Privacy Notice

What we collect

• Account: name, email, hashed password, the time you accepted these terms, and the time your email was verified.
• Content: notebooks, sources you upload (PDFs, text, links, audio, video), generated flashcards, quizzes, podcast scripts and audio, chat history with the AI tutor, and your study progress.
• Sessions: a signed JSON Web Token cookie keeping you signed in.

How we use it

• To run the app — show your notebooks, generate decks, etc.
• To send you a 6-digit verification code at sign-up (and account recovery emails later).
• To improve Lumen (debugging, performance).

Third parties

Lumen sends excerpts of your content to AI providers to generate responses:

• Anthropic (Claude) — flashcards, quizzes, chat, tutor, podcast scripts, grading.
• OpenAI — text-to-speech for podcasts (only if you generate one).

These providers process your data under their own terms and privacy policies. Lumen does not sell your data, run advertising, or profile you for marketing.

Where it's stored

Locally: a SQLite database on the machine running Lumen, plus uploaded files in /public/audioand similar directories. If/when Lumen is deployed to a host, the same data moves to the host's database (e.g. Postgres on Neon).

Security

Passwords are hashed with bcrypt before storage. Verification codes are stored as SHA-256 hashes and expire after 30 minutes. Sessions use signed JWT cookies; signing out invalidates the cookie.

Your rights

You can update your name and password from Settings → Account. To delete your account or export your data, contact the operator listed in the project README — automated self-service deletion is on the roadmap.

Children

Lumen is not intended for users under 13 (or the equivalent age in your jurisdiction).

Changes

We'll update this notice as the app evolves. The "last updated" date at the top reflects the current revision.