Privacy Policy
Last updated: April 29, 2026
1. DATA CONTROLLER
"PMC Baltic" FZ-LLC (LICENCE NO: 45001684) (“we”, “us”, “our”) is the data controller responsible for your personal data.
Address: SFFO0507 Compass Building, Al Shohada Road, AL Hamra Industrial Zone-FZ, Ras Al Khaimah, United Arab Emirates
Email: hello@lumius-app.com
2. WHAT CATEGORIES OF PERSONAL DATA DO WE COLLECT?
We collect both data you voluntarily provide (e.g., email address, name) and data that is generated automatically when you use the Product (e.g., IP address, device type).
2.1. Data You Provide
You provide data when registering and/or using the Product, responding to our emails, or reporting a problem.
2.2. Automatically Collected Data
How you found us: We collect information about how you arrived at our Product (e.g., from which website or ad link you accessed it).
Cookies and other technologies: We use cookies and other tracking technologies to collect information about your use of the Product. For more information, see our Cookie Policy.
Browser and device data: We collect information about your device, including language settings, IP address, time zone, operating system, device model, and other technical data.
Payment data: If you make payments through the Product, our third-party service providers may collect your financial information (e.g., credit card number, transaction date and time).
| Category | Fields | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Email address | email | Deliver personalized quiz results, create account, transactional emails | Consent (Art. 6(1)(a)) | Active accounts: duration of account Abandoned sessions: 90 days |
| Health related quiz answers | quiz_answers (JSONB) | Generate personalized health/wellness recommendation | Explicit consent (Art. 9(2)(a)) special category data | Active accounts: duration of account Abandoned sessions: 90 days |
| Behavioral segment | result_segment | Tailor product recommendations to quiz outcome | Legitimate interest (Art. 6(1)(f)) or consent | Active accounts: duration of account Abandoned sessions: 90 days |
| Payment identifiers | stripe_customer_id, default_payment_method, stripe_payment_intent_id | Process payments, enable one click upsells, handle refunds | Contract performance (Art. 6(1)(b)) | 7 years (tax/accounting obligation) |
| Order history | amount_cents, currency, status, product_name | Fulfill purchases, provide order receipts, handle disputes | Contract (Art. 6(1)(b)) + legal obligation (Art. 6(1)(c)) | 7 years (tax/accounting obligation) |
| Listening progress | day_number, listen_duration_seconds, language | Track user progress through audio program, resume playback | Contract performance (Art. 6(1)(b)) | Duration of account |
| OTP login attempts | email, ip_address, success, attempted_at | Security monitoring, brute force protection | Legitimate interest (Art. 6(1)(f)) security | 30 days |
| Funnel behavior events | event_type, step_number, metadata | Analytics, conversion optimization, drop off detection | Consent (Art. 6(1)(a)) | Non purchased sessions: 90 days Purchased sessions: 2 years |
| Entitlements | product_slug, access_level, granted_at, expires_at | Grant and verify access to purchased digital products | Contract performance (Art. 6(1)(b)) | Duration of account |
3. FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
We process your personal data for the following purposes:
- 3.1. Service Provision , Your data is used to ensure smooth service delivery and to resolve technical issues.
- 3.2. Research and Analysis , We use your data to better understand how users interact with the Product and to improve its functionality.
- 3.3. Product Personalization , Your data may be used to personalize service offers, payment methods, and marketing campaigns.
- 3.4. Payment Processing , Your data is used to process payments via third-party service providers.
- 3.5. Fraud Prevention and Legal Compliance , We use your data to prevent unlawful activity and ensure compliance with our legal obligations.
- 3.6. Communication with You , We may contact you by email or via messages within the Product.
- 3.7. Marketing Messages , We may send you information about our Product, offers, promotions, and other updates.
- 3.8. Customer Support , Your data is used to provide assistance and respond to your inquiries.
- 3.9. Advertising Personalization , We use your data to display personalized advertising.
- 3.10. Legal Obligations , Where required by law, we may disclose your data to authorities.
4. DATA STORAGE AND TRANSFER
We store your data for as long as necessary to fulfill the purposes described in this Privacy Policy. If legal requirements mandate a longer retention period, your data will be retained as required by law.
Personal data may be transferred outside the EEA if necessary for service provision, subject to appropriate safeguards.
5. THIRD-PARTY DATA RECIPIENTS
We share your personal data with the third-party service providers listed below. Each provider acts as a data processor and processes data only on our instructions. We do not sell your personal data to any third party.
| Service | Role | Data Shared | Location | Transfer Mechanism |
|---|---|---|---|---|
| PostHog | Processor | Session ID, email (when identified), event names, page URLs | EU (eu.i.posthog.com) | EU data residency |
| Google Tag Manager / Google Ads | Processor / Controller | Hashed email (SHA 256), session ID, event names, metadata | US (Google LLC) | EU US Data Privacy Framework + SCCs |
| Stripe | Processor | Email, payment card (tokenized), amounts, customer ID, metadata | US (Stripe Inc.) | EU US Data Privacy Framework + SCCs |
| Vercel Analytics | Processor | Page URLs, Web Vitals, referrer, user agent | US (Vercel Inc.) | EU US Data Privacy Framework + SCCs |
| Vercel Speed Insights | Processor | Page load metrics, connection type | US (Vercel Inc.) | EU US Data Privacy Framework + SCCs |
| Supabase | Processor | All database contents (sessions, orders, events, progress, auth) | Check project region | Check project region |
| Meta Pixel | Processor | Hashed email (SHA 256), session ID, page views, purchase events | USA (Meta Platforms, Inc.) | EU US Data Privacy Framework + SCCs |
| ActiveCampaign | Processor | Email address, lead metadata, tags, quiz completion status | USA (ActiveCampaign, LLC) | Standard Contractual Clauses (SCCs) |
6. YOUR RIGHTS
You have the right to:
- Review, update, or correct your data;
- Request deletion of your personal data;
- Restrict or object to data processing;
- Lodge a complaint with a supervisory authority;
- Receive your data in a structured format.
7. CONTACT INFORMATION
If you have any questions about this Privacy Policy or the processing of your data, please contact us at: hello@lumius-app.com.