Lumo — Your crypto, in your pocket

1. Information we collect

When you use Lumo, we collect information you provide directly (such as your name, email address, and identity documents during KYC), information generated by your use of our services (such as transaction data, device identifiers, and usage logs), and information from third parties (such as card networks and custodians) necessary to operate your account.

2. How we use your information

We use your information to provide and improve our services, process transactions, verify your identity as required by law, detect and prevent fraud, comply with legal obligations, and communicate with you about your account and updates to our services.

3. Data sharing

We do not sell your personal information. We share data with card-issuing partners, custodians, and payment networks as necessary to operate Lumo, with identity verification providers to satisfy KYC/AML obligations, and with regulators and law enforcement when required by law.

4. Data retention

We retain your personal data for as long as your account is active and for a period afterward as required by financial regulations (typically 5–7 years). You may request deletion of non-regulated data at any time by contacting us.

5. Your rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data; object to or restrict processing; and receive a copy of your data in a portable format. To exercise these rights, contact us at [email protected].

6. Security

We use industry-standard encryption in transit and at rest, multi-factor authentication, and regular security audits. 95% of user funds are held in offline cold storage. We maintain a responsible disclosure program for security researchers.

7. Contact

For privacy-related questions, contact our Data Protection Officer at [email protected] or write to: Lumo Technologies, Inc., Bucharest, Romania.