Meta Flow Ltd. d/b/a Lumen (“Meta Flow,” “Company,” “we” or “us”) is committed to protecting the privacy of the users of our website located at lumen.me (the “Website”), and the users of the services we provide in connection with use of the Lumen Device through the Lumen App (respectively: “User(s)” or “you”; and the “Lumen Services”). For the purposes of this Privacy Policy, “Lumen Device” refers to our proprietary innovative metabolic breath analyzer, and “Lumen App” refers to either the Lumen Metabolic Coach mobile application or any other application we operate, including the Metabolic Research Lab mobile application. These, together with the Website and the Lumen Services, shall be referred to hereunder as the “Services”.
This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use the Services, the ways in which we may use such information, and the options and rights available to you. This Privacy Policy supplements, and should be read in conjunction with our Terms of Use (the “TOU”), which provides additional information on the Services. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our TOU.
If you are a resident of California, please see our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures.
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE SERVICES (OR ANY PART THEREOF), YOU AGREE TO THE TERMS AND CONDITIONS SET FORTH IN THIS PRIVACY POLICY, INCLUDING THE COLLECTION AND PROCESSING OF YOUR PERSONAL AND HEALTH INFORMATION (AS DEFINED BELOW).
IF YOU DISAGREE TO ANY TERM PROVIDED HEREIN, YOU MAY NOT ACCESS AND/OR USE THE SERVICES IN ANY MANNER WHATSOEVER.
IMPORTANT:
PLEASE NOTE: YOU ARE NOT OBLIGATED TO PROVIDE US WITH ANY PERSONAL OR HEALTH INFORMATION. YOU HEREBY ACKNOWLEDGE AND AGREE THAT YOU ARE PROVIDING US WITH SUCH INFORMATION AT YOUR OWN FREE WILL, FOR THE PURPOSES DESCRIBED IN SECTION 4 BELOW, AND THAT WE MAY USE, PROCESS AND RETAIN SUCH PERSONAL OR HEALTH INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY AND SUBJECT TO ANY APPLICABLE LAWS AND REGULATIONS.
We may collect three types of data and information from our Users:
i. Personal Information, which is information that identifies an individual or may, with reasonable effort, identify an individual, either alone or in combination with other information, all unless anonymized, such as name, email, address or exact location. Some technical parameters may also be considered as Personal Information, such as IP address and UDID (Unique Device Identifier); and
ii. Health, Wellness and Nutrition Related Information (“Health Information”), which is Information that is not necessarily Personal in nature and corresponds to a measurement of your physical/mental objective and/or subjective state and nutrition data, such as height, weight, sleep habits, food, caffeine and water intake, heart rate, breath data, real-time assessment of carbohydrate availability and metabolic fuel use as measured via use of the Lumen Device and through the Lumen App, as well as body activity data, such as types of exercise, number of steps, speed and distance and any Personal Information we derive from such information; and
iii. Non-personal Information, which is non-identifying and without reference to the identity of any User, such as technical data that is necessary for the performance of the Services, for example, app analytics, taps and inputs, Wi-Fi network information, operating system, mobile device type, Lumen Device technical information, browser and keyboard language, the 'click-stream' and activities on the Services, and the period of time the Services were used and related timestamps. This may also include behavioural data collected via cookies and other tracking technologies about your interactions with our advertisements and services, which are used for personalized marketing and advertising. For purposes of this Privacy Policy, we will treat any User Personal Information that is anonymized and deidentified in a way that such User can no longer be personally identified as Non-personal Information and may use or share this information in aggregated form for statistical, research or other lawful purposes.
For the avoidance of doubt, we will treat any Non-personal Information connected or linked to any Personal Information as Personal Information as long as such connection or linkage exists. In this context, it is important to note that Health Information is included within the category of Personal Information for the purposes of this Privacy Policy.
We collect personal information from you and any devices (including mobile devices) you use when you: use or access our Services, register for an account with us, provide us information on a web form or other text field, update your account, or correspond with us.
More specifically we collect and use the following categories and types of information:
3.1. Personal information you provide us when you use our Services. Generally, this category refers to any information, data, or content you actively and voluntarily create or provide through our Services such as:
3.2. Personal information we collect automatically when you use our Services. In other words, we are aware of your usage of the Services and Website and may gather, collect and record the information relating to such usage, including by using our third party service providers as detailed in Section 5 (sharing information with third parties) below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 (Local Storage and Third Party Software/Service, Cookies and other Tracking Technology) below. We collect information about your interaction with and use of our Services, including in certain cases about your impressions of and reactions to our advertisements, and information related to our communications with you. This is the information we receive from devices (including mobile devices) and software you use when you access our Services. This information could include the following: mobile device geo-location, mobile devices motion, Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks and “clicks stream”, views and engagement with our advertisement and Services, information concerning your traffic to and from the Website, your referral URL to and from our Website, ad data, your IP address, your web login information, and location information as can be derived from your IP address. For more information about our use of these technologies, and how to control them, see here. We collect and process Personal Information that is derived from other Personal Information we collect or obtain from you. This means that we process Personal Information in order to provide you with the output of our Lumen Services such as recommendations, suggested analysis, and other insights we may offer through the use of the Lumen Services. Please take into consideration that certain portions of such above mentioned information may also be collected from your device or software, when the Lumen App is running in the background, i.e. when it has been launched but not used. Please keep in mind - that most mobile devices and auxiliary software, allow you to control or disable the use of certain collectible information including location services, by any application, in the device's settings menu.
