Privacy Policy
Lumos English Learning Platform & Browser Extension
Last updated: April 20, 20261. Who we are
Lumos English operates the website at app.lumos.com.ge and the Lumos — English Knowledge Base Chrome browser extension. We are based in Georgia (საქართველო). For any privacy-related questions, contact us at contact@lumos.com.ge.
2. What data we collect
We collect the following information when you use our platform:
| Account information | Username and password (hashed, never stored in plain text). Email address is optional. |
| Vocabulary / Knowledge Base | English words you save, along with their AI-generated Georgian translations, definitions, and example sentences. |
| Quiz results | Your answers, scores, and English proficiency level (CEFR A1–C2) determined by our quizzes. |
| Profile information | Optional avatar photo, bio, and chosen professional learning direction. |
| Usage data | Pages visited, features used — collected anonymously through standard server logs to improve the service. |
| Technical data | IP address, browser type, and device type — collected automatically by our web server. Not used for tracking. |
3. Chrome Extension — additional details
The Lumos — English Knowledge Base browser extension collects and processes the following:
| Selected text | When you highlight a word or phrase and click the extension button, that text is sent to our server (app.lumos.com.ge) for AI translation. It is not stored unless you explicitly click "Add to Knowledge Base". |
| Authentication token | After you log in via the extension popup, a secure API token is stored locally on your device using Chrome's chrome.storage.local API. It is never sent to any third-party server. |
| Login credentials | Your username and password are sent once to our server over HTTPS to authenticate you. They are never stored by the extension itself. |
The extension only communicates with app.lumos.com.ge. All communication is encrypted via HTTPS.
4. How we use your data
- To provide and operate the English learning platform and browser extension
- To generate AI-powered translations and definitions using Google Gemini
- To store your personal Knowledge Base vocabulary list
- To track your English proficiency level based on quiz performance
- To generate text-to-speech audio for reading materials (via OpenAI)
- To authenticate your account securely
- To improve the platform based on anonymised usage patterns
5. Third-party services
To provide our service, we share limited data with trusted third-party providers:
| Google Gemini AI | Words you submit for translation are sent to Google's Gemini API to generate translations and definitions. Google's Privacy Policy applies. |
| Google Cloud Translate | Used as a fallback translation service. Same Google Privacy Policy applies. |
| OpenAI | Book text is sent to OpenAI's API to generate text-to-speech audio files. OpenAI's Privacy Policy applies. |
No other third-party services receive your personal data. We do not use Google Analytics, Facebook Pixel, or any advertising trackers.
6. Cookies & sessions
We use only essential cookies — no tracking or advertising cookies.
sessionid |
Keeps you logged in to the web platform. Expires after 24 hours of inactivity. |
csrftoken |
Protects against cross-site request forgery attacks. Required for security. |
You can disable cookies in your browser settings, but this will prevent you from logging in.
7. Data retention
- Your account and all associated data (words, quiz results, profile) are retained for as long as your account is active.
- If you request account deletion, all your personal data is permanently deleted within 30 days.
- Server logs (IP addresses, request timestamps) are automatically deleted after 90 days.
- Audio files generated for books are stored until you delete them or your account is closed.
8. Your rights
You have the following rights regarding your personal data:
- Access — request a copy of all data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — request deletion of your account and all associated data
- Export — request your Knowledge Base words in a downloadable format
- Objection — object to how we process your data
To exercise any of these rights, email us at contact@lumos.com.ge. We will respond within 30 days.
9. Security
- All data is transmitted over HTTPS (TLS) — never plain HTTP
- Passwords are stored as bcrypt hashes — we cannot see your password
- API tokens use cryptographically secure random generation
- The platform enforces HSTS to prevent protocol downgrade attacks
- CSRF protection is enabled on all forms
Despite our best efforts, no internet transmission is 100% secure. If you discover a security vulnerability, please report it responsibly to contact@lumos.com.ge.
10. Children
Our service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it immediately.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will update the "Last updated" date at the top of this page. Continued use of the platform after changes are posted means you accept the updated policy. We encourage you to review this page periodically.
12. Contact us
If you have any questions, concerns, or requests about this Privacy Policy or your personal data, please contact us:
- 📧 Email: contact@lumos.com.ge
- 🌐 Website: app.lumos.com.ge
- 📍 Country: Georgia (საქართველო)
We aim to respond to all privacy enquiries within 30 calendar days.