Article illustration 1

As AI chatbots like ChatGPT become ubiquitous, they often come with a Faustian bargain: convenience at the cost of privacy, with user data mined to refine models. Proton—renowned for its staunch commitment to security with Proton Mail and VPN—is disrupting this paradigm with Lumo, a new AI assistant designed from the ground up to protect user data. Announced in July 2025, Lumo stores all interactions locally on-device, ensuring Proton never accesses or trains on personal information. This isn't just a feature; it's a philosophical stance against surveillance capitalism, resonating deeply in an era where 72% of users distrust AI data practices.

Core Innovations: Privacy as the Default

Lumo's architecture is built on Proton's legacy of zero-access encryption, a principle the company championed as early as 2018. As Ben Wolford, Proton's founder, stated: "We drastically reduce security and privacy vulnerabilities by ensuring we ourselves do not have access to your data." Here’s how Lumo operationalizes this:

  1. Local Data Storage: All chats, queries, and analyses reside solely on the user's device. Unlike cloud-based rivals, no data is sent to Proton’s servers, eliminating risks of corporate access or breaches.
  2. Privacy-Centric Web Search: While Lumo can search the web for real-time information, this feature is disabled by default. When enabled, it routes queries exclusively through engines like DuckDuckGo, avoiding tracking-heavy alternatives.
  3. Secure File Analysis: Users can upload documents (e.g., PDFs, text files) for summarization or Q&A. Crucially, files are processed transiently—nothing is saved or retained. For Proton Drive users, end-to-end encrypted files can be linked directly, adding a layer of security.
  4. Ghost Mode: Close the app, and your chat history vanishes permanently. This ephemeral design ensures sensitive conversations leave no digital footprint.

Under the hood, Lumo leverages open-source large language models (LLMs) such as Mistral Small 3, OpenHands 32B, and OLMO 2 32B. It intelligently selects the optimal model for each query, sparing users manual switches. This open approach not only enhances transparency but also invites developer scrutiny and contributions—a nod to Proton’s alignment with ethical AI communities.

Why This Matters for the Tech Ecosystem

Lumo arrives amid escalating scrutiny of AI data practices. Regulatory bodies like the EU are pushing for stricter data governance, while developers grapple with ethical dilemmas in model training. By eschewing data harvesting, Proton sets a precedent: AI can be powerful without being invasive. For engineers, Lumo demonstrates how retrieval-augmented generation (RAG) and local processing can reduce dependency on centralized, opaque systems. It also pressures giants like OpenAI and Google to justify their data retention policies.

"Proton’s move isn’t just about a chatbot; it’s a referendum on trust in AI," says Elyse Betters Picaro, ZDNET’s reviewer. "Lumo proves privacy and functionality aren’t mutually exclusive."

How to Access Lumo

Available now for free—no Proton account required—Lumo can be tested via web or mobile apps (iOS/Android). Its accessibility lowers barriers for privacy-conscious users, though enterprises might await Proton’s planned premium tiers for advanced features.

In a landscape where AI innovation often outpaces ethics, Lumo offers a blueprint for responsible development. It empowers users to reclaim control, turning privacy from an afterthought into the foundation. For developers, it’s a call to build tools that respect human dignity—not just datasets.

Source: ZDNET (Original reporting by Jack Wallen)