“Ask me anything. It’s confidential.” - “The AI that respects your privacy”
Lumo is an AI assistant from Proton with a focus on confidentiality, no-logs, and zero-access encryption.
The tool supports, among other things, research, writing, translations, file analysis, coding assistance, and optional web search; in addition, there are Projects as well as integration with Proton Drive. Proton positions Lumo as a European, privacy-focused alternative to common AI chats.
Lumo
Ask me anything. It’s confidential
Location: Switzerland ⓘ Proton AG, Route de la Galaise 32, 1228 Plan-les-Ouates, Geneva, Switzerland
Target audience
Lumo is aimed at private users, freelancers, teams, and privacy-sensitive organizations that want to use an AI assistant for research, writing, translations, file analysis, and productivity tasks without having to share their content by default for training, profiling, or log storage. The tool is particularly relevant for legal, consulting, healthcare, finance, education, and tech environments where confidential information is processed. For companies, Proton explicitly positions Lumo as a team solution with admin functions and a European data protection focus.
Outstanding features
Notable features include no logs, zero-access encrypted chat history, Ghost Mode, optional web search, analysis of uploaded files, Projects for persistent work contexts, and Proton Drive integration. Proton also emphasizes that Lumo is based on open source code, uses open models, and runs on servers controlled by Proton. Administrative control options are added for business users.
Main use cases
Lumo is suitable for everyday knowledge work: brainstorming, planning, draft writing, language revision, translations, coding help, summaries, and document review. Through Projects and Drive, it can structure recurring contexts such as mandates, client projects, academic work, or travel planning and make them usable across sessions. Proton also mentions specific business scenarios such as contract drafts, data analysis, meeting notes, and strategy work.
Usage & notes
Lumo can be used in the browser as well as via iOS and Android apps; guest access is possible without an account, with more features available through a Proton account. For reliable daily use, Plus is significantly more practical than Free. Important: Proton itself points out that Lumo may be inaccurate with current or very specific questions; results should therefore be checked. In addition, no on-prem version has been publicly verified, and current file support is not yet fully universal.
| Target audience | Assessment |
|---|---|
| Private individuals | Very suitable – for chat, writing, learning, brainstorming, summaries, and simple AI use with a strong privacy focus. |
| Privacy-conscious users | Very suitable – Lumo is explicitly positioned as a privacy-first AI assistant. |
| Self-employed / freelancers | Suitable – for non-highly sensitive writing, research, and productivity tasks when privacy is more important than maximum model variety. |
| SMEs / teams | Conditionally suitable – good for individual users, but not a classic enterprise AI platform with admin/team governance like Langdock or Mistral Team. |
| Large enterprises | Rather conditionally suitable – due to the lack of a clear enterprise admin, DPA, and integration structure for large organizations. |
| Developers / API teams | Rather not suitable – Lumo is an end-user chat assistant, not an LLM API platform. |
Hosting & Data
1) On-prem / local hosting
Meaning: The company operates the solution on its own hardware or within its own infrastructure. In the strictest sense, not only the application runs locally, but ideally the model as well.
2) Private cloud / data center
Meaning: The solution runs in a dedicated or more clearly separated cloud environment, often with a hosting provider or hyperscaler, but in a German data center or in a particularly controlled environment.
3) EU SaaS / managed
Meaning: The provider operates the solution itself as a service. The company uses the tool as a ready-made cloud service, ideally with EU data residency.
4) Hybrid
Meaning: One part of the processing remains internal / local / in a private cloud, while another part runs in an external cloud or EU SaaS.
5) AVV / DPA
Meaning: This is the data processing agreement or Data Processing Addendum. It governs that the provider processes personal data on behalf of the customer and is bound by the customer's instructions.
6) No training
Meaning: The provider does not use your prompts, uploads, attachments, chat histories, or outputs for training or improving the general model — ideally excluded by contract.
7) Open-source / transparency path
Meaning: There is a path toward greater technical transparency and sovereignty, for example through:
- open models
- documented components
- self-hostable parts
- traceable architecture
- export / switching options
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not mention an on-premises, local, or self-hosted deployment option for Lumo. Only the SaaS/Proton-powered version was found.
