Lumo is fairly called a privacy-focused AI chatbot because Proton says it keeps no chat logs, does not use chats to train models, stores saved conversations with zero-access encryption, and runs inference on Proton-controlled servers. The key qualifier is simple: private does not mean invisible — prompts are still processed on Proton’s infrastructure, and optional web search sends a simplified version of your query to selected partner APIs.
That narrower definition matters because the AI chatbot trust gap is mostly about what happens after you type: retention, training, sharing, and who can read the data. On those points, Lumo’s published policies are materially stricter than the default pattern in consumer AI chat.
What Proton’s privacy claim for Lumo actually covers
Proton’s main support page says Lumo does not keep server-side logs of your chats. It also says user conversations are not used for model training, which cuts against the standard chatbot bargain where your prompts can become product improvement fuel.
Proton also says saved chats are protected with zero-access encryption. In plain English, that means stored conversation history is encrypted in a way Proton says it cannot read after storage. The company makes the same claim for saved chats on Lumo’s product page, and says users can access Lumo without an account, including over Tor, which is unusual for a mainstream AI assistant.
The server design is another real distinction. Proton says Lumo runs on Proton-controlled GPU servers located in Europe, rather than sending prompts straight to a third-party model host. That does not make Lumo local — it is not — but it does narrow the set of parties handling prompt data.
That is the evidence-backed case for calling Lumo privacy-focused. Many chatbots offer knobs and promises; Lumo’s published posture is more specific: no logs, no training on chats, encrypted saved history, and Proton-operated serving infrastructure. If you have read our look at enterprise chatbot privacy settings, the distinction will feel familiar: privacy is mostly about retention and control, not magic.
The features in Lumo 2.0 that expand what data the chatbot can touch
Lumo 2.0 launched on June 30, 2026, and the upgrade added features that make the product more useful — and inevitably give it more user data to work with. TechCrunch reported that the update added image support, a “thinking” mode, faster performance claims from Proton, and persistent memory inside Projects.
The biggest privacy-relevant change is Projects. Proton’s support page says Projects are end-to-end encrypted workspaces that can hold files, instructions, and chat context for ongoing tasks. Users can also link Proton Drive folders to a Project, letting Lumo pull from a larger personal corpus than a one-off chat ever could.
That expands what Lumo can “remember,” even if Proton says the storage remains protected. Proton says files added to Projects are indexed for smart retrieval, and that the Project store is end-to-end encrypted. In other words, the memory is not casual. It is structured, searchable context built to persist across sessions.
Projects make Lumo more capable by design, but they also increase the amount of retained user material. That is not a contradiction. It is just the tradeoff. A chatbot cannot remember your research folder, working draft, and standing instructions without retaining more than a disposable chat box.
TechCrunch reported that persistent memory now works within Projects, which means Lumo 2.0 is moving closer to the standard “assistant that knows your stuff” model. The difference is that Proton says this retained context is stored under the same privacy architecture rather than being mined for training or broadly logged.
The policy limits that keep Lumo from being fully local or fully invisible
The first limit is the obvious one: Lumo processes prompts on Proton-controlled GPU servers. Proton says prompts are re-encrypted after processing when chats are saved, but the compute still happens on infrastructure Proton operates. Lumo is private in the hosted-service sense, not private in the “runs only on your laptop” sense.
The second limit is web search. Proton’s privacy policy says that when users enable search, Lumo sends a simplified version of the request to selected third-party search API partners. Proton says it does this without sending the full chat history, but the effect is still clear: web-enabled chats are not confined entirely to Proton’s own systems.
A short comparison makes the model clearer:
| Privacy question | Lumo’s published answer |
|---|---|
| Are chats used to train the model? | No, Proton says chats are not used for training. |
| Does Proton keep chat logs? | Proton says it keeps no server-side chat logs. |
| Are saved chats encrypted at rest? | Yes, with zero-access encryption. |
| Is it fully local? | No, prompts are processed on Proton-controlled servers. |
| Does web search share data externally? | Yes, a simplified query goes to partner APIs when search is used. |
There are smaller limits too. Lumo’s privacy policy says native apps may collect crash reports and app statistics through mobile platform providers or Proton’s self-hosted crash reporting systems. That is ordinary app plumbing, not the chat content model itself, but it is still data collection.
There is also a sourcing limit. Proton’s strongest privacy claims are still vendor claims. The available material here includes Proton’s support pages, product page, privacy policy, and reporting on the Lumo 2.0 release, but not an independent public audit of Lumo’s full end-to-end system.
