Privacy Policy

Last Revised: 2024-07-03 10:18:08

Meta Flow Ltd. d/b/a Lumen (“Meta Flow,” “Company,” “we” or “us”) is committed to protect the privacy of the users of our website located at (the “Website”) and of the users of the Lumen device (the “Lumen Device”) and of the services we provide in connection with use of the Lumen Device through the Lumen mobile application (respectively: “User(s)” or “you”; the “Lumen Services” and the “Lumen App”), in compliance with applicable privacy and personal data laws and regulations. The Website, the Lumen Device, the Lumen Services and the Lumen App shall be together referred to hereunder as the “Services”.
This Privacy Policy (the “Privacy Policy”) is intended to describe our practices regarding the information we may collect from you when you use the Services, the ways in which we may use such information, and the options and rights available to you. This Privacy Policy supplements, and should be read in conjunction with our Terms of Use (the “TOU”), which provides additional information on the Services. Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our TOU.

If you are a resident of California, please see our California Privacy Rights Statement for information about California Privacy Rights, and other required disclosures.





2. Types of information we may collect from our Users

We may collect three types of data and information from our Users:

i. Personal Information, which is information that identifies an individual or may, with reasonable effort, identify an individual, either alone or in combination with other information, all unless anonymized, such as name, email, address or exact location. Some technical parameters may also be considered as Personal Information, such as IP address and UDID (Unique Device Identifier); and

ii. Health, Wellness and Nutrition Related Information (“Health Information”), which is Information that is not necessarily Personal in nature and corresponds to a measurement of your physical/mental objective and/or subjective state and nutrition data, such as height, weight, sleep habits, food, caffeine and water intake, heart rate, breath data, real-time assessment of carbohydrate availability and metabolic fuel use as measured via use of the Lumen Device and through the Lumen App, as well as body activity data, such as types of exercise, number of steps, speed and distance and any Personal Information we derive from such information; and

‍iii. Non-personal Information, which is non-identifying and without reference to the identity of any User, such as technical data that is necessary for the performance of the Services, for example, app analytics, taps and inputs, Wi-Fi network information, operating system, mobile device type, Lumen Device technical information, browser and keyboard language, the 'click-stream' and activities on the Services, and the period of time the Services were used and related timestamps. For purposes of this Privacy Policy, we will treat any User Personal Information that is anonymized and deidentified in a way that such User can no longer be personally identified as Non-personal Information and may use or share this information in aggregated form for statistical, research or other lawful purposes.

For the avoidance of doubt, we will treat any Non-personal Information connected or linked to any Personal Information as Personal Information as long as such connection or linkage exists. In this context, it is important to note that Health Information is included within the category of Personal Information for the purposes of this Privacy Policy.

3. How do we collect information?

We collect personal information from you and any devices (including mobile devices) you use when you: use or access our Services, register for an account with us, provide us information on a web form or other text field, update or add information to your account, or through correspondence you and we conduct with each other.

More specifically we collect and use the following categories and types of information:

3.1. Personal information you provide us when you use our Services. Generally, this category refers to any information, data, or content you actively and voluntarily create or provide through our Services such as:

  • Contact information such as your name, email, physical address, or telephone number that you provide through the Services when you fill out an online form or register for an account with us or when you update your account details.
  • Information you provide during a transaction you perform through the Services, or other transaction-based content that you generate related to such transaction.
  • Other content that you generate, or your actions in your use of your account (such as adding items to your shopping cart, adding items to your saved items list, etc.)
  • Health Information and any other information you provide us in the scope of your use of the Lumen Services, the Lumen App, and the Lumen Device, such as breath samples, daily diet, exercise routine, emotional and mental state, perceived sense of viability, as well as ongoing feedbacks that you provide us regarding your satisfaction from the diet plans, the difficulty to follow-up with the plans, etc.
  • The contents of your interaction with our customer support or sales departments, which may include text/video/audio recordings and transcripts of such communications including information you enter in our “Contact Us” online form or any similar input.
  • Financial information (such as credit card or bank account numbers) that you provide us in the scope of transactions you make through the Services, which is processed by our third party services providers as further detailed below and to which we have no access.
  • Shipping, delivery, postage, billing, and other information used to transact and deliver through the Services, as well as, where applicable, information required to clear customs (such as Tax ID or other identification numbers).

