Effective Date: December 17, 2024 | Last Updated: December 17, 2024
Our Commitment to Your Privacy
At LumiMD, we understand that your health information is deeply personal. We are committed to protecting your privacy and ensuring you maintain control over your data. This policy explains what information we collect, how we use it, and your rights regarding your data.
Our Promise: We never sell your data. We only use it to provide and improve our service to you.
Information We Collect
Information You Provide
Account Information: Name, email address, date of birth
Health Information: Medical history, allergies, current medications
Visit Recordings: Audio recordings of your healthcare visits
Notes: Any notes you add to your visits or medications
Information We Generate
Transcripts: Text transcriptions of your visit recordings, created using AI
Summaries: Visit summaries, medication lists, and action items, created using AI
Safety Alerts: Drug interaction and allergy warnings generated from your medication list
Technical Information
Device Information: Device type, operating system, app version
Log Data: IP address, access times, error logs for debugging
How We Use Your Information
Primary Uses
Transcribe Your Visits: Convert audio recordings to text
Generate Summaries: Extract key information including diagnoses, medications, and follow-up steps
Medication Safety: Check for drug interactions and allergy alerts
Organize Your Data: Store and display your health information securely
Send Notifications: Remind you about action items and important updates
Secondary Uses
Improve Our Service: Analyze aggregated usage patterns to improve the app
Provide Support: Help troubleshoot issues you report
Ensure Security: Detect and prevent fraud, abuse, and security threats
What We Do Not Do
We do not sell your data to any third party
We do not share your data with advertisers
We do not use your data for marketing third-party products
We do not share your data with insurance companies
How We Protect Your Information
Encryption
In Transit: All data sent between your device and our servers is encrypted using HTTPS/TLS
At Rest: All stored data is encrypted using AES-256 encryption
Infrastructure: Hosted on Google Firebase with enterprise-grade security controls
AI Processing and Data Retention
We use trusted AI providers to transcribe and analyze your health information. We have implemented strict data retention policies to minimize how long your data exists on third-party systems:
Audio Transcription Services
We use a third-party AI service to convert your audio recordings into text transcripts
Immediate Deletion: Transcripts are automatically deleted from the transcription service immediately after we receive and process them
Audio is never stored permanently on third-party servers
AI Summarization Services
We use a third-party AI service to analyze transcripts and extract key clinical information
Zero Data Retention: We configure our AI provider with zero-retention settings, meaning your data is deleted immediately after processing completes
Your data is never used to train AI models
Access Controls
Only you can access your data unless you explicitly share it with a caregiver
LumiMD employees cannot access your personal health data without your explicit permission
Strong authentication protects your account
All access to sensitive data is logged for audit purposes
Your Data Rights
Access Your Data
You can view all your data at any time within the app. To download a complete copy of all your data, contact us at privacy@lumimd.app.
Delete Your Data
You can delete your account and all associated data at any time:
Navigate to Settings, then Account
Select Delete Account
Confirm the deletion
When you delete your account:
All visits, recordings, transcripts, and summaries are permanently deleted
All personal information is permanently deleted
All medications, allergies, and health history are permanently deleted
Your account is immediately deactivated
This action cannot be undone
Correct Your Data
You can update your personal information at any time in the Settings section of the app.
Export Your Data
Request a copy of your data in a portable format by emailing privacy@lumimd.app. We will respond within 30 days.
Data Sharing
When We Share Your Data
With Your Permission
When you use our sharing feature to give caregivers access to your health information
When you explicitly authorize sharing with healthcare providers
For Legal Reasons
To comply with valid legal processes such as court orders or subpoenas
To protect our rights or the safety of others
To detect, prevent, or address fraud or security issues
With Service Providers
Cloud Infrastructure Provider: Secure cloud storage and authentication services
AI Transcription Service: Audio-to-text processing (data deleted immediately after processing)
AI Summarization Service: Medical information extraction (zero data retention)
All service providers are bound by strict confidentiality agreements and data processing terms.
What We Never Share
Your data with advertisers or marketing companies
Your data with insurance companies
Your data for sale to any third party
Your data for purposes other than providing our service to you
Data Retention
How Long We Keep Your Data
Your Account Data: We retain your data as long as your account is active
AI Processing Data: Deleted immediately after processing (see AI Processing section above)
Audio Recordings: Stored securely until you delete them or delete your account
Inactive Accounts: If you do not use the app for 2 years, we will email you before deleting your data
Deleted Accounts: Data is immediately deleted with a 30-day recovery period
Automated Privacy Measures
We run automated daily processes to ensure no sensitive data is retained longer than necessary. This includes sweeping for any orphaned transcription data or audio files that should have been deleted.
Backups
Your data may remain in encrypted backup systems for up to 90 days after deletion, after which it is permanently erased.
Children's Privacy
LumiMD is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at privacy@lumimd.app.
California Privacy Rights (CCPA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:
Right to Know
You may request information about what personal data we collect, use, and share.
Right to Delete
You may request deletion of your personal data, subject to certain legal exceptions.
Right to Non-Discrimination
We will not discriminate against you for exercising your privacy rights.
No Sale of Personal Information
We do not sell your personal information to third parties.
Essential Cookies: Required for authentication and security
Analytics Cookies: To understand how you use the app (anonymized data only)
What We Do Not Use
Advertising or marketing cookies
Third-party tracking for advertising purposes
Cross-site tracking
You can disable non-essential cookies in your browser settings, though this may affect some functionality.
Changes to This Policy
We may update this policy from time to time. If we make significant changes, we will notify you through:
Email to your registered email address
In-app notification
A notice on our website
Your continued use of LumiMD after changes are posted constitutes your acceptance of the updated policy.
International Data Transfers
Your data is processed and stored in the United States. If you are located outside the United States, your data will be transferred to and processed in the U.S. We implement appropriate safeguards to protect your data during transfer and processing.