Last updated: May 25, 2026 · DenLumen version 1.0.0
The 30-second version
We don't sell your data. Ever.
We don't share your data with advertisers or data brokers.
No third-party analytics or advertising SDKs in the app.
Our only revenue is small affiliate commissions when you choose to click an outside link and buy from a retailer (Amazon, Chewy, Lovevery, Open Farm, Lemonade Pet, and other curated B Corp / PBC partners). You pay nothing extra; the retailer—not us—learns you came from DenLumen.
You can download or permanently delete everything we have on you, anytime, from Settings.
What we collect
Account information
When you sign in we receive:
Your email address and (if you provide them) display name and profile photo from your sign-in provider — Google, Apple, or email/password.
A unique account identifier created by Firebase Authentication.
Subject data — the things you track
Everything you enter about the dogs, cats, or children in your care:
Names, dates of birth, breed, color, sex, photos, notes.
Daily care records: milestones, scheduled tasks, weights, growth measurements, photos, health records, training and development notes, travel plans, expenses, recurring subscriptions.
Professional contacts you enter (vet, pediatrician, trainer, etc.).
Optional AI conversation history
If you use Ask DenLumen, your prompts and the model's replies are stored under your account so the conversation has context. You can delete a conversation (long-press the thread in the chat list) or the whole account at any time.
Operational counters
A daily count of how many AI requests you've made, used solely to enforce the free-tier daily quota of 50 calls per user per day.
What we explicitly do NOT collect
No advertising identifiers (IDFA on iOS, GAID on Android).
No third-party analytics SDKs — no Mixpanel, no Sentry, no Amplitude, no Segment, no Heap. We do use Firebase Analytics (described below) to understand which screens are visited and which features are used, so we can prioritize improvements. Firebase Analytics events never include the content of your data (names, photos, notes, milestones, AI prompts, etc.) — only anonymous app-behavior signals.
No browsing history.
No location data.
No health metrics from Apple Health, Google Fit, or any other source.
No contacts from your phone book.
Firebase Analytics — what we collect and what we don't
DenLumen uses Firebase Analytics (a Google product) on iOS, Android, and the web to measure product-level behavior — which screens you visit, which features you use, how often you return — so we can prioritize what to build next.
What Firebase Analytics receives from DenLumen:
Screen-view events (the names of routes you visit, like /today or /recommendations).
A small set of anonymous custom events: affiliate_click (brand name + network), subject_created (the type only — "dog," "cat," or "child"), and login / sign_up (the auth method).
Your Firebase user ID — a random string that is meaningless to anyone outside our Firebase project.
Standard device/session metadata Firebase collects by default: device model, OS version, app version, language, approximate country (derived from IP, not stored as a precise location).
What Firebase Analytics never receives:
The content of your data — no names, no photos, no notes, no milestone details, no AI prompts, no chat messages.
Precise location, IDFA/GAID advertising IDs, contacts, health data, or browsing history.
Personally identifying information of any kind.
We do not link Firebase Analytics to Google Ads, Google Signals, or any cross-property advertising profile. Analytics data is used only inside the DenLumen Firebase project to inform product decisions.
Where data is stored
All of your data is stored in Google Firebase services operated for DenLumen in the United States (region us-west1):
Firebase Authentication — your account record.
Cloud Firestore — every subject, milestone, task, contact, subscription, etc.
Cloud Storage — photos you upload to the Growth journal.
Cloud Functions — the server-side proxy that calls the AI model on your behalf.
Firestore Security Rules enforce strict per-user isolation. No other DenLumen user can read your data, and we (the operators) cannot read your data through normal app access — only via privileged Google Cloud administrative tools, which we do not use except where required by law or by an explicit support request you initiate.
How AI features work
When you use Suggested Next Steps, Ask DenLumen, Library Q&A, or AI photo notes, the following is sent through our server to Google's Gemini API (model gemini-2.5-flash):
The text of your prompt or photo caption.
