Lume

Privacy Policy

Last updated and effective: May 21, 2026

Radish Retail, LLC ("Radish", "we", "us", "our") operates the Lume mobile application, public Lume share pages, Radish-hosted Lume pages, and related services (the "Service"). This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have.

This Privacy Policy is incorporated into our Terms of Service by reference.

1. Summary

2. Information We Collect

2.1 Information you provide

2.2 Information we generate or collect automatically

2.3 Information we do not collect or use

3. Biometric Data and Face Scans

3.1 Purpose and consent

Scans may be considered biometric data or sensitive personal information under some laws. We collect and process Scans only to generate your skin scores, apparent skin-age estimate, zone map, quality warnings, trends, routine feedback, and related recommendations. By taking a Scan and continuing through the consent screen, you consent to that processing.

3.2 Storage and access

Scans are uploaded over HTTPS to a private Supabase storage bucket under a path scoped to your authenticated user ID. Database rows reference the private storage path. App surfaces that need to display a scan request a short-lived signed URL rather than making the bucket public.

3.3 AI processing

The analyze-scan function validates your session, confirms that the storage path belongs to you, downloads the scan server-side, and submits the image plus selected onboarding context to Google Gemini/Vertex AI for structured analysis. Google returns scores and insights, which Lume stores with your account.

3.4 Retention and deletion

We retain Scans and scan-derived rows until you delete individual scans, delete your account, or request deletion, unless a longer retention period is required by law, security, fraud prevention, or dispute handling. Failed or invalid analysis attempts are designed to delete orphaned upload objects when no score row is created.

3.5 No sale or public model training

We do not sell, rent, or license Scans. We do not use Scans to train publicly released AI models. AI providers may process data to deliver and secure the requested service and enforce abuse policies, subject to their applicable terms and data processing commitments.

3.6 State-specific biometric laws

Residents of jurisdictions with biometric privacy laws, including Illinois, Texas, and Washington, may have additional notice, consent, retention, and deletion rights. This policy provides notice of collection, purpose, service-provider disclosure, and retention. Contact privacy@radish.software for additional requests.

4. Product Scanning, Retailer Links, and Affiliate Commerce

Lume includes product discovery and product-fit features. You may scan Lume product links, Amazon product links/ASINs, UPC/EAN/GTIN barcodes, and QR codes. The app first checks the Lume catalog. If a retail barcode is not in our catalog, Lume may query Open Beauty Facts and UPCitemdb and may normalize skincare metadata with Google Gemini/Vertex AI. We cache lookup results to improve speed, reduce cost, and limit repeated external API calls.

Product prices, images, availability, retailer names, reviews, and claims may come from public retailer feeds, affiliate feeds, or third-party catalog sources. These can be incomplete, delayed, or inaccurate. Retailer links may open Amazon, Sephora, Ulta, Target, Walmart, official brand sites, or other destinations, which process your visit and purchase under their own terms and privacy policies.

Some links are affiliate links. If you buy through those links, Radish may earn a commission at no additional cost to you.

5. Public Sharing and Referrals

If you choose to share from Lume, we may create a public snapshot:

Share URLs and preview PNGs are intended to be public. Anyone with the link, including social platforms and link-preview crawlers, may access the public snapshot. Do not share content that you do not want others to see.

6. How We Use Information

We do not use personal information for automated decisions that produce legal or similarly significant effects.

7. How We Share Information

We share information only as described in this policy. We do not sell your personal information.

7.1 Service providers and processors

ProviderPurposeData received
SupabaseAuthentication, database, Edge Functions, private scan storage, public share-preview storageAccount IDs, emails where provided, anonymous IDs, scans, scores, routines, shares, referrals, products, logs
GoogleGoogle sign-in and Gemini/Vertex AI scan/product analysisOAuth identifiers where used, scan images submitted for analysis, selected onboarding context, product metadata submitted for normalization
AppleSign in with Apple, App Store subscriptions, app distribution, crash/diagnostic ecosystemApple account identifiers, subscription transactions, eligibility and refund/cancellation status managed by Apple
RevenueCatSubscription entitlement management and purchase/restore flowApp user IDs, product identifiers, entitlement status, transaction metadata, diagnostics
PostHogProduct analytics, feature exposure, errors, conversion measurementPseudonymous user IDs, account email/name where identified, device/app metadata, event properties, error messages and stack traces when captured; session replay disabled
Open Beauty Facts and UPCitemdbBarcode and product lookup fallbackBarcode values and lookup requests; returned product metadata
Retailers and affiliate programsRetailer links, affiliate attribution, checkout routingInformation sent when you click or open third-party retailer destinations, subject to their policies
Cloudflare, Vercel, Expo/EAS, and infrastructure providersHosting, domains, builds, networking, security, app deliveryTechnical logs, IP addresses, device/app metadata, request metadata as needed to provide infrastructure

7.2 Public sharing chosen by you

Public share pages, product pages, invite links, social share targets, and link previews receive the information needed to render the share or route the recipient.

7.3 Business transfers

If Radish is acquired, merged, reorganized, financed, or sells assets, information may be transferred as part of that transaction.

7.4 Legal and safety

We may disclose information when necessary to comply with law, respond to valid legal requests, protect rights, prevent fraud or abuse, or enforce our Terms.

7.5 With your consent

We may share information for other purposes disclosed to you with consent.

8. Your Rights and Choices

California residents and residents of other jurisdictions with privacy laws may have additional rights to know, access, correct, delete, portability, limit sensitive data use, opt out of sale/share, and not be discriminated against. We do not sell personal information or share it for cross-context behavioral advertising.

EEA/UK residents may have rights to access, rectify, erase, restrict, object, portability, withdraw consent, and complain to a supervisory authority. Where GDPR/UK GDPR applies, our legal bases include contract, consent, legitimate interests, legal obligations, and vital/public safety interests where applicable.

9. Retention

We retain account data, Scans, scan-derived results, routines, product activity, shares, referrals, subscription records, analytics, and logs for as long as needed to provide the Service, maintain security, resolve disputes, comply with law, or enforce agreements. Account deletion removes associated server records and owned storage objects where technically supported, subject to backups, legal obligations, and fraud/security retention.

10. Security

We use HTTPS, Supabase authentication, private storage buckets, row-level security, short-lived signed URLs for private scans, service role isolation for server operations, and access controls. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

11. Children

Lume is not directed to children under 13, and we do not knowingly collect personal information from children under 13. We do not ask for date of birth in the current onboarding flow. If you believe a child under 13 has used Lume or provided personal information, contact privacy@radish.software.

12. International Transfers

Radish is based in the United States, and providers may process data in the United States and other countries. Where required, we rely on appropriate transfer mechanisms and service-provider commitments.

13. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will provide notice by email, in-app notice, app update notes, or another reasonable method where required. The effective date above shows when this policy version applies.

14. Contact

Privacy: privacy@radish.software

Legal: legal@radish.software

Support: support@radish.software