Privacy Policy
Lumiora (the “Company”) respects your privacy and complies with applicable data-protection laws. This Privacy Policy applies to the mobile application NotiVault AI (the “App”). NotiVault AI is a local-first app that collects, classifies, searches, summarizes, and stores your device notifications entirely on your device.
1. Information We Process
1.1 Processed only on your device (never sent to our servers)
The App collects notifications only after you grant Notification Access, and stores them in an encrypted on-device database (SQLCipher).
| Category | Items |
|---|---|
| Notification content | Body, title, sender (as shown by the source app), received time, source app package, notification images, raw notification payload. The body is stored verbatim and may contain sensitive data such as one-time codes or financial details. |
| Extracted data | Rule-based items (amount, date, order number, links). One-time passcodes (OTP) are not stored as values — only the fact of detection is recorded (masked as ******). |
| Analysis metadata | Category, importance, read state, language, content hash for de-duplication. |
| Search data | Keyword search index (over title, body, sender) and on-device AI summary cache. Both stay on the device only. |
| Your settings | Custom categories, manual rules, spam allow/block senders, learned senders, blocked apps, reminder settings. |
| Local identifier | A random install identifier generated on-device (never transmitted). |
1.2 May be processed/transmitted via third-party services
| Purpose | Data | Notes |
|---|---|---|
| Ads (optional) | Advertising ID, device & network info | Google AdMob (mediation host) with Meta Audience Network and Pangle. When active, shown under UMP consent, non-personalized by default. Notification content is never sent. |
| Usage analytics (optional) | App events (screen/button labels), app-instance ID, device/event info | Firebase Analytics. You can opt out in Settings. Notification content/senders are never sent. |
| Integrity check | App/device integrity token | Google Play Integrity. No personal content. |
| In-app purchase (optional) | Purchase token & state | Google Play Billing. Payment details are handled by Google. |
| AI model | Network info on download (e.g., IP) | Model download only from Hugging Face. No user data uploaded. |
The App has no sign-up, login, or account, and does not directly collect your name, phone number, or email (except an email you provide when contacting us).
2. Purposes of Processing
- Notification storage & management: automatic capture, encrypted storage, de-duplication, status overview
- Classification & search: automatic/manual classification, keyword and natural-language search
- Summaries, insights & reminders: on-device AI summaries, category/fatigue insights, re-alerts for unread important notifications
- Spam control: keyword/learned-sender classification and allow/block
- Data control: export (portability), retention management, deletion
- Quality & security: optional analytics-based improvement, root/tamper detection
- Monetization (optional): ads and an ad-removal in-app purchase
3. Retention & Deletion
- On-device notification data is stored only on your device and is deleted when you delete it (individually, by period, or entirely), when category-based retention expires, or when you uninstall the App (the encryption key is destroyed, making data unrecoverable).
- Usage analytics (optional) stops immediately when you opt out; previously collected data follows the processor's (Google's) policy.
- Any email you provide for support is deleted without delay once handled.
- The Company operates no server that can access notification content, so there is no server-side copy.
4. Sharing with Third Parties
We do not share personal data with third parties beyond the stated purposes, except (i) with your prior consent, or (ii) where required by law or a lawful request from authorities. Because notification content is never transmitted, it is never shared with third parties.
5. Service Providers (Processors)
To operate the service, certain processing is delegated to the third-party SDKs below. Each provider processes data under its own policy.
| Provider | Task | Data | Policy |
|---|---|---|---|
| Google LLC (AdMob) | Serving ads | Advertising ID, device & network info | Link |
| Meta Platforms, Inc. (Audience Network) | Ad serving (mediation) | Advertising ID, device & network info | Link |
| ByteDance Pte. Ltd. (Pangle) | Ad serving (mediation) | Advertising ID, device & network info | Link |
| Google LLC (UMP) | Ad-consent management | Consent state | Link |
| Google LLC (Firebase) | Usage analytics | App events, instance ID, device/event info | Link |
| Google LLC (Firebase Crashlytics) | Crash diagnostics | Crash logs, instance ID, device state | Link |
| Google LLC (Firebase Remote Config) | Remote ad-policy configuration | App instance ID, basic device info | Link |
| Google LLC (Play Integrity) | Integrity check | Integrity token | Link |
| Google LLC (Play Billing) | In-app purchase | Purchase token & state | Link |
| Hugging Face, Inc. | AI-model distribution | Network info on download (IP, etc.) | Link |
6. International Transfers
The providers above are located abroad, so some data may be transferred internationally when you use those features.
