Home/ Legal/ Privacy Policy
Last Updated: June 30, 2026

Privacy Policy

This Privacy Policy describes how LunarNetLogicByte ("we", "us", or "our") collects, uses, discloses, and safeguards your information when you visit our website, use our mobile applications published on the Apple App Store and Google Play, or otherwise interact with our services. Please read this policy carefully.

§ 01 Introduction

Welcome to LunarNetLogicByte. We are a technology innovation team headquartered at St John's Innovation Centre, Cambridge, United Kingdom. We develop and publish mobile applications across multiple categories including pet health, home renovation, language learning, wardrobe planning, music archiving, and personal finance — all of which are engineered with a "data stays local" philosophy at their core.

Your privacy is not a feature; it is a foundational design principle. This Privacy Policy explains in clear, comprehensive language what information we collect, why we collect it, how we use it, and what choices you have. Where our mobile applications integrate third-party advertising networks (such as Google AdMob), we have committed to handling your data only to the minimum extent necessary to operate those services and to comply with the strictest applicable laws, including the European Union's General Data Protection Regulation (GDPR), the United Kingdom's Data Protection Act 2018, the California Consumer Privacy Act (CCPA/CPRA), the Children's Online Privacy Protection Act (COPPA), and Apple's App Store Review Guidelines together with Google Play's Developer Program Policies.

Privacy by Default: Every LunarNetLogicByte application is engineered to process data locally on your device whenever technically feasible. Cloud syncing is opt-in, end-to-end encrypted, and never required for normal use of our apps.

§ 02 Definitions

For the purposes of this Privacy Policy, the following definitions apply:

  • Personal Data / Personal Information means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, device identifiers, IP addresses, location data, and online identifiers.
  • Processing means any operation or set of operations which is performed on Personal Data, such as collection, recording, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transmission, or erasure.
  • Data Controller refers to LunarNetLogicByte, the entity that determines the purposes and means of the processing of Personal Data.
  • Data Processor means a natural or legal person who processes data on behalf of the Data Controller (e.g., a third-party analytics vendor).
  • Service / Services refers collectively to our website at lunarnetlogicbyte.com and the mobile applications published by LunarNetLogicByte on the Apple App Store and Google Play.
  • User / You refers to any individual who accesses, installs, or uses our Services.
  • Device Identifier means identifiers such as the Identifier for Advertisers (IDFA on iOS, GAID on Android), Android ID, vendor identifiers, and other similar persistent identifiers provided by mobile operating systems.

§ 03 Scope of This Policy

This Privacy Policy applies to (a) your use of our public website located at https://lunarnetlogicbyte.com; (b) all mobile applications developed and published by LunarNetLogicByte, available on the Apple App Store and Google Play; (c) email, telephone, and other communications you send to us; and (d) any advertising and analytics features integrated into those applications.

This Policy does not apply to (a) third-party websites or services that we link to (such as App Store, Google Play, social media platforms, or hosted documentation); (b) content or services of third-party developers or publishers that may be referenced or linked within our applications; (c) software or services that are operated by entities other than LunarNetLogicByte. We encourage you to read the privacy policies of every third-party service that you interact with.

§ 04 Information We Collect

We collect information to deliver, improve, and secure our Services. The categories of information we may collect include:

4.1 Information You Provide Directly

  • Account information – name, email address, profile picture (only when you voluntarily create an account through our website).
  • Communications – the contents of emails, support tickets, feedback forms, surveys, or any other messages you send us.
  • User content – any content that you create, upload, or store within our applications (for example, pet health records, wardrobe entries, vocabulary decks, expense logs). By default, this content is stored locally on your device and is not transmitted to our servers.

4.2 Information Collected Automatically

  • Device information – device model, operating system version, language settings, timezone, and general hardware profile.
  • Log data – IP address, browser type and version, referring/exit pages, pages viewed, time and date of access, and aggregate diagnostic events. Our web server logs are retained for no more than 30 days.
  • Advertising identifiers – only in apps that have advertising enabled, and only after Apple App Tracking Transparency (ATT) consent (on iOS 14.5+) or when the Google Play "Advertising ID" is present (on Android). These identifiers can be reset or limited via your operating system settings.
  • Crash and performance data – anonymized crash reports and aggregate performance metrics that contain no personally identifiable information.
  • Cookies and similar technologies – see the Cookies & Tracking Technologies section below.

4.3 Information We Do Not Collect

  • We do not collect your precise GPS location.
  • We do not collect your contacts, photos, microphone, or camera unless an explicit, contextual permission prompt is shown for a feature that requires it.
  • We do not collect any payment card numbers. In-app purchases are processed by Apple or Google and we receive only anonymized transaction identifiers.
  • We do not knowingly collect any personal data from children under 13 (or under 16 in the EEA/UK); see the Children's Privacy section.