3.3. Personal information collected from third parties. When using the Lumen Services, you may choose to connect your Account with certain other third party accounts you hold with such third party applications and platforms (such as Apple Health Kit, Android Fit, etc.), and thereby providing us with access to information available on such accounts. To the extent that information is linked or connected to your identity, we will treat that information as your Personal Information.
3.4. Social Media - We allow you to share information with social platforms or use social platforms to create your Account or to connect your Account with the respective social platforms. Those social platforms may give us automatic access to certain Personal Information retained by them about you (e.g., content viewed by you, content liked by you, your public profile, other profiles you are associated with, and information about the advertisements you have been shown or have clicked on, etc.). You control the Personal Information you allow us to have access to through the privacy settings on the applicable social platforms and the permissions you give us when you grant us access to the Personal Information retained by the respective social platforms about you. We may also collect Personal Information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information or that you have freely and publicly provided and those third parties have established an adequate legal basis for the processing and sharing of such information. For example, we may collect and use demographic and other information that is publicly available in an applicable jurisdiction, additional contact information, credit/check information, and information from credit bureaus, as allowed by applicable national laws. By associating your Account with your social platform account or other third party accounts and authorizing us to have access to information maintained by such third party accounts, you agree that we can collect, use and retain such information in accordance with this Privacy Policy.
4.1. Legal Basis for processing We process your Personal Information, which is adequate, relevant and limited to what is necessary in relation to the purposes described in this Privacy Policy, based at least on one of the following legal grounds:
4.2. Purpose of use. We may use the Personal Information that we collect about you for the following purposes:
We will not share or otherwise allow access to any Personal or Health Information it collects to any third party, except in the following cases:
5.1. Law enforcement, legal proceedings, and as authorized by law: We may disclose Personal Information to satisfy any applicable law, regulation, legal process, subpoena or governmental request;
5.2. Protecting Rights and Safety: We may share Personal Information to enforce this Privacy Policy and/or the TOU, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; to respond to claims that any content available on the Services or the Website violates the rights of third-parties; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of Meta Flow, any of our Users, or any member of the general public.
5.3. Our Affiliated Companies: We may share Personal Information internally with our affiliated companies for the purposes described in this Privacy Policy. In addition, when we or any of our affiliated companies is undergoing any change in control, including by means of merger, acquisition, or purchase of all or substantially all of its assets, we may share Personal Information with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Website or Services.
5.4. Third Party Services: We are partnering with several selected service providers, whose services and solutions complement, facilitate and enhance our own. Such Third Party Service Providers may have access to, or process on our behalf Personal and Health Information that we collect, hold, use, analyze, process and/or manage. These Service Providers include hosting, database, and server co-location services (e.g. Amazon Web Services), data analytics services (e.g. Google Analytics), advertising and marketing services (e.g. Google Ads), session replay records for app analytic purposes such as crashes, functionality and usability (e.g. MixPanel), and our business, legal and financial advisors (collectively, "Third Party Service Providers"). We remain responsible for any Personal Information processing done by Third Party Service Providers on our behalf not in accordance with the terms hereof, except for events outside of its reasonable control and except for such Third Party Service Providers with whom you have a direct contractual relationship.
5.5. Your known health care providers, care management services or health care payers. In some instances, we will be working with you in conjunction with your own health care providers, care management services, or healthcare payers (insurance companies) (any such party is one of “Your Service Providers”). To the extent your relationship with us originates from one of Your Service Providers, we may provide your Personal Information to that party for its use in connection to the services it provides to you. Any Personal Information we provide back to Your Health Service Providers will be subject to those Your Service Providers own privacy policies and practices, and you should confer with Your Health Service Providers if you have any questions regarding their own usage and treatment of your Personal Information.
Information regarding the Users will be maintained, processed, and stored by us and our authorized affiliates and service providers in the United States, EU and in Israel, and as necessary, in secured cloud storage provided by our Third Party Service Providers. While the data protection laws in the above jurisdictions may be different from the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keeping it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdictions.
Specifically, if you reside in the EU or the UK, each of our Third Party Service Providers who stores or processes your Personal Information outside the EEA or the UK, either: (i) assured us, including through contractual means, that it provides adequate safeguards to protect your rights to privacy; or (ii) holds and processes such information on our behalf in a jurisdiction which has been determined to ensure an adequate level protection by the EU Commission or the UK government. We retain the Personal Information we collect only for as long as legitimately needed and to the extent required for the achievement of the purposes listed under Section 4 including without limitation, as reasonably necessary to comply with our legal obligations and/or protect our legitimate interests. We then either delete the information from our systems or anonymize it without further notice to you. Unless you notify us of your request to delete your Account as specified in Section 7 below, we may maintain your inactive Account including all data and reports therein, in order to allow you to reactivate the Account if you choose to renew your Subscription at a later stage.
