Lumora

Lumora Privacy Policy

Niceday Co., Ltd. (the “Company”) complies with the Personal Information Protection Act of the Republic of Korea and other applicable laws to protect the freedoms and rights of data subjects. This Privacy Policy explains how personal information is processed in the Lumora application and on the Lumora website provided by the Company.

Lumora follows these core principles:

Article 1. Scope of this Privacy Policy

  1. This Privacy Policy applies to:
  1. Apple’s own privacy policy separately applies to the App Store, Apple Accounts, StoreKit, iCloud, and device backups.
  2. A third-party website linked from the Company’s website is governed by the privacy policy of its respective operator.

Article 2. Data Stored Only on the Device by the App

The Lumora App stores the following data locally on the User’s current device:

CategoryDataPurposeStorage locationRetention period
Habit informationHabit name, observation schedule, selected days or dates, planet and orbit settings, and active or archived statusCreating and managing habits; displaying habits to be observedUser’s deviceUntil the User deletes the data or the App data is deleted
Observation recordsDate, Complete or Rest status, and optional notesSaving and editing records; viewing trajectoriesUser’s deviceUntil the User deletes the relevant record or habit, or the App data is deleted
App settingsOnboarding-completion status, notification settings, motion and display settings, and similar preferencesRetaining User preferencesUser’s deviceUntil the User deletes the App data
Subscription entitlement statusProduct identifier provided by StoreKit, subscription validity, expiration, refund or revocation status, and similar informationDetermining Free or Plus access and restoring purchasesUser’s device and Apple-managed environmentsFor as long as needed to verify subscription entitlement, or as provided by Apple’s policies
  1. The Company does not collect or transmit the habit information, observation records, or App settings listed above to Company servers.
  2. The App does not use an external analytics SDK, advertising SDK, or third-party crash-reporting SDK to transmit the User’s habits or behavioral data.
  3. If authorized by the User, App notifications are scheduled locally through the device’s notification functionality. The Company does not operate User accounts or server-based push tokens to deliver notifications.
  4. Depending on the User’s device and Apple Account settings, App data may be included in an iCloud backup or a device backup stored on a computer. Apple and the User manage these backups. The Company cannot access backup data and does not guarantee that it can be restored.

Article 3. Personal Information Processed Directly by the Company

The Company processes only the minimum personal information necessary in the following circumstances:

Processing contextPersonal information processedPurposeMethod of collectionRetention period
General customer-support inquiryEmail address, sender name or email display name, inquiry details, and files attached by the UserReviewing and responding to inquiries, troubleshooting, and providing supportProvided directly by the User by emailOne year after the inquiry is resolved
Technical issue investigationApp version, iOS version, device model, screenshots, and diagnostic details voluntarily provided by the UserReproducing errors and providing technical supportProvided directly by the User by emailOne year after the inquiry is resolved
Payment, refund, or dispute inquiryEmail address, inquiry details, and order or transaction identifiers and supporting materials provided by the UserVerifying subscriptions, assisting with purchase restoration, and responding to refunds or disputesProvided directly by the User by email, or provided by Apple to the extent permitted by applicable lawRecords of consumer complaints or disputes: three years after resolution. If the Company comes to possess records concerning contracts, withdrawal from purchase, payment, or supply: five years
  1. Before sending a screenshot or diagnostic material for customer support, Users should conceal unnecessary personal information, such as habit names, notes, or information about another person.
  2. The Company does not request sensitive information or unique identification information that is unnecessary to resolve an inquiry. If a User provides such information without being asked, the Company may promptly delete or redact the portion that is unnecessary to handle the inquiry.
  3. Information that must be retained for a longer period under applicable law will be stored separately for the purpose and period required by that law and then deleted.

Article 4. App Store Payments and Information Processed by Apple

  1. Purchases, payments, renewals, cancellations, and refunds for Plus subscriptions are processed through the App Store and the User’s Apple Account.
  2. The Company does not collect or store the User’s Apple Account password, full payment-card number, or payment-method authentication information.
  3. Apple may process transaction information to handle payments, restore purchases, verify subscription status, issue refunds, prevent fraud, and comply with legal obligations.
  4. The Lumora App uses StoreKit to check subscription products, transactions, and entitlement status and uses that information on the device to determine Free or Plus access.
  5. To facilitate subscription operations, Apple may provide the Company with a unique subscriber identifier, information about the purchased subscription, country or region of residence, refund or revocation status, sales and settlement information, and aggregated statistics. If the Company separately downloads and retains such information, it will do so only to the extent and for the period necessary for settlement, accounting, customer support, and compliance with applicable law.
  6. For further information about the categories, purposes, retention periods, and data-subject rights applicable to Apple’s processing, please review Apple’s Privacy Policy.

Article 5. Disclosure of Personal Information to Third Parties

  1. As a general rule, the Company does not disclose personal information to third parties.
  2. The Company may disclose personal information to the extent permitted by applicable law in the following circumstances:
  1. Information that a User provides directly to Apple while using the App Store is distinguished from personal information disclosed by the Company to a third party and is processed under Apple’s policies.

Article 6. Entrustment of Personal Information Processing

The Company entrusts the following personal information processing in order to operate its customer-support email service:

Service providerEntrusted processingInformation processed
Google LLC (Google Workspace)Transmission, receipt, and storage of customer-support emailSender email address, sender display name, inquiry details, and attachments
  1. Through its agreement with the service provider, the Company establishes and manages requirements concerning the prohibition of processing beyond the entrusted purpose, security safeguards, management of subprocessors, deletion of personal information, and oversight of the service provider.
  2. Any change to the entrusted processing or the service provider will be disclosed through this Privacy Policy.
  3. The Lumora App does not entrust server operations or external analytics to a third party for the processing of habit information or observation records.