“Your chats are not used for training, and Lumo does not keep server logs of your conversations,” Proton says in its Lumo privacy explanation.
That leaves Lumo in a useful middle category. It is not a fully local model, not an anonymous black hole, and not a system that never shares anything under any feature flag. But compared with typical consumer chatbots that retain conversations, tune models on user data, or route more handling through outside vendors, Lumo’s published privacy posture is substantially tighter.
The best way to state the verdict is the least dramatic one. Yes, Lumo can be called privacy-focused, and the evidence is specific. The claim holds because Proton has spelled out what it does not do — logging chats for retention, training on your conversations, exposing saved history in plaintext storage — and what it does do instead.
What changed in Lumo 2.0 does not break that case, but it does make the boundaries more important. Image inputs, Projects memory, Drive-linked files, and web search all increase the scope of data the assistant can act on. The privacy story still depends on trusting Proton’s architecture and policy enforcement.
The next concrete reference point is Proton’s own product documentation. The Lumo privacy page, Projects guide, and privacy policy are where the company has put the technical and legal details in writing, and those details will matter more as Lumo adds broader assistant features.
Key Takeaways
- Lumo is reasonably described as a privacy-focused AI chatbot because Proton says it keeps no server-side chat logs, does not use chats for training, and encrypts saved chats with zero-access encryption.
- Lumo is not a local model because prompts are processed on Proton-controlled GPU servers before saved chats are re-encrypted.
- Lumo 2.0 expanded retained context by adding persistent memory in Projects, plus image support and other assistant features.
- Projects increase the amount of user data Lumo can work with because Proton says they can store files, link Proton Drive folders, and index content for smart retrieval.
- Optional web search is the clearest external-sharing limit because Lumo sends a simplified query to selected partner APIs when that feature is enabled.
Further Reading
- Lumo privacy — Proton’s main explanation of no-logs, no-training, encryption, metadata, and server handling.
- Lumo by Proton - Privacy Policy — The formal policy covering processing, app analytics, and web-search partner sharing.
- How to use Projects in Lumo — Proton’s explanation of Projects, file handling, Drive linking, and encrypted retrieval.
- About Lumo, the privacy-first AI assistant — Product page outlining positioning, saved-chat protections, and guest access.
- Lumo, Proton’s privacy-focused AI chatbot, gets an upgrade — Reporting on the June 30, 2026, Lumo 2.0 update and new features.
Frequently Asked Questions
Is Proton Lumo more private than ChatGPT?
On Proton’s published policies, yes, in the narrow retention-and-training sense. Proton says Lumo does not use chats for model training and keeps no server-side chat logs, which is a stronger default privacy posture than many mainstream consumer chatbots have historically offered. The comparison is about data handling, not raw model capability.
Does Proton Lumo store your chats?
Saved chats are stored, but Proton says they are protected with zero-access encryption rather than left readable in ordinary server storage (support page, product page). Proton also says it does not keep server-side logs of chat content. If you use Projects, Proton says those workspaces can retain more context over time in an encrypted form.
Is Lumo fully end-to-end encrypted while you chat?
No, not in the live-processing sense. Proton says prompts are processed on Proton-controlled GPU servers, which means the model has to see the content to answer. Proton’s stronger encryption claim applies to saved chats and Project storage, not to a purely local inference model that never leaves your device.
What happens when you use web search in Lumo?
A simplified version of your request is sent to selected third-party partner APIs when web search is enabled, according to Lumo’s privacy policy. Proton says it does not send the full conversation history for that feature. Still, search-enabled use is not contained entirely inside Proton’s own infrastructure.
Do Lumo Projects change the privacy picture?
Yes, mostly by expanding how much data Lumo can retain and use for context. Proton says Projects can store files, connect Proton Drive folders, and index content for retrieval, while keeping that storage end-to-end encrypted. That improves continuity, but it also means the assistant can touch a larger pool of your material.
References
- Proton, 2026 — Lumo privacy
- Proton, 2026 — Lumo by Proton - Privacy Policy
- Proton, 2026 — How to use Projects in Lumo
- Proton, 2026 — About Lumo, the privacy-first AI assistant
- TechCrunch, 2026 — Lumo, Proton’s privacy-focused AI chatbot, gets an upgrade
Last reviewed: 2026-06
Originally published on novaknown.com
Top comments (0)