§ 05 How We Use Your Information

We process your Personal Data only for legitimate, clearly defined purposes. Specifically, we use the information we collect to:

  • Provide, operate, maintain, and improve the functionality of our Services.
  • Respond to your comments, questions, support requests, and customer service inquiries.
  • Process optional, opt-in cloud synchronization, backup, and cross-device restoration of user content (with end-to-end encryption).
  • Display advertising in free-supported applications only (see the Advertising section in detail).
  • Detect, prevent, and address fraud, security incidents, abuse, and other harmful or illegal activities.
  • Comply with our legal obligations, resolve disputes, and enforce our agreements.
  • Deliver aggregated, anonymized analytics to help us understand how our Services are used and to prioritize development.
  • Send you important notices, such as updates to this Privacy Policy, security alerts, and changes to our terms.

§ 07 Local Data Processing Philosophy

The defining principle of our engineering culture is that your data belongs to you. Where technically possible, our applications process and store all of your user-generated content locally on your device. Concretely:

  • Your pet health logs, wardrobe entries, vocabulary decks, and expense records are written to an encrypted local database on your device. We have no operational way to read them.
  • Cloud backup is strictly opt-in. When enabled, your data is encrypted on-device with keys derived from your account password before it leaves your phone, and we have no access to the encryption keys.
  • We do not have an analytics pipeline that transmits personal content. The aggregate analytics we do collect are stripped of identifiers before they leave the device.
  • We do not scan, profile, or sell user content for advertising purposes. Period.

One-tap export & delete: Every LunarNetLogicByte app includes an "Export My Data" button (in JSON or CSV) and a "Delete Everything" button in Settings → Privacy. Both actions take effect locally and across any synced devices within seconds.

§ 08 App Store & Google Play Policies

We strictly comply with the policies and review guidelines of every storefront on which our applications are published.

8.1 Apple App Store (Apple Inc.)

  • All of our applications comply with Apple's App Store Review Guidelines (in particular Guidelines 1, 2, 5, and 6 covering privacy, data use, and advertising).
  • We use Apple's App Tracking Transparency (ATT) framework on iOS 14.5 and later. We will display the standard "Allow to track?" prompt before any data is shared with advertising networks for tracking purposes. If you tap "Ask App Not to Track", we will surface only contextual, non-personalized ads where possible.
  • We honor Apple's Limit Ad Tracking (LAT) setting and the device's Privacy & Security → Tracking preferences.
  • Our applications use only the iOS permissions strictly necessary for the feature they describe, and we provide context-specific explanations in the app's onboarding flow.
  • We support the "Data & Privacy" section in Apple ID where applicable, including the ability to request a copy of your data and to delete your account.
  • We participate in Apple's "Nutrition Labels" privacy disclosure and provide accurate answers in App Store Connect.

8.2 Google Play (Google LLC)

  • All of our applications comply with Google Play Developer Program Policies, including the User Data Policy, the Families Policy, and the Ads Policy.
  • We honor the Google Play "Delete account" requirement, exposing an in-app option that triggers permanent deletion of any account-tied data within our retention window.
  • On Android 12 and later, we honor the Advertising ID zero-out and the per-app "Reset advertising ID" control.
  • When our apps target children or can be used by children, they comply with Google Play's Designed for Families requirements, including disabling personalized advertising and SDKs that are not IAB Kids-compliant.
  • We provide accurate answers in the Data safety form, with full disclosure of data shared with advertising SDKs before publication.

§ 09 Advertising & Ad Networks

Selected LunarNetLogicByte applications are free to download and supported by advertising. When an application integrates third-party advertising, we do so using industry-standard mediation stacks and we strictly configure each network to respect the consent signals you provide.

Where applicable, our apps request consent through:

  • The Google UMP (User Messaging Platform) SDK, which surfaces a compliant message under IAB TCF v2.2 / TCF v2.3 for EEA/UK traffic and a binary "Free ad-supported vs Paid" choice for users outside the EEA.
  • The Apple ATT prompt on iOS 14.5+ for any IDFA-derived processing.
  • An in-app "Privacy Choices" panel that lets you toggle ad personalization, reset your advertising identifier, and open the privacy settings of each integrated ad network.

We do not use any of your locally stored user content (for example, your pet records or vocabulary decks) to target ads. Personalized advertising in our apps is, at most, based on:

  • General, coarse geographic region (country / region level only — never precise GPS).
  • Device category (e.g., tablet vs phone) and OS version.
  • Language preference.
  • Age bracket, only when reliably inferred from your own statement (for example, the date of birth you enter for our pet health app's age calculation).

