Your data, plainly.

Last updated · May 21, 2026

Luminelle is operated by HushThrive SRL. This policy explains what we collect, why we collect it, who we share it with, and the rights you have. It applies to the Luminelle mobile app, the website at luminelle.ai, and our backend services.

1. Who we are

HushThrive SRL is the data controller for the personal data described in this policy.

HushThrive SRL
Strada Verzișori, Nr. 6, Bl. D, Ap. B118
Sectorul 4, București, 040301, Romania

CUI 53282190 · Nr. Reg. Com. J2026002531005 · EUID ROONRC.J2026002531005

For any privacy question or data-rights request, email info@luminelle.ai.

2. What we collect

Account data

Email address, username, and display name.
Date of birth - used to enforce the 13+ minimum age and to tailor age-appropriate features.
Biological sex (female, male, nonbinary, or prefer-not-to-say) - used by cycle and nutrition features.
Avatar image, if you upload one.
A sign-in identifier from your chosen sign-in method (email or Google).

Health and wellness data

Menstrual cycle data: period start dates, cycle length, period length, and current phase.
Daily journal entries: redness, breakouts, and stress on 0–100 scales, plus free-text notes you choose to write.
Nutrition: daily calorie target, nutrition goal, and the meals you log.
Skincare concerns you select during onboarding.

This is special-category personal data under EU law, and we process it on the basis of your explicit consent. You can withdraw that consent at any time by deleting the relevant entries or your account.

Selfies

When you take a daily selfie, the image is sent to our servers and to our analysis provider, which returns observations and scores we store with your account. We do not keep the image bytes on our servers after the analysis. A copy of the selfie is saved on your phone so you can see it in your in-app history. Selfies are never used to train AI models.

Product and meal scans

When you scan a product label or a meal, the image is sent to our servers for analysis. We use the result - ingredients, category, calorie estimate, safety status - and don’t keep the image. For meals and food products, a copy of the photo is also saved on your phone so you can see it in your in-app history. Ingredient-label scans are processed in memory and the photo is not stored anywhere.

We store a record of your scans - product, brand, ingredients, the computed status - so your history is available across your devices.

Subscription and billing

Apple App Store and Google Play handle your payment. We do not collect or store payment card details. We receive your subscription state (active or lapsed, tier, expiry) from our subscription provider.

Device and usage data

A push-notification token and your notification preferences.
Basic web analytics on luminelle.ai (page views, referrer, approximate region) - not collected from the mobile app.

3. Why we use your data

To provide the Service - scanning, scoring, syncing, and any notifications you opted into.
To process your cycle, journal, and selfie data - based on your explicit consent.
To send transactional messages such as password resets and subscription receipts.
To send optional marketing emails or push messages, if you’ve consented.
To prevent abuse, fraud, and security incidents.
To keep tax records for paid subscriptions, as required by law.

4. Where your data lives

Your account, history, and synced data are stored on servers in the EU. Data is encrypted in transit and at rest.

5. Providers we work with

The third parties that process Luminelle data on our behalf:

Supabase - database and authentication.
Cloudflare - backend hosting and request routing.
Azure OpenAI - analysis of selfies and product/meal photos.
RevenueCat - subscription state.
OneSignal - push notifications.
Google - sign-in (if you choose it) and website analytics.

We also query public product databases when you scan a barcode. These requests include the scanned barcode but no user identifiers.

6. International data transfers

Some of our providers are headquartered outside the EU, including in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission’s standard contractual clauses and applicable safeguards. Encryption in transit and at rest applies in all cases.

7. How long we keep your data

Account data - while your account is active, and for up to 30 days after a deletion request to complete the purge.
Cycle, journal, scan, and selfie analysis records - deleted with your account, or earlier if you remove individual entries.
Backups - rolling deletion within 30 days.
Subscription invoices and tax records - retained as required by Romanian tax law.

8. Your rights

You have the right to:

Access the personal data we hold about you.
Have inaccurate data corrected.
Have your data erased.
Restrict processing of your data.
Receive your data in a portable, machine-readable format.
Object to processing based on our legitimate interest.
Withdraw consent at any time, without affecting prior processing.
Lodge a complaint with your local supervisory authority. In Romania this is ANSPDCP.

To exercise any of these rights, email info@luminelle.ai. We respond within 30 days.

9. California residents

The categories of personal information we collect are listed in section 2 above. In the last 12 months, we have not sold personal information, and we have not shared personal information for cross-context behavioral advertising. You have the right to know, delete, correct, and limit the use of sensitive personal information (your cycle and journal data qualify). To exercise these rights, email info@luminelle.ai.

10. Children

Luminelle is intended for users 13 and older. If you are under the digital consent age in your country (for example, 16 in Romania), you need consent from a parent or guardian. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, email info@luminelle.ai and we will delete it.

11. Automated analysis

We use AI to analyze your daily selfie and your product or meal photos. The output - observations, recommendations, scores - is informational. It does not constitute a medical diagnosis or any decision with legal or similarly significant effect on you. You can choose not to use these features; the rest of the app continues to work without them.

12. Security

Our security practices are described on our Security page.

13. Cookies

luminelle.ai uses cookies in two categories. The Luminelle mobile app does not use browser cookies.

Strictly necessary

These cookies are required for the site to work and cannot be disabled. They are first-party and not shared with anyone.

Supabase auth cookies (sb-*) - keep you signed in across pages. Expire when your session ends.

Analytics (opt-in)

These cookies are only set if you accept the analytics category in the cookie banner. We use Google Analytics 4 to understand site traffic in aggregate - we do not use the data for advertising and we do not sell it.

_ga, _ga_* - Google Analytics. Distinguish visitors. First-party, expires after 2 years.
_gid - Google Analytics. Distinguish visitors. First-party, expires after 24 hours.

Until you accept, Google Analytics runs in cookieless mode using Google Consent Mode v2 - no analytics cookies are set and no identifiers are sent. If you withdraw consent later, any analytics cookies already set on your device are deleted.

Managing your choice

You can change your preferences at any time. The same option is available from the “Cookie settings” link in the footer of every page.

14. No ads, no data sold

We do not show advertising in Luminelle. We do not sell your personal data and we do not share it with third parties for their own marketing.

15. Changes to this policy

We will update the “Last updated” date when we revise this policy. For material changes we will notify you in the app or by email.

16. Contact

For privacy questions or to exercise any of the rights above, email info@luminelle.ai, or write to HushThrive SRL at the address in section 1.