If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether we process your Personal Information or ask to withdraw any consent you have previously provided us in connection with our use and processing of your Personal Information. Exercising such rights of deletion and/or withdrawing such consent may result in our inability to provide you with our Services and in such event, we may notify you of the termination of our engagement with you or otherwise cease providing you with our Services. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information the accuracy of which you contest while we verify the status of that data. Subject to the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party. If you wish to exercise any of these rights,withdraw your consent or raise a complaint on how we have handled your Personal Information, please contact us at: support@lumen.me. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. If you have additional concerns, you can also lodge a complaint with your local data protection authority.
General Data Protection Regulation (GDPR) - European Representative
Pursuant to Article 27 of the GDPR, we have appointed European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
-by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.
UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
-by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request
-by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.
To open an Account on our Services, you must be over the age of 18. Without relieving you of your responsibility to comply with the TOU and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that persons under the age of 18 are not using our Services. In the event that it comes to our knowledge that a person under the age of 18 is using our Services, we will prohibit and block such User from accessing our Services and will make all efforts to promptly delete any Personal Information (as such term is defined in herein) with regard to such User.
We use cookies and other technologies in our related services, including when you visit our site or access our Services.
A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services.
Our website uses cookies in order to provide you with Services, identify you for repeat visits, (for example to allow us to store your preferences for the next sign-in), and monitor and analyze our web access.
You may remove the cookies by following the instructions of your device preferences; You can find more information about cookies at www.allaboutcookies.org; however, if you choose to disable cookies, some features of our Service may not operate properly and your online experience may be limited.
Subject to the applicable laws in your jurisdiction, we or our affiliated representatives, may send you promotional content or messages by e-mail, marketing calls, and similar forms of communication. This may include targeted and personalized advertising presented through platforms such as Google Ads, which uses data we collect to offer you relevant and tailored marketing messages. If you wish not to receive such promotional messages or calls, you may inform us by sending a written notice by email to the following address: support@lumen.me or by pressing the “Unsubscribe” link contained in the promotional communications you receive. Please note that we may also contact you with important information regarding your use of our Services and/or Website. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages.
We maintain administrative, technical and physical safeguards designed to protect Personal and Health Information we obtain through our Services against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use. Our Services, or parts thereof, are hosted using data hosts (such as AMAZON AWS), which provide advanced security features. We employ industry standard security procedures, including secured transmission protocols, SSL and advanced authentication.
However, we do not and cannot guarantee that unauthorized access will ever occur. We urge you to use the strongest password combination available on your mobile device and employ reasonable physical security means to protect unauthorized access. To the extent your local jurisdiction’s laws require us to notify you or local authorities of any breach of the security of your Personal Information, we will comply with such laws.
The Services may provide links to websites the Company does not control (including but not limited to Third-Party Connections). When the User clicks on one of these links, the User will be transferred out of the Services and connected to the website of the organization or company that the User selected. The company is not responsible for the nature, quality, or accuracy of the content or opinions expressed on such websites, and such websites are not investigated, monitored, or checked for quality, accuracy, or completeness by the Company. Inclusion of any linked website on the Service does not imply or express an approval or endorsement of the linked website by the Company or any content, opinions, products, or services provided on these websites. Even if an affiliation exists between the Service and a third-party website, the Company exercises no control over linked sites and has no responsibility for their privacy practices.
Each linked site maintains independent privacy and data collection policies and procedures. While Company expects its partners and affiliates to respect the privacy of Company’s users, Company cannot be responsible for the actions of third parties. If User visits a website linked from the Services, Company encourages User to consult that website's privacy policy before providing any personal information and whenever interacting with any website.
Meta Flow reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes to this Privacy Policy on the Services and/or we will send you an e-mail regarding such changes to the e-mail address that is registered with your Account. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Services or the Website after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.
Subject to and in accordance with the terms hereof, your Personal Information may be stored, processed, conveyed, and in some instances, disclosed in an electronic format. Meta Flow will provide you with a written notice and request a separate authorization in the event of electronic disclosure as authorized or required by state or federal law.
If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: support@lumen.me or by writing to the address below, and we will try to reply within a reasonable timeframe.
Meta Flow Ltd.
Address: 30 Ha’arba’a Street, Tel Aviv, Israel.
By contacting us, you warrant and agree that you are free to do so, and that you do not provide us with information that violates any third-party intellectual rights (the “Information”). Without derogating from the aforesaid, all rights, including intellectual property rights, arising from your communication with us will be owned by Meta Flow and will be considered as our confidential material. It is clarified that any use of the Information will be at our sole discretion, and we do not obligated to use all or any part of such Information.