No behavioral ad targeting: We never let ad networks read your private app content. We do not place "category interest" tags on you based on the things you store in our apps.

§ 10 Google AdMob Disclosure

Several of our mobile applications use Google AdMob, Google's mobile advertising platform, to display ads. Google AdMob is operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). When AdMob is integrated into an application, the following may occur:

  • Google receives the device's Advertising ID (IDFA on iOS, GAID on Android) for ad selection, frequency capping, fraud prevention, and reporting — but only after we have obtained the necessary consent from you through Apple's ATT prompt and/or our consent management platform.
  • Google may use device-level information such as device model, OS version, language, time zone, IP address (truncated), and coarse location (derived from IP) to select which ads to serve.
  • Google may read or set cookies, web storage, and device identifiers for the same purposes when ads redirect into a web view or in-app browser.
  • Google acts as a joint controller with us for the processing of measurement and ad serving; for EEA / UK users, the lawful basis is your consent (Article 6(1)(a) GDPR).
  • Google's processing of data is governed by Google's Privacy Policy (https://policies.google.com/privacy) and the Google Ads Controller-Controller Data Protection Terms.
  • Users may opt out of personalized advertising from Google at https://adssettings.google.com/ ("Ad Settings"), and from our applications via the in-app "Privacy Choices" panel.
  • We enable "Disable IDFA / GAID collection for users under the age of consent in their jurisdiction" in every AdMob configuration, and we configure the "Tag for child-directed treatment" (TFCD) flag where applicable to invoke Google's TAG FOR UNDER AGE OF CONSENT mode.
  • Where required by Google EU User Consent Policy, we do not transmit any data to AdMob before the user has made a meaningful consent choice.

Where required by Apple's privacy manifest requirement (effective May 1, 2024), we publish a valid privacy manifest for every binary that integrates AdMob, declaring the data accessed and the tracking domains contacted.

§ 11 Ad Formats (Splash, Rewarded, Interstitial, Banner)

Our applications may display the following ad formats. Each format has its own user-experience rules, and we have configured our SDKs accordingly.

11.1 Splash (App-Open) Ads

  • What they are: Full-screen ads that appear when the user launches the application or returns to the foreground after a defined interval (e.g., ad mediators' recommendations per network, such as Google's "app-open" format).
  • When shown: Only on cold start or when the app has been backgrounded for a sensible interval; never while the user is performing an active task such as writing a record.
  • Dismissability: Always dismissable via an obvious "Close" affordance within 5 seconds of the ad becoming visible, in compliance with Google's App Open ad policies.
  • Data shared with the ad network: Advertising ID, IP address (truncated), device model, OS version, app version, locale, and an anonymous session identifier.
  • Frequency capping: We impose server-side caps via the ad network so the user never sees more than one app-open ad per session.

11.2 Rewarded Video Ads

  • What they are: Full-screen video ads that users voluntarily choose to watch in exchange for a clearly disclosed in-app reward (e.g., unlocking a bonus feature, removing a limitation, doubling a streak counter).
  • When shown: Only when the user takes a deliberate action, such as tapping a "Watch a video to earn extra storage" button. We never auto-play rewarded ads.
  • User protections: The reward is granted only after the network confirms a "completed" event; partial views are not rewarded. Users may skip the offer.
  • Data shared with the ad network: Advertising ID, IP address (truncated), device model, OS version, locale, event-level engagement (e.g., view, quartiles, completion), and the user-opted "reward item" identifier so the SDK can validate the reward server-side.
  • Not used for users under consent age: Rewarded ad units are disabled and excluded in any build classified as child-directed or in jurisdictions requiring a higher minimum age.

11.3 Interstitial Ads

  • What they are: Full-screen ads that appear at natural transition points in the app, such as between major task completions (e.g., finishing a flashcard session).
  • Frequency capping: We cap the number of interstitial impressions shown per session per user, and never place them immediately after the user pays for an upgrade or completes a sensitive action.
  • Dismissability: A visible close button is rendered as soon as the ad is interactive; we never intercept the close event or otherwise obscure the dismissal control.
  • Data shared with the ad network: Advertising ID, IP address (truncated), device model, OS version, locale, app identifier, and an opaque application-internal placement identifier.

