Privacy Policy
Effective date: 28 May 2026 · Last updated: 31 May 2026
The short version: Lumen is a Christian devotional app
with daily prayers, Bible reading, quizzes, friends and a community feed.
We store the minimum data needed to run those features. We do not sell
your data. We show ads through Google AdMob to keep the app free. You
can delete your account at any time.
1. Who we are
Lumen (the “App”) is operated by an independent developer
based in North Macedonia. Throughout this policy, “we”,
“us” and “our” refer to the developer of Lumen.
For any privacy-related question or request, contact us at
[email protected].
2. Information we collect
2.1 Information you provide when you register
- Email address
- Username
- First name and last name
- Age (optional)
- Country (optional)
- Password — never stored in plain text; we keep only a salted BCrypt hash
2.2 Activity data we record while you use the App
- Total experience points (XP), level, streak count, longest streak,
weekly XP
- Daily progress for prayers, Bible reading, quiz and riddle activities
- Achievements you have unlocked
- Prayers you post to the community feed and the “likes”
you give or receive on them
- Friendships and incoming/outgoing friend requests
2.3 Information collected automatically
- App usage time per section (Prayers, Bible, Quiz, etc.), stored
locally on your device and used only for the in-app statistics screen
- Device advertising identifier and basic device data (model, OS
version, language, coarse region) — collected by Google AdMob,
see Section 4
- A push-notification token (Firebase Cloud Messaging registration
token) so we can deliver reminders and friend / leaderboard
notifications — see Section 4
3. How we use this information
- To authenticate you and keep your account secure (email + hashed password)
- To show your personalized XP, streak, level and achievements
- To run the friends and community-prayer features
- To compute and display global and friends-only leaderboards
- To regenerate daily content (prayers, quiz questions, riddles) for
all users via the Groq AI service — we do not send any of your
personal data to Groq, only generic prompts
- To send transactional emails such as email-verification codes and
password-reset codes
- To serve relevant ads through Google AdMob
- To improve the App and diagnose bugs
4. Third-party services
Lumen integrates the following third-party services. Each handles certain
data on its own terms; we recommend you review their privacy policies.
4.1 Google AdMob (advertising)
We display banner, interstitial and rewarded ads via Google AdMob. AdMob
may collect your device’s advertising identifier, IP address,
coarse location, device type and basic interaction signals in order to
serve relevant ads. You can limit ad personalization in your device
settings (Android: Settings → Google → Ads).
AdMob privacy policy:
policies.google.com/technologies/ads.
4.2 Groq (AI content generation)
Daily prayers, multiple-choice quiz questions and word riddles are
generated by a large language model hosted by Groq, Inc. The generation
happens on our server with non-personal prompts; no user data is
ever sent to Groq.
Groq privacy policy:
groq.com/privacy-policy.
4.3 Email delivery (Gmail SMTP)
Verification emails and password-reset emails are sent through a Gmail
SMTP account we control. Your email address is transmitted to Gmail for
this purpose only and is not used for marketing.
4.4 Backend hosting (FSM Hosting)
The application backend and database run on infrastructure provided by
FSM Hosting. All data described in Section 2 (other than what AdMob and
Groq see above) is stored on this infrastructure.
4.5 Firebase Cloud Messaging (push notifications)
We use Google Firebase Cloud Messaging (FCM) to deliver push
notifications — daily reminders and friend / leaderboard alerts.
Your device’s FCM registration token is stored on our backend so we
can send these notifications, and is removed when you log out or delete
your account. You can turn notifications off at any time in the App
(Settings → Notifications) or in your device settings.
Firebase privacy & terms:
firebase.google.com/support/privacy.
5. Data storage and security
- Passwords are stored only as salted BCrypt hashes — we never
see, log or store the original password.
- Session tokens use JSON Web Tokens (JWT) and are stored on your
device using your platform’s secure storage
(Android Keystore / iOS Keychain).
- All communication between the App and our backend goes over HTTPS.
- The database is hosted in the EU/Balkans region.
6. Data retention
- Your account data is kept for as long as your account exists.
- You can delete your account at any time directly in the App
(Settings → Delete Account), which immediately and
permanently removes your profile, engagement data, device tokens,
friendships and posted prayers from our servers. You can also request
deletion by email. We may retain only the minimum information required
for legal or anti-abuse reasons.
- Community prayers you have shared may remain visible to other users
in anonymized form (your username replaced with “Anonymous”).
- Activity counters stored only on your device (usage statistics, lives
timer) are removed if you uninstall the App.
7. Your rights
You have the following rights regarding your personal data. To exercise
any of them, email us at
[email protected].
- Access — request a copy of the data we hold
about you.
- Correction — ask us to fix data you believe is
inaccurate. Most fields are also editable directly in the App from the
Settings → Update Profile screen.
- Deletion — delete your account and all
associated data instantly from Settings → Delete Account
in the App, or ask us by email.
- Withdraw consent — you can revoke any
previously-given consent at any time.
- Object — ask us to stop processing your data
for a specific purpose.
- Portability — receive your data in a common,
machine-readable format.
- Complain — lodge a complaint with your local
data-protection authority. In North Macedonia this is the
Agency for Personal Data Protection
(azlp.mk).
8. Children’s privacy
Lumen is not directed at children under 13. We do not knowingly collect
personal information from anyone under 13. If you believe a child has
provided us with personal information, please contact us and we will
delete the data promptly.
9. International data transfers
Some of our service providers (notably Google AdMob and Groq, Inc.) are
based in the United States and may process certain data outside of North
Macedonia and the European Economic Area. These providers commit to
providing an adequate level of protection through standard contractual
clauses or equivalent mechanisms.
10. Changes to this policy
We may update this policy as the App evolves. When we make material
changes we will update the “Last updated” date at the top
and, where appropriate, notify you inside the App.