This Privacy Policy explains how Securero (“Securero”, “we”, “us”, or “our”), the operator of the Lumo dating application and related websites and services (collectively, the “Service”), collects, uses, discloses, and safeguards your personal information. It also describes your rights and choices.
Lumo is intended only for individuals who are 18 years of age or older. By creating an account or otherwise using the Service, you acknowledge that you have read and understood this Policy. If you do not agree with it, please do not use the Service.
This Policy should be read together with our Terms of Service.
Contents
1. Who we are
The Service is provided by Securero. For any privacy-related question or to exercise your rights, contact us at support@all-good.co.il. Where required by law, Securero acts as the “controller” (or equivalent) of the personal information processed through the Service.
2. Information we collect
2.1 Information you provide
- Account data: mobile phone number, and (optionally) email address.
- Profile data: display name, date of birth and age, gender and gender description, photos, a short bio, occupation, employer, school, education level, height, languages, interests, and prompt answers (including optional voice recordings).
- Lifestyle and preference data: answers about drinking, smoking, exercise, pets, and whether you have or want children; the genders you are interested in, age range, distance, and other matching preferences.
- Sensitive data you choose to share: religious beliefs and political views (optional profile fields); see Section 3.
- Verification data: if you choose to get verified, a short selfie (“liveness”) image used for a one-time face comparison against your profile photo. This is biometric data; see Section 3.
- Content and communications: messages, reactions, likes, comments, reports you submit, and your communications with our support team.
- Consents: a record of the legal documents and versions you accept, with a timestamp and IP address.
2.2 Information collected automatically
- Device and technical data: device type and model, operating system and version, app version, language/locale, push-notification token, and IP address.
- Location data: with your permission, your approximate or precise location, used to show you nearby people and distances. We store only your most recent location; we display only an approximate distance (rounded, minimum 2 km) and city to other users — never your exact coordinates.
- Usage and log data: how you interact with the Service (for example, screens viewed, features used, swipes, and match activity), and technical logs used for security and diagnostics.
2.3 Information from third parties
- App stores and payment providers: subscription and purchase status and transaction identifiers from Apple and Google (we never receive your full card number).
- WhatsApp / Meta: when you log in or confirm an action by tapping a WhatsApp message, we receive confirmation that you approved or declined.
- Referrals: if you join through a referral link, we record the connection between accounts.
3. Sensitive (special-category) information
Because Lumo is a dating service, some information is, or may reveal, “special category” / sensitive personal data — including your religious beliefs, political views, and information from which your sexual orientation may be inferred (your gender together with the genders you are interested in). If you choose to get verified, the liveness selfie is biometric data.
We process this information on the basis of your explicit consent, which you provide by choosing to add it to your profile or by getting verified, and (where applicable) because you have manifestly made it public on your profile. Providing this information is optional, and you can edit or remove most of it at any time in the app. Withdrawing consent does not affect processing carried out before withdrawal.
4. How we use information
- Create and manage your account and authenticate you (including one-time codes and login approvals).
- Operate core features: build your profile, suggest and rank potential matches, enable likes, matches, and messaging.
- Personalize recommendations and content, including ranking and discovery features.
- Provide optional AI-assisted features, such as suggested conversation openers.
- Keep the Service safe: detect, prevent, and respond to fraud, spam, abuse, harassment, and violations of our Terms, including content moderation and identity/photo checks.
- Process purchases, subscriptions, and virtual items, and prevent payment fraud.
- Communicate with you, including service messages, push notifications you enable, and — with your consent where required — marketing.
- Measure, analyze, and improve the Service, develop new features, and debug.
- Comply with legal obligations and enforce our agreements, terms, and policies.
5. Legal bases for processing
Where data-protection law (such as the EU/UK GDPR) applies, we rely on:
- Performance of a contract — to provide the Service you request.
- Your consent — for sensitive data, precise location, marketing, and certain device permissions; you may withdraw it at any time.
- Legitimate interests — to secure, protect, improve, and promote the Service, prevent abuse, and operate our business, balanced against your rights.
- Legal obligation — to comply with applicable laws, including tax, accounting, and law-enforcement requirements.
