Public ledger of every directory change — grade bumps, KYC re-tests, sponsorship activations, incident updates. We log it so visitors can verify our claim that the editorial firewall holds.
The list is the product; this is the receipt of how it changes.
{"provider":{"id":"lumo","category":"ai","subcategory":"hosted","name":"Lumo (Proton AI)","tagline":"Proton's privacy-respecting AI assistant — zero-access encryption, no chat-training, Proton account required (no XMR payment yet).","review":"**Background.** Proton's hosted AI assistant, launched 2025. Runs open-source models (OpenHermes, Mistral derivatives) on Proton-controlled inference infrastructure in Switzerland/EU — not a proxy to OpenAI/Anthropic. Per Proton's published architecture: chats are encrypted at rest with keys derived from the user's password; Proton servers can't decrypt them. Same zero-access-encryption posture as ProtonMail and Proton Pass.\n\n**What you trust.** Two things, separately. First, the encryption claim (chats unreadable to Proton's servers) is technically verifiable from the Proton clients' open-source code. Second, the no-training claim (Lumo does not train models on user conversations) is operator-stated and not yet independently audited — treat it