Private Cloud / Data Center: Unclear
The website states that the models run on “servers Proton controls.” However, there is no mention of a dedicated or isolated private cloud environment for customers or a specific EU/EEA data center for Lumo.
EU SaaS / Managed: Partially
Lumo is described as a European service, and Proton refers to Lumo as “built and based in Europe” and “subject to GDPR.” However, the website does not specify a specific EU/EEA data center location or explicitly state that Lumo’s data is resident in the EU.
Hybrid: partially
There is an indirect hybrid aspect: according to the website, stored chats are kept on the device and are synchronized with Proton only in encrypted form; additionally, web search is optional and can send a simplified request to partner APIs. However, a formal hybrid architecture for enterprise customers is not specified.
DPA: Covered
A general Proton DPA/AVV is published on the website. It describes Proton AG as a data processor, explicitly refers to the GDPR, and addresses subprocessors, audits, deletion/return, and international transfers.
No training: covered
The website clearly states for Lumo that chats are not used to train AI models, data is not shared with third parties, and the models run on servers controlled by Proton. An opt-out is therefore effectively unnecessary because, according to the website, training using chats does not occur by default.
Open Source / Transparency: Partially
The website states that Lumo’s code is open source and that Lumo is based on open-source LLMs. This provides transparency. However, the website does not specify a fully self-hostable open-source path or an on-premises option for Lumo.
Data Processing
According to the information found on the website, Lumo processes inputs to generate responses; when chat histories are stored, both inputs and outputs are encrypted using zero-knowledge encryption. Proton describes Lumo’s architecture as “no logs,” meaning that data is deleted after processing and no chat metadata—such as timestamps, IP addresses, or chat context—is stored. According to support, saved chats are available on the device and are synchronized with Proton using zero-access encryption. When web search is enabled, a simplified version of the query can be sent to selected partner APIs. Specific Lumo subprocessors, specific data center locations, and an explicit EU data residency are not specified on the Lumo/Proton pages found.
Conclusion
From a website perspective, Lumo appears to be strongly privacy-oriented and comparatively well-documented for an EU/EEA tool directory: European classification, GDPR compliance, DPA/AVV, open source, no training using chats, no logs, and Proton-controlled servers. However, to give a clear “yes,” the website lacks reliable evidence of a specific EU/EEA data residency or a specific EU/EEA data center for Lumo, as well as a clearly documented hosting option outside of standard SaaS. Therefore, the overall rating is “conditional.”
Sources
| On-prem / local hosting | ❓ |
| Private cloud / data center | ❓ |
| EU SaaS / Managed | ⚠️ |
| Hybrid | ⚠️ |
| DPA / AVV | ✅ |
| No training on customer data | ✅ |
| Open source / transparency path | ⚠️ |
On-prem / local hosting: indirect / not available
The website does not mention an on-premises, local, or self-hosted deployment option for Lumo. Only the SaaS/Proton-powered version was found.
Private Cloud / Data Center: Unclear
The website states that the models run on “servers Proton controls.” However, there is no mention of a dedicated or isolated private cloud environment for customers or a specific EU/EEA data center for Lumo.
EU SaaS / Managed: Partially
Lumo is described as a European service, and Proton refers to Lumo as “built and based in Europe” and “subject to GDPR.” However, the website does not specify a specific EU/EEA data center location or explicitly state that Lumo’s data is resident in the EU.
Hybrid: partially
There is an indirect hybrid aspect: according to the website, stored chats are kept on the device and are synchronized with Proton only in encrypted form; additionally, web search is optional and can send a simplified request to partner APIs. However, a formal hybrid architecture for enterprise customers is not specified.
DPA: Covered
A general Proton DPA/AVV is published on the website. It describes Proton AG as a data processor, explicitly refers to the GDPR, and addresses subprocessors, audits, deletion/return, and international transfers.
No training: covered
The website clearly states for Lumo that chats are not used to train AI models, data is not shared with third parties, and the models run on servers controlled by Proton. An opt-out is therefore effectively unnecessary because, according to the website, training using chats does not occur by default.