3.2. Personal information we collect automatically when you use our Services. In other words, we are aware of your usage of the Services and Website and may gather, collect and record the information relating to such usage, including by using our third party service providers as detailed in Section 5 (sharing information with third parties) below, and by using “cookies” and other tracking technologies, as further detailed in Section 9 (Local Storage and Third Party Software/Service, Cookies and other Tracking Technology) below. We collect information about your interaction with and use of our Services, including in certain cases about your impressions of and reactions to our advertisements, and information related to our communications with you. This is the information we receive from devices (including mobile devices) and software you use when you access our Services. This information could include the following: mobile device geo-location, mobile devices motion, Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks and “clicks stream”, views and engagement with our advertisement and Services, information concerning your traffic to and from the Website, your referral URL to and from our Website, ad data, your IP address, your web login information, and location information as can be derived from your IP address. For more information about our use of these technologies, and how to control them, see here. We collect and process Personal Information that is derived from other Personal Information we collect or obtain from you. This means that we process Personal Information in order to provide you with the output of our Lumen Services such as recommendations, suggested analysis, and other insights we may offer through the use of the Lumen Services. Please take into consideration that certain portions of such above mentioned information may also be collected from your device or software, when the Lumen App is running in the background, i.e. when it has been launched but not used. Please keep in mind - that most mobile devices and auxiliary software, allow you to control or disable the use of certain collectible information including location services, by any application, in the device's settings menu.

3.3. Personal information collected from third parties. When using the Lumen Services, you may choose to connect your Account with certain other third party accounts you hold with such third party applications and platforms (such as Apple Health Kit, Android Fit, etc.), and thereby providing us with access to information available on such accounts. To the extent that information is linked or connected to your identity, we will treat that information as your Personal Information.

3.4 Social Media - We allow you to share information with social platforms or use social platforms to create your Account or to connect your Account with the respective social platforms. Those social platforms may give us automatic access to certain Personal Information retained by them about you (e.g., content viewed by you, content liked by you, your public profile, other profiles you are associated with, and information about the advertisements you have been shown or have clicked on, etc.). You control the Personal Information you allow us to have access to through the privacy settings on the applicable social platforms and the permissions you give us when you grant us access to the Personal Information retained by the respective social platforms about you. We may also collect Personal Information concerning you, from third parties who have assured us that they have obtained your consent for such provision of information or that you have freely and publicly provided and those third parties have established an adequate legal basis for the processing and sharing of such information. For example, we may collect and use demographic and other information that is publicly available in an applicable jurisdiction, additional contact information, credit/check information, and information from credit bureaus, as allowed by applicable national laws. By associating your Account with your social platform account or other third party accounts and authorizing us to have access to information maintained by such third party accounts, you agree that we can collect, use and retain such information in accordance with this Privacy Policy.

4. The Purposes and Legal Basis of the Processing of Information

4.1. Legal Basis for processing We process your Personal Information, which is adequate, relevant and limited to what is necessary in relation to the purposes described in this Privacy Policy, based at least on one of the following legal grounds:

  • In Performing an agreement with you: We process your Personal Information in order to provide you with the Services, following your acceptance of this Privacy Policy and pursuant to the TOU; and to personalize the Services in order for you to get a better user experience.
  • With your consent: We may ask for your consent and approval to collect and process your Personal Information including specifically any Health Information for the purposes set forth in this Privacy Policy and you have the right to withdraw your consent in writing at any time.
  • Legitimate interest: We process your Personal Information for our legitimate interests while applying appropriate safeguards that protect your privacy and provided that such processing will not prejudice your interests, fundamental rights, and freedom. This means that we process your information for things like detecting, preventing, or otherwise addressing fraud, abuse, security, usability, functionality, or technical issues with our Services, protecting against harm to the rights, property, or safety of our properties, or our users, or the public as required or permitted by law; enforcing legal claims, including investigation of potential violations of this Privacy Policy; defending a legal claim made by you or on your behalf against us, in order to comply and/or fulfill our obligation under applicable laws, regulation, guidelines, industry standards, and contractual requirements, legal process, subpoena or governmental request, as well as our TOU. We may also use Personal Information to develop new services and features for our Users. Additional examples of us processing your Personal Information in accordance with legitimate interests would include: (i) where we disclose your Personal Information to any one or more of our associate/subsidiary companies following a restructure or for internal administrative purposes; or (ii) sharing Personal Information with our advisers and professional services providers (such as auditors).

4.2. Purpose of use. We may use the Personal Information that we collect about you for the following purposes:

  • To provide, operate and improve the Services.
  • To verify the identity of our Users
  • To personalize the Services and content provided to you, to customize and improve your use experience of the Services, and to enable you to retrieve your information.
  • To be able to contact Users for the purpose of providing them with technical assistance, support, handle requests and complaints and collect feedback
  • To send you updates, notices, notifications, and additional communications regarding the Services.
  • To study and analyze the information on an aggregated, statistical basis to discover patterns and anomalies, to study complications and treatment methods and improvements, and other health related research and development.
  • To enable us to further develop, customize and improve the Services based on Users’ common preferences, uses, third party services, features and functionalities, statistical and research purposes, attributes and anonymized data etc.
  • To prevent, detect, mitigate, and investigate fraud, security breaches or other potentially prohibited or illegal activities.
  • To display or send to you marketing and advertising material and general and personalized content and advertisement via the Services, the Website, email, postal mail, telephone, mobile devices and/or when you visit other sites.
  • To perform functions or services as otherwise described to you at the time of collection.
  • To comply with any applicable rule or regulation, to protect our legal interests and/or respond to or defend against (actual or potential) legal proceedings against us or our affiliates.