11.4 Banner Ads

  • What they are: Small, rectangular ads that occupy a designated area of the screen — typically at the top or bottom of a content view.
  • Refresh behavior: We configure conservative refresh intervals (typically 30–60 seconds) and disable banner auto-refresh entirely when the screen is on a user-input-focused view.
  • Placement: Banners are never placed over interactive controls, never within a typing area, and never deceptively styled to resemble app content.
  • Data shared with the ad network: Advertising ID, IP address (truncated), device model, OS version, locale, banner size, and placement identifier.

11.5 Other Formats We May Use

  • Native ads – ads that match the visual style of the surrounding in-app content (e.g., a "Recommended" list inside a knowledge deck). They are always marked with an "Ad" or "Sponsored" tag.
  • MREC (Medium Rectangle) ads – a 300×250 banner variant displayed at scroll boundaries; same controls as banner ads.
  • Playable ads – interactive ad units available only on Rewarded inventory, never shown without an opt-in.

§ 12 Third-Party Advertising Partners

To maximize fill rate and revenue while still protecting user privacy, our applications may use the following advertising partners, either directly or through a mediation layer such as Google AdMob Mediation, Unity LevelPlay, ironSource mediation, AppLovin MAX, or BidMachine. Each partner is configured to respect the consent signals described in this Policy.

12.1 Vendor & Supply Chain Disclosure

For each integrated ad network we maintain the following controls:

  • A signed Data Processing Addendum (DPA), and where the network acts as a controller, a Controller-to-Controller Data Protection Addendum.
  • Configuration that enforces EEA "non-personalized ad" mode by default for users who have not consented to tracking or to IAB TCF v2 "Purpose 1".
  • Disable "Tag for child-directed treatment" (TFCD = 1) and our own age-gate wherever required by applicable law (for example, COPPA, GDPR-K, UK Age-Appropriate Design Code).
  • An up-to-date entry in our app-ads.txt file at lunarnetlogicbyte.com/app-ads.txt, and on each integrated network we use the network's own authorized sellers file wherever one is published.

12.2 IAB TCF v2.2 / TCF v2.3 Compliance

For users in the EEA, the UK, and Switzerland, our consent management platform propagates IAB Transparency & Consent Framework signals to every integrated vendor that supports them. Purposes 1 (storage and access), 2 (basic ad selection), and 3 (personalized profile), and the corresponding "Feature" and "Special Feature" signals, are honored by all integrated vendors. Vendors that have not been added to the CMP's vendor list are blocked from receiving data on EEA sessions.

§ 13 Cookies & Tracking Technologies (Website)

When you visit lunarnetlogicbyte.com, we and our third-party partners use cookies and similar technologies to recognize your browser or device, remember your preferences, analyze traffic, and (only with consent) measure marketing effectiveness.

13.1 Categories of Cookies

  • Strictly necessary cookies – required for core site functionality, such as security, accessibility, and consent state. They cannot be disabled.
  • Performance / analytics cookies – aggregated statistics about how visitors use our site (e.g., Google Analytics 4 in consent-gated mode). They help us improve performance.
  • Functional cookies – remember choices you make, such as your preferred language or theme.
  • Marketing / advertising cookies – used by us or by advertising partners (e.g., Google Ads, Meta Pixel) to make advertising more relevant to you. We only set these with your explicit consent.

13.2 Your Cookie Choices

You can manage your preferences at any time via the in-page "Cookie Settings" link in the website footer, or by configuring your browser to block cookies. You can also enable the "Global Privacy Control" (GPC) signal in your browser — we honor it as a valid opt-out of "sale or sharing" under the CCPA/CPRA.

13.3 Do Not Track (DNT)

Most modern browsers offer a "Do Not Track" or "Global Privacy Control" setting. Where technically feasible, our site honors these signals as a request to disable non-essential tracking.

§ 14 Children's Privacy (COPPA / GDPR-K)

14.1 United States — COPPA

The Children's Online Privacy Protection Act ("COPPA") requires verifiable parental consent before collecting Personal Information from children under 13. We do not knowingly collect Personal Information from children under 13 outside of our apps that are explicitly designed for children and for which we have obtained verifiable parental consent. Apps targeting children:

  • Disable all personalized advertising.
  • Disable all behavioral analytics.
  • Avoid third-party SDKs that are not IAB "Kids Certified".
  • Surface only contextual advertising or no advertising at all (in the case of paid editions).
  • Present a clear parental notice during onboarding and route any data collection through an age-screened flow with verifiable parental consent.