Open Source / Transparency: Partially
The website states that Lumo’s code is open source and that Lumo is based on open-source LLMs. This provides transparency. However, the website does not specify a fully self-hostable open-source path or an on-premises option for Lumo.
Data Processing
According to the information found on the website, Lumo processes inputs to generate responses; when chat histories are stored, both inputs and outputs are encrypted using zero-knowledge encryption. Proton describes Lumo’s architecture as “no logs,” meaning that data is deleted after processing and no chat metadata—such as timestamps, IP addresses, or chat context—is stored. According to support, saved chats are available on the device and are synchronized with Proton using zero-access encryption. When web search is enabled, a simplified version of the query can be sent to selected partner APIs. Specific Lumo subprocessors, specific data center locations, and an explicit EU data residency are not specified on the Lumo/Proton pages found.
Conclusion
From a website perspective, Lumo appears to be strongly privacy-oriented and comparatively well-documented for an EU/EEA tool directory: European classification, GDPR compliance, DPA/AVV, open source, no training using chats, no logs, and Proton-controlled servers. However, to give a clear “yes,” the website lacks reliable evidence of a specific EU/EEA data residency or a specific EU/EEA data center for Lumo, as well as a clearly documented hosting option outside of standard SaaS. Therefore, the overall rating is “conditional.”
Sources
Strengths & weaknesses at a glance
| Strengths | Weaknesses |
|---|---|
| • Very strong privacy positioning: no logs, no use for training, no data sharing, zero-access encryption. | • The free version is functionally limited; Plus is significantly more sensible for more intensive use. |
| • Guest use possible without an account; with an account, encrypted chat history. | • A publicly verified on-prem/self-hosting option is not available; what is publicly documented is primarily managed SaaS. |
| • Open-source app and, according to Proton, open models. | • Currently verified file types are limited to documents, spreadsheets, code, and PDFs; images/Proton Docs were most recently only announced as “coming soon.” |
| • Useful productivity features such as web search, file analysis, Projects, and Proton Drive integration. | • Proton itself points out that answers may be inaccurate for current or very specific topics. |
| • Business version for teams with admin functions. |
Reviews
0 reviews in total
There are no confirmed reviews for this tool yet.
Submit review
Your review will only become visible after email confirmation. This protects the portal against abuse.
Report review
Please select the reason why this review should be checked.
GDPR-compliant usage possible?
The website highlights several strong data protection and compliance measures for Lumo in the EU/EEA context: Proton explicitly states that it is “GDPR compliant,” designates an EU representative in Luxembourg, provides a privacy policy for Lumo, offers a general DPA/T&C for Proton services, and outlines a clear “no logs,” “no sharing,” and “no training” approach for Lumo. At the same time, a significant gap remains for a comprehensive assessment of the best possible EU/EEA setup: The website does not specify a concrete location of servers or data centers for Lumo within the EU/EEA or an explicit EU data residency for Lumo. An on-premises or self-hosting option is also not mentioned on the website. Therefore, while GDPR-compliant use from an EU/EEA perspective is plausible, it is not fully substantiated and is only reliable under certain conditions.
Positive
Positive aspects include Lumo’s product-specific privacy policy, the general Proton DPA/AVV, the explicit statement regarding GDPR compliance, the EU representative in Luxembourg, the statements “no logs,” “no training,” “never send your data to any third parties,” Proton’s control over the servers, and the open-source note regarding the code and models used.
Negative
On the negative side, or rather as a limitation, the Lumo website does not specify a concrete EU/EEA server location, does not explicitly state EU data residency, does not offer a dedicated private cloud option, and does not provide an on-premises or self-hosting option. Furthermore, Lumo’s privacy policy mentions only “selected partner APIs” for enabled web search, without naming them on the resulting Lumo page.
Server Location
The website states that Lumo’s models run “exclusively on servers Proton controls” and that Lumo is “built and based in Europe.” The website does not specify a specific location for the servers or data centers, nor does it name a particular EU or EEA country. Proton AG is based in Geneva, Switzerland; in addition, an EU representative in Luxembourg is listed.