Privacy Policy

Effective Date: 1 August 2025

Last Updated: As stated above

1. Introduction

This Privacy Policy describes how Lumora Labs Pty Ltd ("we", "us", "our" or "Lumora Labs") collects, uses, stores, and protects your personal information when you use our software applications Macro and MooDo (the "Services") and visit our website.

We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains your rights regarding your personal information and how we handle it.

Contact Information:

Company: Lumora Labs Pty Ltd
Email: lumos@lumoralabs.io
Address: Vermont South, VIC, Australia

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

Account Information:

Name and email address
User credentials and authentication data
Profile information you provide

Usage Data:

App usage patterns and preferences
Feature interactions and settings
Device information (type, operating system, version)
IP addresses and general location data
Session data and timestamps

Communication Data:

Support requests and correspondence
Feedback and survey responses
Beta testing feedback (if applicable)

2.2 Information Collected Automatically

Our Services automatically collect certain information through:

Firebase Analytics: Usage statistics, crash reports, and performance data
Apple Analytics (iOS): App performance and usage metrics
Cookies and similar technologies: As detailed in our Cookies Policy

3. How We Use Your Information

We use your personal information for the following purposes under the Australian Privacy Principles:

3.1 Primary Purposes

Service Provision: Operating and maintaining the Macro and MooDo applications
Account Management: Creating and managing your user account
Customer Support: Responding to your inquiries and providing technical assistance
Service Improvement: Analyzing usage patterns to enhance our applications

3.2 Secondary Purposes

Communication: Sending service updates, security alerts, and important notices
Marketing: With your consent, sending promotional materials about new features
Legal Compliance: Meeting our legal obligations and protecting our rights
Safety and Security: Preventing fraud and ensuring platform security

4. Data Storage and Security

4.1 Storage Locations

Your personal information is stored using the following services:

Firebase (Google Cloud Platform):

Primary data storage for application data
Data may be processed in Google data centers globally
Subject to Google's Data Processing and Security Terms
Firebase provides encryption in transit and at rest

Apple iCloud:

Used for iOS app data synchronization (with user consent)
Data stored in Apple data centers (may include international locations)
Subject to Apple's Data Processing Agreement
End-to-end encryption available for certain data types

Notion:

Used for internal data processing and customer support
Data processed according to Notion's GDPR-compliant practices
European data residency options available

4.2 Data Security Measures

We implement appropriate technical and organizational measures including:

Industry-standard encryption for data in transit and at rest
Regular security assessments and updates
Access controls and authentication requirements
Employee privacy training and confidentiality agreements
Incident response procedures for data breaches

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share limited personal information with trusted service providers:

Google/Firebase:

Purpose: App analytics, crash reporting, cloud hosting
Data Processing Agreement: Google Cloud Data Processing Addendum
Location: Global (with data residency controls where possible)

Apple Inc.:

Purpose: iOS app functionality and iCloud synchronization
Data Processing Agreement: Apple Developer Agreement
Location: Global Apple data centers

Notion Labs Inc.:

Purpose: Customer support and internal operations
Data Processing Agreement: Notion GDPR Data Processing Addendum
Location: US/EU (with data residency options)

5.2 Legal Disclosures

We may disclose your information when required by Australian law or to:

Comply with legal process or government requests
Protect our rights, property, or safety
Investigate and prevent fraud or security issues
Enforce our Terms of Service

5.3 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. International Data Transfers

6.1 Overseas Disclosure

Your personal information may be disclosed to recipients outside Australia, including:

United States: Google (Firebase), Apple, Notion
European Union: Google Cloud Platform, Notion (optional)
Other locations: As required by our service providers' global infrastructure

6.2 Safeguards for Overseas Transfers

When transferring data overseas, we ensure:

Adequate contractual protections through Data Processing Agreements
Compliance with APP 8 (Cross-border disclosure of personal information)
Use of service providers with equivalent privacy protections
Regular review of international transfer arrangements

7. Your Rights and Choices

Under Australian privacy law, you have the following rights:

7.1 Access and Correction

Access: Request a copy of your personal information
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal requirements)

7.2 Marketing Communications

Opt-out: Unsubscribe from marketing emails at any time
Preferences: Manage communication preferences in your account settings

7.3 Data Portability

Export: Request your data in a structured, commonly used format
Transfer: Facilitate transfer to another service provider where technically feasible

7.4 Account Deletion

Full Deletion: Request complete deletion of your account and associated data
Data Retention: Some information may be retained for legal or security purposes

8. Data Retention

8.1 Retention Periods

Active Accounts: Data retained while your account remains active
Inactive Accounts: Data may be deleted after 2 years of inactivity
Deleted Accounts: Most data deleted within 30 days; some data retained for legal purposes
Support Communications: Retained for up to 3 years for quality assurance

8.2 Legal Requirements

Some information may be retained longer to comply with:

Tax and accounting obligations (7 years)
Legal proceedings or investigations
Fraud prevention and security purposes

9. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover we have collected such information, we will delete it promptly.

10. Cookies and Tracking

We use cookies and similar technologies as described in our separate Cookies Policy. You can manage cookie preferences through your browser settings or our cookie consent tools.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will:

Post the updated policy on our website
Notify you via email or in-app notification for material changes
Update the "Last Updated" date at the top of this policy

12. Contact Us and Complaints

12.1 Privacy Contact

For questions about this Privacy Policy or to exercise your rights:

Email: lumos@lumoralabs.io
Response Time: We aim to respond within 30 days

12.2 Complaint Process

If you believe we have breached your privacy:

Internal Complaint: Contact us using the details above
External Complaint: Contact the Office of the Australian Information Commissioner (OAIC)
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au

12.3 Resolution Timeline

We will:

Acknowledge your complaint within 7 days
Investigate and respond within 30 days
Provide information about external complaint options if needed

This Privacy Policy is governed by Australian law and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.