LumaFrame Privacy Policy

LumaFrame is operated by Fastend Ltd under the Nodiom brand. LumaFrame is an AI photo editor for mobile that lets users take or import photos, choose an aesthetic mode, generate an edited result, save or share it, and keep edit history.

Support: support@nodiom.com

Legal and privacy: legal@nodiom.com

• Anonymous account information, such as a Supabase user ID, device install ID, RevenueCat app user ID, entitlement status, timestamps, edit history, and usage ledger records.
• Optional account recovery information if you link Apple or Google sign-in.
• Uploaded source photos or images that you choose to process in the app.
• Generated outputs created from your uploaded images and selected edit settings.
• Purchase or subscription status where needed to provide paid features.
• Device and app diagnostics, such as app version, device type, errors, and crash information.
• Analytics events used to understand app performance and feature usage.

On first launch, LumaFrame creates or uses a persistent anonymous Supabase account. We may store a Supabase user ID, device install ID, RevenueCat app user ID, entitlement status, timestamps, edit history, and usage ledger records so the app can recover edits, enforce quotas, and provide subscriptions.

You may optionally link Apple or Google sign-in for account recovery. If you do, we receive the authentication identifiers and profile data made available by that provider and Supabase Auth. Email/password and email OTP login are not planned for v1.

When you edit a photo, we upload the source image to private Supabase Storage, send the image and selected edit instructions to OpenRouter and the image model providers routed through OpenRouter for generation, store the generated result privately, and return signed URLs to the app. Images are not public by default.

We do not intentionally use your photos to train our own AI models. Photos and prompts are processed by third-party AI providers to generate your edits, and their processing is governed by their own terms and data policies.

We may store the selected mode and edit controls, such as intensity, face preservation, skin retouch level, body editing setting, background cleanup, output format, model ID, generation status, and errors. This helps show history, recover jobs after app restart, enforce quota, debug failures, and improve product quality.

We may store model ID, latency, success or failure status, provider cost, token or image usage where available, account ID, and timestamps for each generation. This is used for quota enforcement, abuse prevention, cost tracking, support, and reliability.

PostHog may collect product analytics such as screen views, feature use, button taps, performance events, and coarse device or app details.

Sentry may collect crash reports, error logs, stack traces, device or app details, and related diagnostics.

Purchases are processed by Apple App Store or Google Play and managed through RevenueCat. We receive subscription status, entitlement identifiers, product identifiers, transaction or event identifiers, renewal, cancellation, and refund events, and related metadata. We do not receive full payment card details.

• Backend, authentication, database, storage, and edge functions: Supabase.
• AI generation: OpenRouter and the image model providers routed through OpenRouter.
• Payments and subscriptions: RevenueCat, Apple App Store, and Google Play.
• Analytics: PostHog.
• Crash and error reporting: Sentry.

You can request deletion of account data and photo history from within the app or by contacting support@nodiom.com. We will delete or anonymize account records, edit jobs, source images, generated results, and related history where reasonably possible.

Some records may be retained where required for legal, security, fraud prevention, billing, tax, support, dispute, or compliance reasons.

Data may be processed in countries outside your country of residence by our infrastructure and service providers.

LumaFrame is not intended for children under 13, or under the minimum digital consent age in their country where a higher age applies. We do not knowingly collect personal data from children below the required age of consent.