5. Sharing Information with Third Parties

We will not share or otherwise allow access to any Personal or Health Information it collects to any third party, except in the following cases:

5.1. Law enforcement, legal proceedings, and as authorized by law: We may disclose Personal Information to satisfy any applicable law, regulation, legal process, subpoena or governmental request;

5.2. Protecting Rights and Safety: We may share Personal Information to enforce this Privacy Policy and/or the TOU, including investigation of potential violations thereof; to detect, prevent, or otherwise address fraud, security or technical issues; to respond to claims that any content available on the Services or the Website violates the rights of third-parties; or otherwise if we believe in good faith that this will help protect the rights, property or personal safety of Meta Flow, any of our Users, or any member of the general public.

5.3. Our Affiliated Companies: We may share Personal Information internally with our affiliated companies for the purposes described in this Privacy Policy. In addition, when we or any of our affiliated companies is undergoing any change in control, including by means of merger, acquisition, or purchase of all or substantially all of its assets, we may share Personal Information with the parties involved in such event. If we believe that such change in control might materially affect your Personal Information then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Website or Services.

5.4. Third Party Services: We are partnering with several selected service providers, whose services and solutions complement, facilitate and enhance our own. Such Third Party Service Providers may have access to, or process on our behalf Personal and Health Information that we collect, hold, use, analyze, process and/or manage. These Service Providers include hosting, database, and server co-location services (e.g. Amazon Web Services), data analytics services (e.g. Google Analytics), session replay records for app analytic purposes such as crashes, functionality and usability (e.g. MixPanel), and our business, legal and financial advisors (collectively, "Third Party Service Providers"). We remain responsible for any Personal Information processing done by Third Party Service Providers on our behalf not in accordance with the terms hereof, except for events outside of its reasonable control and except for such Third Party Service Providers with whom you have a direct contractual relationship.

5.5. Your known health care providers, care management services or health care payers. In some instances, we will be working with you in conjunction with your own health care providers, care management services, or healthcare payers (insurance companies) (any such party is one of “Your Service Providers”). To the extent your relationship with us originates from one of Your Service Providers, we may provide your Personal Information to that party for its use in connection to the services it provides to you. Any Personal Information we provide back to Your Health Service Providers will be subject to those Your Service Providers own privacy policies and practices, and you should confer with Your Health Service Providers if you have any questions regarding their own usage and treatment of your Personal Information.

6. Storage, Transfer and Retention of your Information

Information regarding the Users will be maintained, processed, and stored by us and our authorized affiliates and service providers in the United States, EU and in Israel, and as necessary, in secured cloud storage provided by our Third Party Service Providers. While the data protection laws in the above jurisdictions may be different from the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keeping it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdictions. 

Specifically, if you reside in the EU or the UK, each of our Third Party Service Providers who stores or processes your Personal Information outside the EEA or the UK, either: (i) assured us, including through contractual means, that it provides adequate safeguards to protect your rights to privacy; or (ii) holds and processes such information on our behalf in a jurisdiction which has been determined to ensure an adequate level protection by the EU Commission or the UK government. We retain the Personal Information we collect only for as long as legitimately needed and to the extent required for the achievement of the purposes listed under Section 4 including without limitation, as reasonably necessary to comply with our legal obligations and/or protect our legitimate interests. We then either delete the information from our systems or anonymize it without further notice to you. Unless you notify us of your request to delete your Account as specified in Section 7 below, we may maintain your inactive Account including all data and reports therein, in order to allow you to reactivate the Account if you choose to renew your Subscription at a later stage.

7. Your Rights: Deletion, Withdrawal of Consent, modification or obtaining a copy of Personal Information

If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems or that we otherwise control. You may also ask for our confirmation as to whether we process your Personal Information or ask to withdraw any consent you have previously provided us in connection with our use and processing of your Personal Information. Exercising such rights of deletion and/or withdrawing such consent may result in our inability to provide you with our Services and in such event, we may notify you of the termination of our engagement with you or otherwise cease providing you with our Services. Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information the accuracy of which you contest while we verify the status of that data. Subject to the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party. If you wish to exercise any of these rights,withdraw your consent or raise a complaint on how we have handled your Personal Information, please contact us at: When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates, or as we are otherwise permitted under such law applicable to you. If you have additional concerns, you can also lodge a complaint with your local data protection authority.

