Privacy Policy for Lume
Effective Date: June 2025
Legal Entity: Catch Yazılım Limited Şirketi
Registered Address: Maslak Mah. Büyükdere Cad. Uso Center No: 245/27,
Sarıyer, İstanbul, Türkiye
This Privacy Policy explains how Catch Yazılım Limited Şirketi ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal data when you access or use our mobile application Lume ("App" or "Lume"), a generative-AI-based platform for image creation and related services (collectively, the "Services").
The data controller responsible for processing your personal data is:
Catch Yazılım Limited Şirketi
Maaslak Mah. Büyükdere Cad. Uso Center No: 245/27
Sarıyer, İstanbul, Türkiye
For privacy-related queries: lume@catchmobiletech.com
● Account and profile data: email, username, password (hashed)
● Uploaded or generated content: images, prompts, texts, and optionally biometric data such as face images for AI-powered image generation
● Customer support queries and feedback
● Consent selections for data usage and AI training
● Device information: model, operating system, IP address, language
● Usage data: app features used, session duration, errors
● In-app behavior: clickstreams, prompt history, preferences
● Mobile identifiers: IDFA/GAID, installation source
● Social login info (Apple, Google)
● App Store purchase confirmations
● Analytics platforms (e.g., Microsoft Clarity)
|
Purpose |
Legal Basis (GDPR) |
|
Provide core app features |
Performance of contract (Art. 6(1)(b)) |
|
Improve AI models |
Consent (Art. 6(1)(a)) |
|
Analytics & crash reports |
Legitimate interest (Art. 6(1)(f)) |
|
Marketing communications |
Consent (Art. 6(1)(a)) |
|
Comply with legal obligations |
Legal obligation (Art. 6(1)(c)) |
|
Face data processing (biometric) |
Explicit consent (Art. 9(2)(a)) |
● To authenticate users and provide access
● To generate AI-based images, including those involving face data, only with explicit user consent
● To improve performance, detect bugs, and optimize UX
● To personalize content and future product recommendations
● To communicate important changes or promotional offers
● To process payments, subscriptions, and trials
We may use uploaded content—including text, images, and metadata—to train and improve our AI models only with your explicit, opt-in consent. This includes face data, which is never used for AI training unless you have opted in. You can withdraw this consent anytime from the in-app privacy settings.
Lume includes optional features that involve the use of face data to generate AI-powered visual content. This section explains how we handle such data in line with applicable legal and App Store requirements.
Face data is used only to generate personalized AI images based on your input. Processing is automated and either performed on-device or on secure servers. Face data is not used for identification, authentication, or tracking.
● Face data is not stored permanently.
● It is temporarily processed in memory or securely cached to fulfill your image generation request.
● All face data is deleted automatically within 24 hours of processing completion.
● No face data is retained beyond this period unless you have given
explicit consent for AI training (see Section 5).
● We do not share face data with any third parties for analytics,
marketing, or any other purpose.
● Third-party cloud infrastructure providers (e.g., AWS, Firebase) may
process encrypted data on our behalf without retaining it.
● Our infrastructure partners are contractually bound to delete cached
biometric data after processing.
● No third party retains or stores face data, and none has access to this
data for independent use.
Face data is considered biometric and sensitive. We process it only with your explicit and informed consent, which you may withdraw anytime within the app.
We use cookies and SDK-based tracking tools for:
● Performance analytics (Microsoft Clarity, Firebase)
● Device fingerprinting and session continuity
● User behavior analysis (heatmaps, flows)
You can opt out by disabling tracking in your device settings or privacy controls within the app.
We share your data only when necessary:
● Cloud providers (AWS, Firebase)
● Analytics and attribution (Microsoft Clarity, Appsflyer)
● Payment processors (Apple, Google)
● Customer support systems (e.g., Zendesk)
● Legal or governmental authorities when required
We do not sell your data to third parties.
Your data may be transferred to servers outside of Turkey or the European Economic Area (EEA), including the United States. When this occurs, we ensure adequate safeguards via:
● Standard Contractual Clauses (SCCs)
● Data processing agreements
● AI training data: up to 1 year (with consent)
● Face data: deleted automatically within 24 hours after use unless you’ve given training consent
● General user data: up to 2 years from last activity
● Payment data: as required by tax law (up to 10 years)
● Legal compliance data: as long as necessary for obligation
Data is deleted or anonymized after retention periods expire unless legally required otherwise.
You may:
● Access your data
● Correct inaccuracies
● Request deletion
● Object to processing (in specific cases)
● Withdraw previously granted consent
● Request a copy of your data (data portability)
To exercise your rights, contact: lume@catchmobiletech.com
If you're in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority.
We implement:
● SSL/TLS encryption
● Access restrictions
● Data minimization and anonymization
● Regular security audits and monitoring
However, no system is 100% secure. We encourage safe behavior and password hygiene.
Lume is not intended for users under 13. We do not knowingly collect or process children’s data. If discovered, such data will be deleted promptly.
We may update this policy periodically. You’ll be notified of material changes via the app or email. Continued use implies acceptance.
Catch Yazılım Limited Şirketi
Maaslak Mah. Büyükdere Cad. Uso Center No: 245/27
Sarıyer / İstanbul, Türkiye
Email: lume@catchmobiletech.com
Last updated: June 2025