Privacy Policy

Last updated June 18, 2026

Lumo (“we”, “us”) provides privacy-first read receipts for Gmail. This policy explains what we collect, why, and how we handle it. By using the Lumo browser extension, dashboard, or website you agree to this policy.

What we collect

• Account data. The email address and password you use to create a Lumo account. Passwords are stored only as a salted cryptographic hash — never in plain text.
• Emails you choose to track. When you send a tracked message, we store its subject, the recipient address, and the time it was sent, linked to your account.
• Open and click events. When a tracked email is opened or a tracked link is clicked, we record the time, the IP address, and the user-agent string of the request, plus an automated/human classification.
• Waitlist data. If you join the waitlist, we store the email address you submit so we can send you an invite.

What we do not collect

• We do not read, store, or transmit the body of your emails.
• We do not access your contacts, other Gmail messages, or any data outside the compose window.
• We do not sell your data or share it with advertisers.

How we use it

Collected data is used solely to operate the service: to authenticate you, to show you when your emails are opened and your links are clicked, and to distinguish genuine human reads from automated scanners and proxy pre-fetches. We do not use your data for advertising or profiling.

Where it lives

Tracking runs on Lumo’s own infrastructure rather than a shared third-party network. Data is stored in a managed PostgreSQL database and processed by our application servers. We use reputable cloud providers and access controls to protect it.

Browser extension permissions

The extension requests access to mail.google.com only, so it can add tracking to the emails you send from Gmail. It uses storage to keep you signed in, alarms and notifications to alert you of opens, and scripting to integrate with Gmail’s compose window. It does not run on any other website.

Retention & deletion

We keep your tracking data while your account is active. You can delete tracked emails from your dashboard, and you can request deletion of your account and all associated data at any time by contacting us.

Contact

Questions or deletion requests: support@lumo.io.