BBugalgo
Lumnos app iconLumnos

Privacy Policy

Last updated: April 17, 2026

Lumnos mobile application ("App") is developed and operated by Bugalgo ("we", "us", or "our"). We are committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law (KVKK, Law No. 6698).

1. Data Controller

The data controller for the Lumnos application is Bugalgo, based in Istanbul, Turkey.

Contact: info@lumnos.app

2. Data We Collect

Lumnos operates on a data minimization principle. Users can use the app anonymously without providing any personal information.

The following data may be processed:

  • Firebase anonymous ID (UID) — automatically generated to identify your account; does not contain real identity information
  • Study session data — subject name, study duration, date (stored locally on your device only, in a SQLite database)
  • User preferences — exam type, daily goals, Pomodoro settings, notification preferences (stored locally on your device via AsyncStorage)
  • Achievement data — earned badges and progress (stored locally on your device)
  • Push notification token — used for scheduling local notifications only
  • Device identifiers — may be collected by third-party SDKs for advertising and analytics purposes
  • Country and language — used to provide localized exam lists and interface language

3. Where Data Is Stored

Important: Lumnos stores your study data (sessions, statistics, achievements, preferences) locally on your device only. This data is never sent to any server.

  • SQLite database (on device) — study sessions, subject-level statistics
  • AsyncStorage (on device) — user profile, settings, achievements, notification preferences
  • Firebase Authentication (cloud) — anonymous ID (UID) only; no real identity information

4. Purposes of Data Processing

Data is processed for the following purposes:

  • Providing the Pomodoro timer and study tracking service
  • Calculating and visualizing study statistics
  • Generating personalized study recommendations and weekly reports
  • Operating the achievement and badge system
  • Sending local notifications (study reminders, streak protection, etc.)
  • Managing premium subscription operations
  • Displaying advertisements (for non-premium users)
  • Monitoring and improving app performance

5. Legal Basis for Processing

Under GDPR (EU/EEA Users)

  • Consent (Art. 6(1)(a)) — for notification permissions, advertising identifiers, and analytics
  • Contract performance (Art. 6(1)(b)) — for providing the app's core services and managing premium subscriptions
  • Legitimate interest (Art. 6(1)(f)) — for monitoring app performance and improving user experience

Under KVKK (Turkish Users)

  • Explicit consent (Art. 5/1) — for notification permissions and advertising identifiers
  • Contract performance (Art. 5/2-c) — for providing the app's services and managing premium subscriptions
  • Legitimate interest (Art. 5/2-f) — for monitoring and improving app performance

6. Third-Party Data Sharing

Your data may be shared with the following service providers:

  • Firebase / Google Cloud (USA) — anonymous authentication and analytics services
  • Google AdMob (USA) — used for ad display. Non-personalized ads are used by default (requestNonPersonalizedAdsOnly: true). Personalized ads are shown only with your explicit consent.
  • RevenueCat (USA) — used for premium subscription management
  • Expo Notification Service — used for scheduling local notifications

7. International Data Transfers

Some technical services used by the app are provided by service providers located outside the EU/EEA and Turkey. These transfers comply with GDPR Chapter V and KVKK Article 9.

Safeguards in place:

  • Study data is stored locally on your device only; it is not transferred to any server abroad
  • Only an anonymous user ID is transmitted to Firebase
  • Non-personalized ads are used by default
  • All network communication is encrypted via HTTPS/TLS
  • Third-party processors provide Standard Contractual Clauses (SCCs) or equivalent safeguards

8. Data Security Measures

  • Study data is stored only on the user's device
  • Only anonymous ID is shared with Firebase
  • Non-personalized ad mode is used by default in the advertising SDK
  • All network communication is protected via HTTPS/TLS
  • The app benefits from standard operating system storage protection mechanisms

9. Data Retention Periods

  • Study sessions: until the user clears app data or uninstalls the app (on device)
  • User preferences: until the user clears app data or uninstalls the app (on device)
  • Achievement data: until the user clears app data or uninstalls the app (on device)
  • Anonymous Firebase ID: until the user clears app data or requests deletion
  • Subscription records: for the duration the subscription is active (managed by RevenueCat)

10. Children's Privacy

Lumnos is designed for users aged 13 and older (including exam candidates preparing for secondary school entrance exams). We do not knowingly collect personal data from children under 13. If we become aware that data of a child under 13 has been processed, it will be deleted immediately.

11. Advertisements

Lumnos displays advertisements via Google AdMob for non-premium users:

  • All ads are shown in non-personalized mode by default
  • No ads are shown on the active timer screen
  • Interstitial ads appear only after every 2nd Pomodoro, with a minimum 20-minute interval
  • Rewarded video ads are user-initiated and limited to 5 per day
  • All ads are removed with a Lumnos Pro subscription

12. Your Rights

Under GDPR (EU/EEA Users)

You have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data — "right to be forgotten" (Art. 17)
  • Restrict processing (Art. 18)
  • Data portability (Art. 20)
  • Object to processing (Art. 21)
  • Withdraw consent at any time (Art. 7(3))
  • Lodge a complaint with a supervisory authority

Under KVKK (Turkish Users — Article 11)

You have the right to:

  • Learn whether your personal data is being processed
  • Request information about processing if data has been processed
  • Learn the purpose of processing and whether data is used accordingly
  • Know the third parties to whom data is transferred
  • Request rectification of incomplete or inaccurate data
  • Request deletion or destruction of data under KVKK Article 7
  • Request notification of these operations to third parties
  • Object to results arising from automated analysis
  • Claim damages in case of unlawful processing

13. Deleting Your Data

Since your study data is stored locally on your device, uninstalling the app or clearing app data from your device settings will permanently delete all your data.

You can also use the in-app account deletion feature (Settings > Delete Account) to erase all data including your Firebase anonymous account.

For manual deletion requests, contact us via our support page or email.

14. How to Exercise Your Rights

To exercise your rights under GDPR or KVKK, you can contact us via our support page or by emailing info@lumnos.app. Requests will be processed within 30 days.

15. Policy Changes

This Privacy Policy may be updated from time to time. Significant changes will be communicated through the app.

16. Contact

For privacy-related questions: