Privacy Policy.

Last updated: April 24, 2026

1. One-line summary

Lumê processes your photos to give you personalized skin, hair and color analysis — and nothing more. Your photos don't become an AI training dataset, never go to ad networks, and stay encrypted on our servers with access reserved for you. Delete the account, everything is gone.

2. Who we are

The Lumê app is developed and published by HPS SOFTWARE LTDA, registered in Brazil under no. 47.172.959/0001-78, headquartered at Av. Dr. Álvaro Severo de Miranda, 812, Apt. 1702, Passo Fundo / RS, Brazil.

For any privacy-related matter: [email protected] (subject: "Lumê Privacy Request").

3. Data processed by Lumê

3.1 Email and account identifier

We use your email address for authentication. We also generate a unique user ID to link your analyses and manage your subscription.

3.2 Photos uploaded (skin, hair, products)

This is the most sensitive data type and the one we protect most carefully. When you upload a photo for analysis:

• The photo is encrypted in transit (TLS) and at rest on our servers (AES-256).
• It is linked exclusively to your account. No one on our team browses individual user photos — access is restricted to specific support procedures, only at your request.
• It is not shared with advertisers, not sold, and not used to train any AI model — neither ours nor Anthropic's (which processes the analysis under a no-retention agreement).
• You can delete each photo individually at any time, or wipe the entire history at once via Settings.

Cosmetic packaging photos (scanner) follow the same encryption pattern but are processed only to extract barcode and ingredients (INCI) — we do not store the packaging image after extraction, only the structured data.

3.3 Analysis results

The results generated by the AI (skin type, recommendations, color palette, active ingredients) are linked to your account and form your evolution history. You can view, export (monthly PDF on Pro/Premium) or delete at any time.

3.4 AI prompts and processing

Analysis is performed by the Claude (Anthropic) model via API. Each analysis sends the photo and a structured prompt to Claude. We operate under Anthropic's no-retention agreement — they don't store your photos or prompts after returning the response. There is no persistent conversational memory on the AI side. When you use AI Beauty Chat (Premium), conversation history is kept on our servers, not at Claude — and you can delete it at any time.

3.5 Crash reports (opt-in)

Sentry only receives a crash report if you accept the consent modal shown on first use. Reports contain stack trace, device model, OS version and app version — with email and free text removed before sending. Photos are never included in crash reports. You can revoke consent at any time in Settings.

3.6 Subscription (Asaas)

Payment processing (Pro / Premium) is done by Asaas, a PCI-DSS-certified Brazilian payment processor. HPS only receives payment confirmation and the subscription reference — we never see your card. Pix, credit card and boleto accepted. CPF/CNPJ is sent to Asaas for invoice issuance (mandatory under Brazilian law).

3.7 Cookies and local storage

Lumê is a web platform (no mobile app). The site uses strictly necessary cookies (login session) and campaign measurement (Google Ads conversion). Preferences and image cache live in the browser's localStorage, removed when you clear site data or delete your account.

4. What Lumê does NOT collect

• Banking or credit card data (Asaas processes; doesn't pass through us)
• Geographic location (GPS, Wi-Fi, IP) — not used
• Contacts, microphone, messages
• Browsing history outside the app
• Biometric data for identification (your photos are NOT used for facial recognition — only for skin/hair/color analysis, with no biometric embedding extraction)
• Cross-app advertising identifiers (IDFA / Advertising ID)

5. Legal basis (LGPD / GDPR)

Processing of photos and analyses is classified as sensitive personal data (LGPD art. 5, II — health/physical aspects; GDPR art. 9 — special categories). The processing is therefore based on:

• LGPD art. 11, I — specific and highlighted consent: by uploading a photo for analysis, you explicitly consent to the processing of that photo for the defined purpose (aesthetic analysis). You can revoke at any time by deleting it.
• LGPD art. 7, V — contract performance: providing the app service and managing your subscription.
• LGPD art. 7, II — legal obligation compliance: invoice issuance and taxation.
• LGPD art. 7, IX — legitimate interest: diagnosing failures and improving stability (under opt-in consent).

EU users (GDPR): processing is based on explicit consent (Art. 9, 2(a) — special categories), contract performance and legitimate interest.

6. Sharing with third parties

We share strictly necessary data with the following processors:

• Anthropic (Claude API) — photo analysis. Receives the photo and prompt, returns the structured analysis. We operate under a no-retention agreement. United States.
• Cloudflare — web app hosting (Workers, Pages) and CDN. Receives IP and request data. Does not access encrypted photo content.
• Asaas — payment processing. Receives name, email, CPF/CNPJ and purchase data. Brazil. PCI-DSS certified.
• Sentry — crash reports (opt-in). Receives stack trace, no photos and no free text. United States.
• Google Ads — campaign measurement (gtag). Receives conversion event without personal identifiers.

We do not sell your data. We do not share with ad networks. We do not track you across apps or sites. Your photos are not shared with any of the processors above except Anthropic, and only during the analysis itself.

7. International transfer

Anthropic, Cloudflare, Sentry and Google have infrastructure in the United States. Transfers follow the safeguards in art. 33 of LGPD (standard contractual clauses, adequacy decisions recognized by ANPD) and GDPR mechanisms (Standard Contractual Clauses).

8. Retention

• Uploaded photos: retained while the account exists. Deleted individually or in bulk by you. Wiped in cascade when you use Settings → Delete Account.
• Analysis results: retained while the account exists, form your history. Deleted along with the account.
• AI Chat history (Premium): retained as long as you wish. Deletable any time.
• Prompts sent to Claude: NOT retained by Anthropic beyond the immediate response.
• Crash reports: retained for 90 days at Sentry, then deleted automatically.
• Subscription history: retained by Asaas for 5 years (Brazilian fiscal obligation).

9. Children

Lumê is not directed at children under 13 (COPPA) or under 16 (GDPR). Account creation requires age confirmation. We do not knowingly collect data from minors. If you are responsible for a child who has created an account, contact us: [email protected] and we will remove the data immediately.

10. Your rights

As a data subject, you may:

• Access: view all your photos and analyses inside the app itself.
• Correction: edit profile data and delete incorrect photos.
• Deletion: Settings → Delete Account (cascades: photos, analyses, chat history, subscription).
• Withdraw consent: disable crash reports, delete photos individually, or close the account.
• Portability: request a full export of photos + analyses in JSON via the email below (delivered within 15 days).
• Object to processing: deleting the account ends all processing.
• File a complaint with ANPD (Brazil) or your jurisdiction's data protection authority.

To exercise any of these rights: [email protected] (subject: "Lumê Privacy Request"). We respond within 15 days.

11. Security

All communication between the app, the website and our servers happens over TLS (HTTPS). Photos are encrypted at rest (AES-256) and access requires authentication. Passwords are stored with secure hashes (bcrypt/argon2); they never travel or sit in plaintext. Audit logs of access to sensitive data are recorded and reviewed periodically.

12. Changes to this policy

We may revise this policy as Lumê evolves (new features, new providers, legal updates). Changes will be published on this page with the update date at the top. For material changes affecting photo processing or sharing, we will notify inside the app and via email.

13. Contact