Lumo
Lumo is Proton’s privacy-focused AI assistant. It uses open-source language models on Proton-controlled servers and is integrated with Proton’s broader product ecosystem.
Model
Proton says saved chats use zero-access encryption, chats are not used to train models, and requests and responses are not retained as conversation logs.
For live inference, the user’s device encrypts a request key to the LLM server’s public key. The LLM server holds the matching private key and decrypts the prompt to perform inference. Proton calls this User-to-Lumo encryption, not conventional end-to-end encryption.
Proton Lumo security model preserves the source and the exact distinction.
Lesson for the venture
Lumo proves that a mainstream, privacy-centered AI product can be useful without training on customer chats or selling advertising access. Its encrypted history and internal routing are material improvements over ordinary AI chat.
The remaining opportunity is not to claim Lumo is worthless. It is to give the user’s own client more proof about the live runtime: fresh attestation, model and release measurement, key release, and a privacy receipt.
Limit
No public client code or no-logs statement by itself lets a user cryptographically verify the exact production workload that sees their live prompt. That is the difference between a privacy commitment with good architecture and Confidential AI computing with client-verifiable evidence.