Viamora · Legal

Privacy policy

Last updated: {date}

Viamora is a travel memory app built by Lumeflux. We help you capture and revisit your trips. This policy explains, in plain language, what we collect, why we collect it, who can see it, and what control you have over it.

If anything here is unclear, email us at info@lumeflux.io and we will answer in plain language.

The short version

  • We collect the minimum we need to make Viamora work: your account info, the trips and photos you choose to add, and a small amount of anonymous usage data.
  • Your trips are private by default. Only you and the people you explicitly invite to a trip can see its content.
  • We do not sell your data. We do not run advertising. We do not share your trips with third parties for marketing.
  • You can export your data or delete your account at any time from inside the app.

What we collect

Account information

When you sign up, we store your email address and a display name. Authentication is handled by Supabase Auth. Your password is never stored in plain text.

Trip content

Everything you add to a trip is stored so we can show it back to you and sync it across your devices. This includes:

  • Trip names, dates, notes, and itineraries
  • Photos and videos you upload
  • Items you save (places, restaurants, activities, etc.)
  • Voice notes — both the transcript and the original audio file, which we store so you can replay it

Location metadata from photos

When you upload a photo, Viamora reads the EXIF metadata embedded in the file. This can include the GPS coordinates of where the photo was taken and the timestamp. We use this to place photos on a map and group them into the right day of your trip. We do not track your live location in the background.

Anonymous analytics

We use PostHog to understand how Viamora is used in aggregate — for example, which screens people open most, or where a flow is confusing. These events are tied to an anonymous device identifier, not to your email or name. We do not use this data to build a profile of you as an individual.

Crash reports

We use Sentry to capture crash reports and error traces when something goes wrong. These reports help us fix bugs. They include technical information like your device model, OS version, and the code path that failed. We do our best to keep personal content out of these reports.

Who can see your data

  • You, on any device where you are signed in.
  • Trip members you explicitly invite, but only for the specific trip you invited them to.
  • A small number of Lumeflux staff, only when strictly needed to operate the service or respond to a support request you have opened with us.

Trips are private by default. There is no public feed. There is no "discover" surface that exposes your content to strangers.

Third-party services we rely on

To run Viamora we use a handful of trusted providers. Each one only receives the data needed to do its job.

  • Supabase — stores your account, trips, and uploaded media. Hosted on infrastructure operated by Supabase and its cloud partners.
  • Cloudflare — used as the CDN in front of Supabase Storage, so your photos load quickly.
  • Anthropic (Claude) — when you ask Viamora to enrich a trip (for example, generating metadata, summaries, or tags), the relevant text is sent to Anthropic's API. Anthropic processes the request and returns a result. They do not use this content to train their models on your data.
  • Deepgram — when you record a voice note, the audio is sent to Deepgram's transcription API and returned as text. Deepgram processes the audio for transcription only. The original audio file itself lives in our storage (Supabase) so you can replay it, and stays there until you delete the voice note's item or your account.
  • Map providers (Mapbox, Apple Maps, Google Maps) — used to render map tiles. We send the coordinates needed to display the map. We do not send your name, email, or trip content to map providers.
  • Sentry — receives crash and error reports as described above.
  • PostHog — receives the anonymous analytics events described above.

If we ever add or replace a provider in a way that materially changes this list, we will update this policy and notify you in-app.

Your rights

You can, at any time:

  • Export your data. Use the export option in Settings to download a copy of your trips and media.
  • Delete your account. Use the delete option in Settings. Once you confirm, your account and personal content will be removed from our active systems within roughly 30 days. Residual copies may remain in encrypted backups for a short period before they cycle out.
  • Withdraw consent. You can disable analytics from the Privacy section in Settings. You can revoke specific permissions (photos, microphone, location) from your device's system settings.
  • Ask us questions. Email info@lumeflux.io and we will respond.

If you are in the EU/UK, you have rights under the GDPR, including access, correction, deletion, portability, and the right to lodge a complaint with your local data protection authority. If you are in California, you have rights under the CCPA/CPRA, including the right to know what we collect and the right to deletion. The controls described above are how you exercise these rights inside Viamora; you can also email us directly.

Data retention

  • Active trips and media are kept for as long as you keep them in your account. If you delete a trip, it leaves your account immediately and is purged from our storage shortly after.
  • Voice note audio is kept alongside the memory it belongs to so you can replay it. It is deleted when you delete that item, and removed with everything else when you delete your account.
  • Deleted accounts: when you delete your account, we remove your personal content from active systems within roughly 30 days. Backups cycle out separately on their normal schedule.
  • Anonymous analytics are retained in aggregate and are not linked back to your account.
  • Crash reports are retained only as long as needed to diagnose and fix the underlying issue.

Children

Viamora is intended for people 13 years and older. We do not knowingly collect data from children under 13, in line with COPPA. If you believe a child has created an account, contact us at info@lumeflux.io and we will remove the account.

Security

We use industry-standard practices: encrypted connections (HTTPS/TLS), encrypted storage at rest via Supabase, and least-privilege access for our team. No service can promise perfect security, but we take this seriously and will notify affected users if we ever become aware of a breach involving their data.

Changes to this policy

If we make meaningful changes to this policy, we will update the "Last updated" date above and notify you in-app before the changes take effect for you.

Contact

Questions, requests, or anything else:

Lumeflux — Viamora

Email: info@lumeflux.io