to operate the service and keep the app working.

What we do not log

When the Lume tunnel is active, our infrastructure is designed to operate without recording:

• The websites or services you connect to.
• DNS queries made through the tunnel.
• The originating IP address you connected from.
• Session timestamps or per-session bandwidth tied to your identity.

Operational metrics such as aggregate server load may be collected to keep the service running, but they are not tied to individual users.

What we process

Account data (if you sign in)

• An email address, used to authenticate you and to let you recover your account on a new device.
• The sign-in method you chose (email link, Apple, or Google).

Sign-in is optional. We do not request your legal name, postal address, or phone number.

Anonymous mode

Lume can be used without signing in. In that case your device generates a local secret and we store only an opaque identifier and a hashed key, which we cannot reverse to a real-world identity.

Subscription status

To determine which servers your account may access, we receive a yes/no entitlement state from Apple via our payment processor. We do not receive card information or your Apple ID password.

Limited device information

For stability and support, we may process a small amount of non-identifying information such as device class, operating system version (iOS, iPadOS, or macOS), app version, and App Store country. We do not collect persistent device identifiers (IDFA) and we do not use this information for advertising.

Diagnostics

If the app crashes, a diagnostic report may be sent to our crash-reporting provider (Sentry). These reports describe the state of our own code; they do not contain the contents of your tunneled traffic. Diagnostics can be disabled from the app settings.

Cryptographic keys

The private key used to encrypt your tunnel is generated on your device and stored in the Apple Keychain (iOS or macOS) with the after-first-unlock, this-device-only attribute. It is not transmitted to our servers and is not included in iCloud backups.

Service providers

We rely on the following processors. Each receives only the data needed to perform its function:

• Apple — payment processing and subscription state.
• RevenueCat — subscription entitlement management.
• Clerk — authentication for users who choose email or social sign-in. Anonymous users are not sent to Clerk.
• Cloudflare — DDoS protection and TLS termination for our API.
• Sentry — opt-in crash and error diagnostics.
• Hetzner and other infrastructure providers — server hosting. They have no visibility into the contents of your tunneled traffic.

Legal basis & retention

We process personal data on the basis of the contract you enter into with us when you use Lume (GDPR Art. 6(1)(b)) and, for diagnostics, on the basis of our legitimate interest in maintaining a working service (Art. 6(1)(f)). Account data is retained for as long as your account exists; subscription records are retained for as long as required by applicable tax and accounting rules.

Legal process

As an Estonian company we are subject to Estonian and European Union law. If we receive a lawful, properly served request from a competent authority, we will assess it and respond as the law requires. We will provide only data we actually hold; we are not able to produce data that does not exist in our systems.

International transfers

Some of the processors listed above are based outside the European Economic Area. Where that is the case, transfers are covered by the European Commission's Standard Contractual Clauses or another lawful transfer mechanism.

Your rights

You can delete your Lume account at any time from Settings → Account → Delete account in the app. If you used Lume anonymously, deleting the app removes the local key associated with your device.

Depending on where you live, you may have additional rights under data-protection law to request access to, correction or deletion of your personal data, or to object to certain processing. Requests can be sent to [email protected] and we will respond within the period required by applicable law (typically 30 days).

You also have the right to lodge a complaint with a supervisory authority, including the Estonian Data Protection Inspectorate (aki.ee).

Children

Lume is rated 4+ and is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will remove it.

Changes

We may update this policy from time to time. Material changes will be highlighted in the app and the date at the top of this page will be updated.

Contact

Appwide OÜ
Tallinn, Estonia
[email protected]