What Lume sees on your machine
When you dwell on a page for 5+ seconds with at least one scroll, Lume extracts the page title, H1 headings, the description meta tag, and og:title/og:description. That text is fed to a sentence-transformer model running entirely in your browser to produce an embedding vector.
Where that data goes
Nowhere outside your browser. The extracted text, the embedding vectors, and your reading history are stored in your browser's local IndexedDB. They are never transmitted to us, to Mozilla, or to any third party.
What we collect
Nothing. We operate no servers that receive user data. We have no analytics, no error reporting, no telemetry, no accounts.
Network requests Lume makes
1. A one-time model download from huggingface.co and *.hf.co (Hugging Face's CDN). The model is cached in your browser forever after; no further downloads.
2. A periodic news-feed fetch from story-discovery-feed.digitalhen.workers.dev (a Cloudflare Worker we operate). The feed served is identical for every user. No user data, query parameters, or identifying headers are sent — just a plain GET request.
Excluded automatically
gmail.com, accounts.google.com, localhost, IP-literal addresses, banking domains (anything with bank or banking in the hostname), and any sites you choose to mute from the Discovery page.
Uninstall
Removing Lume wipes all stored data via the browser's normal extension-storage cleanup.
Source code is fully public at https://github.com/digitalhen/story-discovery-localai — the privacy claims above are verifiable by reading the code.