AI chat assistants often require users to trade privacy for convenience, with many mainstream platforms storing, analyzing, and even using your conversations to train their models. This approach exposes sensitive information to risks ranging from data leaks to unwanted surveillance. Proton, widely recognized for its secure email and VPN products, has introduced Lumo—a new AI chatbot designed to solve these privacy problems by putting user confidentiality at the forefront.

Zero-Access Encryption: Conversations That Stay Private

Lumo’s standout feature is its strict approach to data privacy. Unlike most AI chatbots, which store chat logs on company servers, Lumo employs zero-access encryption. This means any conversation you save is encrypted in a way that only your device can decrypt—Proton itself cannot read or access your chat history. Even if Proton’s infrastructure were compromised, your conversations would remain inaccessible to anyone but you.

When you use Lumo without logging in, no chat history is saved at all. If you sign in with a Proton account, your chat history syncs across devices, but remains encrypted end-to-end, ensuring only you have the decryption key.

No Data Harvesting or AI Model Training

Most AI chatbots improve their responses by learning from user conversations, but this practice can inadvertently expose private details. Lumo takes a different route: your chats are never used to train its underlying AI models. The language models powering Lumo are trained only on carefully selected, publicly available datasets, with a knowledge cutoff in October 2023. This prevents your personal information from being repurposed for future AI responses or shared with third parties.

Open-Source and Transparent Architecture

Transparency is often missing from AI tools, but Lumo’s codebase is open source. Anyone can inspect how its privacy measures work, which builds trust and allows independent verification of Proton’s claims. The underlying AI models—such as Mistral’s Nemo and Nvidia’s OpenHands 32B—run exclusively on Proton’s European servers, keeping your data within privacy-friendly jurisdictions and away from mass surveillance alliances.

Privacy-First Productivity Features

Lumo isn’t just about privacy—it also competes with leading AI chatbots in utility. You can:

  • Summarize documents, rewrite emails, and generate code.
  • Upload files for analysis; these files are not stored or used for training.
  • Integrate with Proton Drive, so even attachments remain encrypted.
  • Use “Ghost mode” to ensure chats are deleted permanently once you close them.
  • Enable web search on demand, using privacy-friendly search engines—this feature is off by default to maximize confidentiality.

How to Start Using Lumo

Getting started with Lumo is straightforward. You can chat with the AI directly at lumo.proton.me without needing to create an account. For those who want features like encrypted chat history, cross-device sync, and higher usage limits, signing in with a Proton account unlocks additional capabilities. Mobile apps for iOS and Android are also available, making it easy to access Lumo securely from your phone or tablet.

For users with heavier workloads, the paid Lumo Plus subscription removes limits on chats and file uploads, extends chat history, and unlocks support for larger files. Proton’s business model avoids advertising and data sales, relying instead on subscriptions and community support, which further reduces incentives to collect or exploit user data.

Comparing Lumo to Other AI Chatbots

While AI assistants like ChatGPT, Gemini, and Copilot offer powerful capabilities, they typically store user data, may use conversations for model training, and are often based in jurisdictions with weaker privacy protections. Lumo differentiates itself by:

  • Never storing unencrypted chat logs on servers.
  • Never using your conversations to train its models.
  • Operating under strict European privacy laws, including GDPR compliance.
  • Offering full code transparency through open-source releases.
  • Running entirely on Proton’s own infrastructure, with no third-party data sharing.

Security and Jurisdiction: Why Location Matters

Proton’s decision to base Lumo’s infrastructure in Europe—outside the reach of US and Chinese surveillance—bolsters its privacy guarantees. Legal protections in the EU and Switzerland provide strong safeguards against government data requests and mass surveillance, making Lumo a safer choice for users with high confidentiality needs, such as journalists, activists, and businesses handling sensitive information.

What to Expect: Limitations and Future Prospects

Lumo’s privacy-centric design comes with certain trade-offs. For example, web search is not enabled by default, and the AI’s knowledge base is frozen at its last training update in October 2023. This means it may not provide real-time answers unless you explicitly turn on web search. Currently, direct image uploads are not supported, though file analysis is available for text-based documents.

Proton’s ongoing investment in European infrastructure and open-source development signals a commitment to advancing privacy in AI, even as other companies double down on data collection. With Lumo, users gain a practical tool for everyday tasks without surrendering control over their personal information.

Lumo shows that you don’t have to sacrifice privacy for AI-powered productivity. By keeping your data encrypted and out of reach—even from Proton itself—it sets a new standard for confidential digital assistance.