# Lumo (Proton AI)

Category: ai · hosted
Grade: B
KYC: EMAIL
Highlights: NO-LOGS, NO-TRAINING, ZERO-ACCESS, PROTON-INTEGRATED
Features: no_logs, no_training, encrypted_at_rest, free_tier, guest_mode, open_source_models, swiss_jurisdiction
Fees: Free tier · Proton Unlimited from $9.99/mo · BTC, cash by mail, card, PayPal, Google Pay (no XMR yet)
Web: https://lumo.proton.me
Tor: https://lumo.protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion
Contact: X: https://x.com/ProtonPrivacy
Last verified: 2026-05-30
Operating since: 2025 (1y) — Lumo launched 2025 by Proton AG (Proton itself founded 2014; product is younger than the operator).
Also listed at: Privacy Guides

> Proton's privacy-respecting AI assistant — zero-access encryption, no chat-training, Proton account required (no XMR payment yet).

## Review

**Background.** Proton's hosted AI assistant, launched 2025. Runs open-source models (OpenHermes, Mistral derivatives) on Proton-controlled inference infrastructure in Switzerland/EU — not a proxy to OpenAI/Anthropic. Per Proton's published architecture: chats are encrypted at rest with keys derived from the user's password; Proton servers can't decrypt them. Same zero-access-encryption posture as ProtonMail and Proton Pass.

**What you trust.** Two things, separately. First, the encryption claim (chats unreadable to Proton's servers) is technically verifiable from the Proton clients' open-source code. Second, the no-training claim (Lumo does not train models on user conversations) is operator-stated and not yet independently audited — treat it as a policy promise from a Swiss company with a 12-year track record on similar promises, not as cryptographic certainty. Both Proton's mail product and Pass have undergone Cure53 audits; whether Lumo gets the same audit treatment is open.

**Operational specs.** Free tier with guest mode (no account, limited model access, no chat persistence, modest rate limits). Account-required tier gives full model access + chat history + Proton ecosystem integration (drag a Proton Mail attachment into Lumo for summarization, etc.). Paid Proton Unlimited bundle ($9.99/mo annual) covers Lumo + Mail + VPN + Drive + Pass. Payment rails: Bitcoin, cash by mail, credit/debit, PayPal, Google Pay. **No native Monero payment** — operator-acknowledged gap as of 2026-05-30, no published timeline.

**Operator philosophy.** Proton AG, Geneva, Switzerland. Founded 2014, currently 12-year operator track record across mail / VPN / drive / pass / Lumo. Public stance: privacy-by-default, no advertising business model, Swiss jurisdiction (no US/UK/AU lawful-access reach). Vertically integrated — Proton account is one identity across mail + drive + pass + VPN + Lumo, which is convenient but is also the concentration risk (see Caveats).

**Grade rationale (B).** A-grade in our AI category is reserved for no-account, local-model, or confidential-compute options (Venice.ai, NanoGPT, PrivateMode, Ollama, Jan.ai). Lumo is hosted-by-operator with mandatory account for full features — that's structurally B, not A. The encryption posture + operator track record + payment privacy keep it solidly in the B tier (above OpenRouter which is purely an aggregator and above b-ai which is a multi-channel agent platform). If/when Lumo adds (a) no-account flow with feature parity, (b) Monero payment, or (c) third-party audit of the no-training claim, the case for B+ or A- gets stronger.

**Useful when.** You already use the Proton ecosystem (Mail/Pass/VPN/Drive) and want an AI that fits the same trust model. You need privacy-respecting AI for sensitive drafting (legal, medical, business) but can tolerate an email-based identity. You want Bitcoin or cash payment options without a separate signup flow. For users who specifically need no-account AI, **see Venice.ai (A) or NanoGPT (A)** instead — both accept XMR and require no identity at all.

**Caveats.**
- Proton-account requirement creates an email-tied identity. Pseudonymous Proton signup via Tor is supported but a privacy cost vs no-account A-tier peers.
- **No Monero payment yet** — operator-acknowledged on 2026-05-30, no published roadmap. Bitcoin + cash work for the paid tier; the no-payment guest tier sidesteps this.
- **Proton concentration risk:** this is Proton's 3rd xmr.club listing (Mail A, Pass A, Lumo B). Single Proton account = trust anchor across mail + drive + password + VPN + AI. Account compromise has wider blast radius than single-product accounts. Mitigate with 2FA + hardware key + recovery-phrase discipline.
- The no-training-on-user-data claim is operator-stated, not yet independently audited. Proton's track record on similar claims is strong but cryptographic verification is absent — treat accordingly.
- Bitcoin payment doesn't strip the email identity from the Proton account itself; payment privacy is separate from account privacy.
- Closed-source serving stack — even though the underlying models (OpenHermes, Mistral) are open-source, the inference pipeline + chat-encryption client isn't fully open. Verification is limited to the Proton client codebase that's been published.
- Newer product than no-account A-tier peers (Venice 2023, NanoGPT 2023). Less long-term operational data on Lumo specifically; weight the operator-level history vs product-level history when judging.

Source: https://xmr.club/ai/lumo