General Data Protection Regulation (GDPR) - European Representative
Pursuant to Article 27 of the GDPR, we have appointed European Data Protection Office (EDPO) as our GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
-by using EDPO’s online request form: 
-by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

UK General Data Protection Regulation (GDPR) - UK Representative
Pursuant to Article 27 of the UK GDPR, we have appointed EDPO UK Ltd as our UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
-by using EDPO’s online request form:
-by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.

8. Minors

To open an Account on our Services, you must be over the age of 18. Without relieving you of your responsibility to comply with the TOU and the terms hereof we reserve the right (without obligation) to request proof of age at any stage so that we can verify that persons under the age of 18 are not using our Services. In the event that it comes to our knowledge that a person under the age of 18 is using our Services, we will prohibit and block such User from accessing our Services and will make all efforts to promptly delete any Personal Information (as such term is defined in herein) with regard to such User.

9. Cookies

We use cookies and other technologies in our related services, including when you visit our site or access our Services. 

A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website. Cookies are very helpful and can be used for various different purposes. These purposes include allowing you to navigate between pages efficiently, enable automatic activation of certain features, remembering your preferences and making the interaction between you and our Services quicker and easier. Cookies are also used to help ensure that the advertisements you see are relevant to you and your interests and to compile statistical data on your use of our Services. 

Our website uses cookies in order to provide you with Services, identify you for repeat visits, (for example to allow us to store your preferences for the next sign-in), and monitor and analyze our web access.

You may remove the cookies by following the instructions of your device preferences; You can find more information about cookies at; however, if you choose to disable cookies, some features of our Service may not operate properly and your online experience may be limited.

10. Direct Marketing

Subject to the applicable laws in your jurisdiction, we or our affiliated representatives, may send you promotional content or messages by e-mail, marketing calls, and similar forms of communication. If you wish not to receive such promotional messages or calls, you may inform us by sending a written notice by email to the following address: or by pressing the “Unsubscribe” link contained in the promotional communications you receive. Please note that we may also contact you with important information regarding your use of our Services and/or Website. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages.

11. How We Protect Personal Information

We maintain administrative, technical and physical safeguards designed to protect Personal and Health Information we obtain through our Services against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or use. Our Services, or parts thereof, are hosted using data hosts (such as AMAZON AWS), which provide advanced security features. We employ industry standard security procedures, including secured transmission protocols, SSL and advanced authentication.

However, we do not and cannot guarantee that unauthorized access will ever occur. We urge you to use the strongest password combination available on your mobile device and employ reasonable physical security means to protect unauthorized access. To the extent your local jurisdiction’s laws require us to notify you or local authorities of any breach of the security of your Personal Information, we will comply with such laws.

12. External Links

The Services may provide links to websites the Company does not control (including but not limited to Third-Party Connections). When the User clicks on one of these links, the User will be transferred out of the Services and connected to the website of the organization or company that the User selected. The company is not responsible for the nature, quality, or accuracy of the content or opinions expressed on such websites, and such websites are not investigated, monitored, or checked for quality, accuracy, or completeness by the Company. Inclusion of any linked website on the Service does not imply or express an approval or endorsement of the linked website by the Company or any content, opinions, products, or services provided on these websites. Even if an affiliation exists between the Service and a third-party website, the Company exercises no control over linked sites and has no responsibility for their privacy practices.

Each linked site maintains independent privacy and data collection policies and procedures. While Company expects its partners and affiliates to respect the privacy of Company’s users, Company cannot be responsible for the actions of third parties. If User visits a website linked from the Services, Company encourages User to consult that website's privacy policy before providing any personal information and whenever interacting with any website.

13. Changes to the Privacy Policy

Meta Flow reserves the right to change this Privacy Policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes to this Privacy Policy on the Services and/or we will send you an e-mail regarding such changes to the e-mail address that is registered with your Account. Such substantial changes will take effect seven (7) days after such notice was provided on any of the above-mentioned methods. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date, and your continued use of the Services or the Website after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

14. Notice of Electronic Disclosure

Subject to and in accordance with the terms hereof, your Personal Information may be stored, processed, conveyed, and in some instances, disclosed in an electronic format. Meta Flow will provide you with a written notice and request a separate authorization in the event of electronic disclosure as authorized or required by state or federal law.

15. Have Any Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email at: or by writing to the address below, and we will try to reply within a reasonable timeframe.

Meta Flow Ltd.
Address: 30 Ha’arba’a Street, Tel Aviv, Israel.

By contacting us, you warrant and agree that you are free to do so, and that you do not provide us with information that violates any third-party intellectual rights (the “Information”). Without derogating from the aforesaid, all rights, including intellectual property rights, arising from your communication with us will be owned by Meta Flow and will be considered as our confidential material. It is clarified that any use of the Information will be at our sole discretion, and we do not obligated to use all or any part of such  Information.