Last updated: 20.04.2026
1. Controller
The controller responsible for data processing is:
Lumora Mind
Enzersdorfer Straße 70/4
2340 Mödling
Österreich
E-Mail: getsupport@lumoramind.app
2. Overview
Lumora is a wellbeing application that allows users to track personal information such as mood, sleep, and exercise activity.
We take the protection of your personal data seriously and process your data in accordance with the General Data Protection Regulation.
3. What data we collect
We may collect and process the following categories of data:
Account data
- Email address or login credentials
Wellbeing data (sensitive data)
- Mood entries
- Sleep-related information
- Exercise activity and progress
Technical data
- Device type, operating system
- App usage data
- Crash logs and diagnostics (if applicable)
4. Special category data (important)
Some of the data processed in Lumora (such as mood, sleep, and wellbeing information) may be considered health-related data under GDPR.
We process this data only based on your explicit consent in accordance with Art. 9(2)(a) GDPR.
You can withdraw your consent at any time.
5. Legal basis for processing
We process your personal data based on the following legal grounds:
- Art. 6(1)(b) GDPR – performance of the contract (to provide app functionality)
- Art. 6(1)(a) GDPR – your consent
- Art. 9(2)(a) GDPR – explicit consent for processing sensitive (health-related) data
6. Purpose of processing
We process your data for the following purposes:
- to provide and operate the Lumora app
- to track and display your wellbeing data
- to improve your experience and app functionality
- to ensure security and stability of the app
7. Data storage and security
Your data is stored securely using appropriate technical and organizational measures.
This includes:
- encrypted data transmission (HTTPS)
- access restrictions
- secure infrastructure
We take reasonable steps to protect your data from unauthorized access, loss, or misuse.
8. Data sharing
We do not sell your personal data.
We only share data with trusted service providers where necessary to operate the app, such as:
- hosting providers
- infrastructure providers
- analytics or crash reporting tools (if used)
These providers process data strictly on our behalf and are contractually obligated to protect your data.
9. Data retention
We store your personal data:
- for as long as your account is active
- until you delete your account
After account deletion, your data will be deleted or anonymized, unless legal obligations require retention.
10. Your rights
Under GDPR, you have the following rights:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to withdraw consent at any time (Art. 7 GDPR)
You also have the right to lodge a complaint with a data protection authority.
11. Withdrawal of consent
You can withdraw your consent to data processing at any time.
Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
After withdrawal, certain app features may no longer be available.
12. Account and data deletion
You can delete your account at any time:
- directly within the app (if available), or
- by contacting us at: getsupport@lumoramind.app
Upon deletion, all personal data will be deleted unless legal obligations require otherwise.
13. Third-party services
We may use third-party services to operate the app (e.g., hosting, analytics, crash reporting).
These services process data only on our behalf and in accordance with applicable data protection laws.
14. International data transfers
If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
We recommend reviewing it regularly to stay informed.