6. Automated processing and profiling
We use automated systems to recommend and rank profiles, to surface potential matches, and to help moderate content (for example, automatically screening photos and messages). These processes help us provide and protect the Service and do not produce legal or similarly significant effects on you. You may contact us at support@all-good.co.il with questions about these features.
7. How we share information
- With other users: your profile (name, age, photos, and the details you add) is shown to other users as part of the Service. Information you send in messages is shared with your matches. Please share only what you are comfortable making visible.
- With service providers: vendors who process data on our behalf under contract (see Section 8).
- For safety and legal reasons: when we believe disclosure is necessary to comply with law, legal process, or government requests; to enforce our Terms; or to protect the rights, property, or safety of Securero, our users, or the public.
- Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred, subject to this Policy.
- With your consent or at your direction.
- Aggregated or de-identified information that cannot reasonably identify you.
We do not sell your personal information for money.
8. Service providers we use
We rely on reputable providers to run the Service, including:
- Cloud hosting and storage (e.g., Amazon Web Services) — application hosting and photo/media storage.
- Push notifications (Google Firebase) — to deliver notifications you enable.
- Messaging / SMS and WhatsApp (e.g., Twilio; Meta/WhatsApp) — to deliver verification codes and login approvals.
- AI features (Anthropic) — to generate optional suggested conversation openers from limited profile details.
- Content moderation and photo/identity checks — to help keep the Service safe.
- Payments (Apple App Store; Google Play) — to process purchases and subscriptions.
- Error and performance monitoring (e.g., Sentry) — configured not to send your personal identifiers by default.
These providers are permitted to use your information only to provide services to us and under appropriate confidentiality and data-protection obligations.
9. International data transfers
We are based in Israel and may process and store information in Israel and in other countries, including the United States and the European Economic Area, where our providers operate. These countries may have data-protection laws different from those in your country. Where required, we use appropriate safeguards (such as the European Commission’s Standard Contractual Clauses or transfers to jurisdictions recognized as providing adequate protection).
10. How long we keep information
We keep your information for as long as your account is active and as needed to provide the Service. When you delete your account, deletion begins a 14-day grace period (logging back in cancels it), after which your profile, photos, verification images, and the messages you sent are permanently erased or de-identified.
We retain certain limited information after deletion where we have a legal obligation or legitimate need, including:
- records of consents and the legal versions you accepted;
- safety and moderation records, reports, and enforcement actions, to protect our users and prevent repeat abuse;
- transaction, subscription, and tax/accounting records;
- de-identified or aggregated analytics that no longer identify you.
Your phone number is replaced with a non-identifying placeholder so the account cannot be re-identified.
11. How we protect information
We use technical and organizational measures designed to protect your information, including encryption in transit (TLS), hashing of credentials and one-time codes, automatic removal of location and other metadata (EXIF) from uploaded photos, private storage with time-limited access links, access controls, and rate limiting on sensitive actions. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Your rights and choices
Depending on where you live, you may have the right to:
- Access a copy of your personal information (the app offers a “Download my data” feature).
- Correct inaccurate information (you can edit most profile data in the app).
- Delete your account and information (in the app, or at lumo.all-good.co.il/delete-account).
- Restrict or object to certain processing, and to withdraw consent at any time.
- Data portability, where applicable.
- Lodge a complaint with your local data-protection authority (in Israel, the Privacy Protection Authority).
To exercise these rights, use the in-app controls or contact support@all-good.co.il. We may need to verify your identity before acting on a request. We will not discriminate against you for exercising your rights.
California residents
If you are a California resident, you have rights under the CCPA/CPRA, including to know, access, correct, and delete personal information, and to opt out of “sharing” for cross-context behavioral advertising. We do not sell your personal information and do not share it for cross-context behavioral advertising. You may submit requests using the contact details above.
13. Children
The Service is strictly for adults aged 18 and over. We do not knowingly collect information from anyone under 18. If we learn that we have collected information from a person under 18, we will delete it and terminate the account. If you believe a minor is using the Service, contact support@all-good.co.il.
14. Cookies and similar technologies
Our mobile app uses on-device storage to keep you signed in and to remember your settings. Our websites use only essential cookies/local storage needed to operate the page. We do not use third-party advertising cookies on these pages.
15. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will provide notice through the Service or by other appropriate means and update the “Last updated” date above. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
16. How to contact us
Securero — operator of Lumo
Email: support@all-good.co.il