| Recipient | Country | Items | When/How |
|---|---|---|---|
| Google LLC | United States, etc. | Advertising ID & device info, analytics, integrity token, purchase info | Sent over the network when the feature runs |
| Meta Platforms, Inc. | United States, Ireland, etc. | Advertising ID, device & network info | When ads active / mediation wins |
| ByteDance Pte. Ltd. (Pangle) | Singapore, United States, etc. | Advertising ID, device & network info | When ads active / mediation wins |
| Hugging Face, Inc. | United States | Network info of model download request | On first model download |
You can refuse or stop some transfer-related processing by opting out of analytics, withdrawing ad consent, or purchasing ad removal.
7. Your Rights
Most rights can be exercised instantly within the App.
- Access & search: view and search stored notifications in the App
- Correct & delete: delete individually, by period, or entirely (including images)
- Portability (export): export your data as JSON or CSV
- Stop processing / withdraw consent: block collection per app, opt out of analytics, withdraw ad consent
- Activity log: review the in-app privacy (audit) log
To exercise rights or contact us: App settings or the contact in Section 12. We respond within the periods required by law.
8. Automated Collection & Opt-out
- Ads: non-personalized by default; UMP consent in the EEA/UK and certain US states. Limit tracking via your device's “reset/delete advertising ID”.
- Analytics: turn off any time via Settings → Usage Statistics (on by default).
- Ad removal: remove ads via in-app purchase.
9. Security Measures
- Full encryption of stored data (SQLCipher); the key is protected by the Android Keystore (StrongBox where available).
- On uninstall/reinstall the key is destroyed, making prior data unrecoverable.
- On root/tamper detection the vault is locked; Play Integrity verifies app/device integrity.
- Screenshot/recording of sensitive screens is blocked in production builds.
- No notification content is stored on Company servers; settings are stored separately from notification data.
10. Device Permissions
| Permission | Purpose | Type |
|---|---|---|
| Notification access | Notification capture & storage (core) | Requires your consent |
| Post notifications | Reminders, status overview, status-bar panel | Optional |
| Internet & network state | Ads, analytics, integrity, model download | Optional |
| Foreground service (special use) | Reliable capture without loss | Required |
| Boot completed | Re-schedule reminders after reboot | Optional |
| Wake lock / reorder tasks | Stable background capture/scheduling | Optional |
| Advertising ID / billing | Ads and ad-removal purchase | Optional |
You may revoke permissions in device settings at any time; related features may then be limited.
11. Children Under 18
NotiVault AI is intended for users aged 18 and over. We do not target children or knowingly collect children's personal data. If we learn we have, we delete it without delay.
12. Data Protection Officer & Contact
13. Remedies (Republic of Korea)
- Personal Information Dispute Mediation Committee: +82-1833-6972 (kopico.go.kr)
- Privacy Report Center (KISA): 118 (privacy.kisa.or.kr)
- Supreme Prosecutors' Office Cybercrime: 1301 (spo.go.kr)
- National Police Agency Cyber Bureau: 182 (ecrm.police.go.kr)
14. International Users — GDPR/CCPA
- EEA/UK (GDPR/UK GDPR): you have rights of access, rectification, erasure, restriction, portability, and objection. Ad consent is managed via UMP and can be withdrawn at any time. Legal bases are consent and legitimate interests.
- California (CCPA/CPRA): we do not “sell” personal information for money. You may opt out of analytics and limit ad tracking.
15. Changes
We may update this Policy as laws or the service change. We will give prior notice of changes and the effective date in the App and at the published URL.
This policy is effective as of July 5, 2026.