Minimal subject context (type, age in days, breed, your free-form notes about the subject).
The relevant Reference Library entries so the model can ground its answer.
For AI photo notes: the raw image bytes of the photo you've just uploaded.
Per Google's Gemini API terms for paid-tier usage, your prompts and the model's responses are not used to train Google's foundation models. Our Cloud Functions enforce that every AI response must cite at least one Reference Library entry — un-cited responses are rejected before they reach the app.
Children's data
DenLumen is designed for adult caregivers to track care of children, not for use by children directly. The app is not directed at children under 13.
When you create a subject of type "child" in DenLumen, the record is marked isMinor: true internally. This flag:
Excludes the subject from any future data export, sharing, or marketing feature by default.
Travels with the data whenever it is included in an AI prompt, so downstream services know they are handling a minor's records.
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and want all data about your child removed, use Settings → Delete my account, or email us — see Contact below.
Affiliate links — how we make money
DenLumen is and will remain free. We earn revenue exclusively when you choose to click an outbound affiliate link and make a purchase from an outside retailer. The retailers in our curated list (Amazon, Chewy, Lovevery, Open Farm, Lemonade Pet, and additional B Corp / PBC partners) pay us a small commission on qualifying purchases.
What happens when you click an affiliate link:
Your browser or device opens the retailer's URL with a referral identifier appended (e.g., a tag in the URL). This is the standard mechanism that allows the retailer to attribute the sale.
The retailer learns that the visit originated from DenLumen. They do not learn who you are, what subjects you track, or anything else about your DenLumen account. We pass nothing about you along with the click.
You pay the retailer's normal price. DenLumen does not mark up prices.
Which products we recommend is driven by our editorial criteria — B Corp / PBC certification, evidence base from the Reference Library — not by which retailer offers the highest commission rate.
Every affiliate-link surface in the app is labeled with the disclosure: "DenLumen earns a small commission on some links — it never affects what we recommend."
Push notifications
If you grant permission, DenLumen uses Firebase Cloud Messaging to send reminders for vet appointments, vaccine boosters, and tasks you have scheduled. We only send notifications based on data you have entered into the app — never marketing, never promotional offers. You can revoke notification permission anytime in your device settings.
Your rights
From Settings inside the app, at any time and without contacting us:
Download my data — exports every record we hold for your account as a single JSON file.
Delete my account — permanently removes every subject, photo, milestone, conversation, and account record. This cannot be undone.
You can also email us (see Contact below) to request export, correction, or deletion if the in-app controls are not working for you, or to ask any other question about your data.
Data retention
We keep your data only for as long as your account exists. When you delete your account, all Firestore documents under users/{your-uid}/ and all Cloud Storage files under users/{your-uid}/ are deleted within minutes. Backup snapshots maintained by Google Cloud for disaster recovery may persist for up to 30 days; those snapshots are not accessible to humans under any normal workflow.
Security
All data in transit is encrypted with TLS 1.2 or higher.
Firestore Security Rules prevent any account from reading any other account's data.
The Reference Library and Templates are globally readable to signed-in users but writable only by DenLumen administrators via signed deploys — no client can modify them.
The Gemini API key is stored only in Google Secret Manager and is accessible only to our Cloud Functions runtime service account. It never reaches the mobile or web client.
Third-party services
DenLumen relies on the following third-party services, each governed by their own privacy practices:
Google Firebase — authentication, database, storage, push, AI proxy.
DenLumen surfaces educational references and is not medical, veterinary, or psychological advice. The Reference Library cites peer-reviewed research and authoritative clinical guidelines, but decisions about care should be made with a qualified professional. DenLumen does not diagnose conditions, prescribe medications, or recommend doses.
Changes to this policy
We will update this policy if our data practices change. The "Last updated" date above will change, and substantive changes will be surfaced in-app the next time you open DenLumen so you have an opportunity to review them.