Privacy & Data Security Policy

Last Updated: December 2025 Mission: To protect the digital childhood of every learner in the Lumi Movement.

1. Introduction

Project Lumi (“we,” “us,” or “the Movement”) is committed to protecting the privacy of children, parents, and educators. This policy explains how we handle data across our ESP32-powered hardware, our Cloud Brain API, and our SaaS Management Dashboards. Our goal is to provide a safe, transparent environment where technology serves education without compromising privacy.

2. The “Hardware-First” Safety Model

Unlike standard smart speakers, Project Lumi toys are designed with a privacy-by-design hardware architecture:

  • Local Wake-Word Processing: The ESP32 chip monitors for the wake-word (“Hey Lumi”) locally. No audio is recorded or streamed to the cloud until the wake-word is detected.

  • Visual Indicators: A physical LED indicator (on supported models) signals clearly when the device is in “Listening Mode.”

  • Hard Curfews: Through the SaaS dashboard, the “Cloud Brain” can be deactivated during specific hours. During these times, even if the wake-word is spoken, the device will not initiate a connection.

3. Data Collection & Usage

We collect only the minimum data necessary to provide an interactive educational experience:

  • Voice Data (Transient): When a child speaks to a Lumi device, the audio is streamed via Secure WebSockets (WSS) to our cloud. This audio is processed into text (STT), analyzed by the AI to generate a response, and then converted back to a voice (TTS).

  • Usage Statistics: We track “Active Hours” and “Conversation Counts” to help parents and schools manage their subscription tiers and monitor engagement.

  • Syllabus Metadata: For School and Franchise tiers, we store the educational syllabus you upload to ensure the AI’s persona remains aligned with your learning goals.

4. Data Retention & Deletion

  • Logs: Conversation transcripts are stored in an encrypted database so parents/teachers can review learning progress.

  • User Control: Parents and Administrators have the absolute right to delete any or all conversation logs via the Parental Dashboard at any time.

  • Auto-Deletion: We offer configurable retention periods (e.g., 7 days, 30 days) after which data is automatically purged from our servers.

5. Third-Party Intelligence & Safety

To provide a high-quality “Cloud Brain,” we partner with industry leaders in AI (such as OpenAI and ElevenLabs).

  • Data Masking: We do not send personal user profiles to these providers. They receive only the text or audio needed to generate a response.

  • No Training: We ensure, via our enterprise agreements, that your children’s conversations are not used to train the public models of these third-party AI providers.

6. Compliance & NGO Standards

Project Lumi is built to exceed global standards for child safety:

  • COPPA Compliance: We adhere to the Children’s Online Privacy Protection Act, requiring parental consent before a device is linked to our cloud.

  • GDPR-K: For our European partners, we provide the necessary tools to manage “The Right to be Forgotten” and data portability.

  • White-Label Integrity: For Franchise partners, we ensure that your branded dashboard maintains the same high-security standards as the core Project Lumi platform.

7. Our Commercial Promise

  • No Advertising: We will never use your data to serve advertisements.

  • No Selling Data: We do not, and will never, sell or rent your child’s data or your school’s syllabus to third-party marketers.

  • Monetization Transparency: Our revenue comes solely from transparent subscription tiers (Demo, School, Franchise), not from data exploitation.

8. Security Measures

We employ military-grade encryption to protect your “Cloud Brain” connection:

  • Encryption at Rest: All data stored in our PostgreSQL databases is encrypted.

  • Encryption in Transit: All device-to-cloud communication uses TLS 1.3 and Secure WebSockets.

  • Access Control: Only authorized account holders can view logs for their specific devices.

9. Contact the Privacy Officer

If you have questions about our data practices or wish to request a formal data audit for your school franchise, please contact our team: Email: safety@projectlumi.org