Last updated: October 17, 2025
This Privacy Policy explains how LUME Beauty Ltd. ("LUME," "we," "us," or "our"), a company based in London, United Kingdom, collects, uses, discloses, and safeguards your information when you use the LUME mobile application and related services (collectively, the "Services"). By accessing or using the Services, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Services.
We collect the following categories of information when you interact with the Services:
What Face Data We Collect: We collect two types of face data: (a) Original face scans - photos you capture or upload of your face for analysis and makeup generation; and (b) AI-generated makeup look images - synthetic images we create showing your face with different makeup styles (such as full glam, soft glam, natural looks, etc.). You are responsible for ensuring that face scans contain only images of your own face.
How We Use Face Data: Original face scans are used to: (a) generate AI-powered makeup looks using Replicate's AI service; (b) extract facial landmarks (eyes, nose, lips, face shape) using Google Vision API for color analysis and personalized recommendations; and (c) create customized step-by-step makeup guides using OpenAI API. AI-generated makeup look images are used to: (a) extract facial landmarks using Google Vision API to analyze the makeup application; and (b) generate detailed makeup tutorials customized for you and each specific look using OpenAI API. We do not use your face data for any purpose beyond these stated uses.
Third-Party Sharing and Storage: Your face data is shared with the following third-party services solely to provide app functionality: (a) Replicate (replicate.com) - processes original face scans to generate AI makeup looks. Replicate may collect API usage data including information about requests and resulting data to improve their services. See their privacy policy at https://replicate.com/privacy; (b) Google Vision API - analyzes both original face scans and AI-generated looks to extract facial landmarks. Google does not use your images for any purpose except to provide the Vision API service, does not share your content with third parties, and does not persist images to disk for online operations. Metadata about API requests is temporarily logged. See https://cloud.google.com/vision/docs/data-usage; and (c) OpenAI API - processes face images to generate personalized makeup guides. We have disabled audit logging and API call logging for OpenAI. See https://platform.openai.com/docs/guides/your-data. Your face data is stored exclusively in our secure primary application database and is not stored on any other systems or services beyond temporary processing by the third-party APIs listed above. By using our app, you consent to sharing your face data with these third-party services under their respective privacy policies.
Face Data Retention: Original face scans are retained indefinitely in our secure database until you explicitly delete them through the app interface. Each face scan remains stored until you choose to remove it from your account. AI-generated makeup look images are also retained indefinitely in our database until you delete the specific makeup look. When you delete a face scan or makeup look, it is permanently removed from our database. Third-party services (Replicate, Google Vision API, OpenAI API) do not permanently store your face data; they process images temporarily to provide results and then delete the image data according to their policies (typically immediately after processing or within a few hours as a failsafe). You maintain full control over your face data and can delete any or all face scans and generated looks at any time through your account settings.
We collect data directly from you when you authenticate with Google OAuth, complete the onboarding questionnaire, upload face scans or inspiration images, or contact support. We also collect data automatically through mobile analytics SDKs and similar technologies. Third-party data comes from Google (via OAuth authentication), Apple App Store (for subscription management), and RevenueCat (for payment processing and subscription analytics).
We use personal information for the following purposes:
Where required by law (including the European Economic Area and United Kingdom), we process personal data based on one or more of the following legal bases: (a) to perform our contract with you; (b) with your consent (which you may withdraw at any time); (c) to comply with legal obligations; and (d) for our legitimate interests in operating and improving the Services, provided those interests do not override your rights and freedoms.
We do not sell personal information. We share data only as necessary to provide the Services or when legally required:
All payments and subscription management are handled by Apple App Store and RevenueCat. We do not collect, store, or process any credit card information, billing addresses, or other payment details. Payment data is processed directly by Apple according to their privacy policies and security standards. We only receive subscription status information and anonymized transaction identifiers necessary to provide premium features.
When you upload inspiration looks or other images to our platform, you are responsible for ensuring you have the right to share those images. We are not responsible for any intellectual property infringement or rights violations related to user-uploaded content. You warrant that any content you upload does not infringe third-party copyrights, trademarks, or other intellectual property rights. We may remove content that appears to infringe third-party rights upon receiving proper notice.
We use the following third-party AI services to process your face scans and provide our features: (a) OpenAI API - processes your face scans to generate personalized makeup guides; (b) Google Vision API - analyzes your face scans to extract facial landmarks and features for color analysis and product recommendations; and (c) Replicate's Google Nano-Banana model - generates AI-powered makeup looks based on your facial features. These services have their own privacy policies and data handling practices. By using our Services, you consent to your face scans being processed by these third-party services as necessary to provide the requested features.
We operate from the United Kingdom and transfer personal data to other countries where our service providers operate, including the United States (for OpenAI API, Google Vision API, Replicate, cloud hosting, and analytics services). When transferring data from the European Economic Area, United Kingdom, or other regions with data transfer restrictions, we rely on appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or other lawful mechanisms to ensure your data remains protected.
We retain personal information only as long as necessary to fulfill the purposes described above, comply with legal obligations, resolve disputes, enforce agreements, or to the extent required by warranty or statutory retention periods. For specific face data retention policies, see Section 2 above. You may request deletion of certain data via in-app controls or by contacting us.
We implement technical and organizational safeguards designed to protect personal information, including encryption in transit, role-based access controls, secure cloud infrastructure, and regular reviews of our security posture. However, no system can be guaranteed 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us immediately of unauthorized access or suspected compromise.
Depending on your location, you may have the right to:
California residents may also request information about data disclosures, opt out of certain sharing, or exercise rights under the California Consumer Privacy Act (CCPA) and subsequent amendments. To exercise any of these rights, submit a request through the in-app settings, email contact@lumebeauty.app, or use the contact information below. We may require verification of your identity before fulfilling a request.
You may opt out of marketing emails by following the unsubscribe instructions in the message or updating your in-app preferences. Even after you opt out of marketing, we may still send transactional or service-related communications (e.g., security notices, receipts).
We and our analytics or advertising partners use cookies, device identifiers, and similar technologies to understand usage patterns, remember preferences, and measure campaign performance. Most browsers and devices allow you to control cookies or disable certain tracking. Limiting these technologies may impact some Service features.
The Services are not directed to children under 13, and we do not knowingly collect personal data from children under that age. If we learn that a child under 13 (or the equivalent age of digital consent in their region) has provided personal data, we will delete it and take appropriate action to terminate the account. Parents or guardians who believe a child has provided data should contact us immediately.
The Services may contain links to third-party websites, apps, or integrations. We do not control third-party privacy practices, and this policy does not apply to information collected outside of the Services. We encourage you to review the privacy policies of any third parties you interact with.
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via in-app notice, email, or other appropriate means. The updated policy will be effective as of the "Last updated" date. Continued use of the Services after the effective date constitutes acceptance of the revised policy.
For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at contact@lumebeauty.app or by mail at LUME Beauty Ltd., Attn: Privacy, London, United Kingdom.