Article 7. International Transfer of Personal Information

Because customer-support email is operated using Google Workspace, the following personal information may be processed or stored outside the Republic of Korea:

ItemDetails
Personal information transferredSender email address, sender display name, inquiry details, and attachments
RecipientGoogle LLC
ContactGoogle Privacy Help
Countries of transferCountries in which Google operates data centers, including the United States
Timing and methodTransferred over an encrypted network when the User sends a customer-support email
PurposeTransmission, receipt, storage, and security of customer-support email
Retention and use periodUntil the end of the applicable retention period in Article 3, followed by deletion in accordance with Google’s contractual deletion and backup cycles
Legal basisEntrustment and storage necessary to handle the data subject’s customer-support request under Article 28-8(1)(3) of the Personal Information Protection Act
  1. A User may refuse the international transfer by choosing not to send a customer-support email. In that case, the Company may be unable to provide an email response or attachment-based technical support, but the User may continue to use the core features of the Lumora App.
  2. Questions or objections concerning international transfers may be submitted to the Chief Privacy Officer identified in Article 14.
  3. If the Company adopts website hosting or another external service that results in an additional international transfer, it will update this Privacy Policy before beginning the transfer to disclose the recipient, destination country, information transferred, purpose, timing and method, retention period, and method of refusal.

Article 8. Website, Cookies, and Behavioral Analytics

  1. The Lumora website is operated as a static website and currently does not provide registration, login, an email-collection form, or an online inquiry form.
  2. The Company does not install advertising trackers, behavioral-analytics tools, or cookies intended to identify Users on the Lumora website.
  3. IP address, browser and operating-system information, access time, requested URL, and similar data may be processed temporarily as necessary for network communications when the website is provided. If the Company retains or accesses request logs through a website-hosting provider, this Privacy Policy will be updated to reflect the actual information processed, purpose, service provider, and retention period.
  4. The Company does not combine in-App activity with website-visit information or use it for personalized advertising or User profiling.

Article 9. Apple Diagnostic Information and App Analytics

  1. The Company does not integrate its own behavioral-analytics SDK or a third-party crash-reporting SDK into the Lumora App.
  2. If a User chooses in Apple device settings to share diagnostics and usage information with developers, Apple may provide the Company with the App version, device and operating-system information, crash logs, performance information, or aggregated usage statistics.
  3. The Company uses diagnostic information provided by Apple only to improve the stability and quality of the App. It does not use that information to collect habit names or note contents.
  4. The User can change whether diagnostic information is shared in Apple device settings. Further details are governed by Apple’s privacy policy and device-settings guidance.

Article 10. Automated Decision-Making and Personalized Advertising

  1. The Company does not use personal information to make automated decisions that produce legal or similarly significant effects on Users.
  2. The Company does not use a User’s habits or observation records for advertising, credit assessment, health assessment, or User profiling.
  3. The Lumora App and website do not provide personalized advertising or track Users across other apps or websites.

Article 11. Rights of Data Subjects and Legal Representatives

  1. A data subject may at any time exercise rights concerning personal information processed by the Company, including the rights to access, correct, delete, or suspend processing; withdraw consent; and exercise rights relating to international transfers.
  2. A request may be submitted using the email address or telephone number in Article 14. The Company will handle the request within the time and in accordance with the procedures required by applicable law.
  3. A data subject may exercise these rights through a legal representative or duly authorized agent. The Company may request the minimum information necessary to verify the requester’s identity or the agent’s valid authority.
  4. Because the Company does not possess habit information, observation records, or App settings stored only on the User’s device, it cannot access, correct, delete, or recover that data on the User’s behalf. The User can modify or delete it directly in the App or delete it using the “Delete Data on This Device” feature.
  5. Local data may not be recoverable after the App or device data is deleted. Users should review the consequences before deletion.
  6. Any limitation on rights of access, deletion, or suspension of processing under applicable law will apply.

Article 12. Children’s Personal Information

  1. Lumora does not collect registration or age information.
  2. A child under 14 who needs to provide personal information during customer support should submit the inquiry with the assistance of a legal representative.
  3. If the Company learns that it has collected personal information from a child under 14 without the consent of a legal representative, it will promptly delete the information unless retention is required by applicable law.
  4. A legal representative may exercise rights concerning a child’s personal information through the contact information in Article 14.

Article 13. Deletion and Security of Personal Information

Deletion of Personal Information

  1. The Company promptly deletes personal information when it is no longer necessary, including when the retention period expires or the purpose of processing has been fulfilled.
  2. If information must be retained under another law, only the information subject to that requirement will be stored separately for the legally required period and will not be used for another purpose.
  3. Electronic files are securely deleted using a method designed to make recovery or reproduction impracticable. Paper documents are shredded or incinerated.
  4. Data stored on the User’s device is removed from the device when the User deletes it in the App or deletes the App or device storage. The Company does not retain a copy of that data.

Security Measures

The Company takes the following measures to safeguard the personal information it processes:

Article 14. Chief Privacy Officer and Access Request Contact

The Company has appointed the following Chief Privacy Officer to oversee personal-information processing and handle privacy inquiries, complaints, and requests for relief:

Requests to access personal information and other privacy inquiries may be submitted through the contact information above. The Company will review and respond to requests without undue delay.

Article 15. Remedies for Infringement of Rights

A data subject may contact the following independent organizations for advice or relief concerning an infringement of personal-information rights:

Article 16. Changes to this Privacy Policy

  1. If this Privacy Policy changes, the Company will disclose the changes and their effective date on the Lumora website or in the App.
  2. A significant change will be announced in an easily understandable manner before it takes effect.
  3. Previous versions will be retained and made available with their respective effective dates and version information.

Addendum

This Privacy Policy takes effect on July 16, 2026.