14.2 EEA & UK — GDPR-K & Age-Appropriate Design Code

For users in the EEA and the UK, the minimum age at which a child can use our services in their own right varies by Member State but is typically 13, 14, 15, or 16. The UK Information Commissioner's Office "Age-Appropriate Design Code" (the Children's Code) requires us to:

  • Default to the highest privacy settings.
  • Provide age-appropriate language in our privacy information.
  • Not use nudge techniques or design patterns that encourage children to provide more data than is reasonably needed.
  • Avoid profiling of children for advertising.
  • Switch off any third-party tracking by default for users we reasonably believe to be children.

14.3 Other Jurisdictions

In Brazil (LGPD), South Korea (PIPA), India (DPDPA), Thailand (PDPA), and other jurisdictions with specific child-protection laws, we apply the highest common standard consistent with COPPA and the UK Children's Code.

14.4 Notice to Parents

If you believe that we have collected information from your child in a manner inconsistent with the above, please contact support@lunarnetlogicbyte.com. We will investigate and, where appropriate, delete the data within 30 days.

§ 15 Age Restrictions

Except for apps designated as children-directed on the App Store or Google Play, our Services are intended for users aged 16 or older in the EEA and the UK, and 13 or older in all other jurisdictions. By installing or using our Services, you represent that you meet the minimum age of digital consent in your jurisdiction, or that your parent or legal guardian has reviewed and agreed to this Policy on your behalf.

If we learn that we have collected Personal Information from a user below the minimum age without verifiable parental consent, we will take steps to delete the information as soon as possible.

§ 16 GDPR Rights (EU / EEA / UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation and the UK Data Protection Act 2018:

  • Right of access (Article 15) – to obtain a copy of the Personal Data we hold about you.
  • Right to rectification (Article 16) – to ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten", Article 17) – to ask us to delete your Personal Data.
  • Right to restriction of processing (Article 18) – to ask us to suspend processing in certain circumstances.
  • Right to data portability (Article 20) – to receive your data in a structured, machine-readable format.
  • Right to object (Article 21) – to object to processing based on legitimate interest or to direct marketing.
  • Rights related to automated decision-making & profiling (Article 22) – not to be subject to a decision based solely on automated processing.
  • Right to withdraw consent (Article 7(3)) – at any time, where processing is based on consent.
  • Right to lodge a complaint (Article 77) – with your local data protection authority. In the UK this is the Information Commissioner's Office (ICO) at https://ico.org.uk. In the EEA, a list of supervisory authorities is available from the European Data Protection Board at https://edpb.europa.eu.

To exercise any of these rights, write to support@lunarnetlogicbyte.com. We will respond within one month. If your request is complex, we may extend that period by two further months and will notify you.

§ 17 CCPA / CPRA Rights (California)

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 ("CCPA"), as amended by the California Privacy Rights Act ("CPRA"):

  • Right to know – the categories and specific pieces of Personal Information we have collected, the sources, the business purpose, and the categories of third parties with whom we share it.
  • Right to delete – to request the deletion of Personal Information we have collected from you, subject to the CCPA's statutory exceptions.
  • Right to correct – to request the correction of inaccurate Personal Information.
  • Right to opt out of the sale or sharing of Personal Information – we do not sell your data; if this ever changes, you will see a clear "Do Not Sell or Share My Personal Information" link in our website footer.
  • Right to limit the use and disclosure of sensitive Personal Information – if we ever process sensitive PI (such as precise geolocation or government identifier) you may limit that use to what is necessary to provide the Services.
  • Right to non-discrimination – we will not deny you service, charge you a different price, or provide a different level of quality for exercising your rights.
  • Right to data portability – to receive a copy of your data in a portable format.

You may exercise these rights by emailing support@lunarnetlogicbyte.com or by calling our toll-free number listed on our website. You may designate an authorized agent in accordance with the CCPA's verification procedures.

§ 18 Other U.S. State Privacy Laws

In addition to the CCPA, we comply with state-level privacy laws in Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia — including the Texas Data Privacy and Security Act (TDPSA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), the Connecticut Data Privacy Act (CTDPA), the Utah Consumer Privacy Act (UCPA), and the Oregon Consumer Privacy Act (OCPA). Where applicable, you have the rights of access, correction, deletion, portability, opting out of targeted advertising, opting out of profiling, and appealing our decision regarding any such request. To exercise these rights, contact support@lunarnetlogicbyte.com.

§ 19 Other Regional Privacy Rights

We also respect the privacy rights granted by the following frameworks:

  • United Kingdom – UK GDPR + Data Protection Act 2018 + Privacy and Electronic Communications Regulations (PECR).
  • Canada – Personal Information Protection and Electronic Documents Act (PIPEDA) and the substantially similar provincial laws (e.g., Quebec's Law 25).
  • Australia – Privacy Act 1988 and the Australian Privacy Principles (APPs).
  • New Zealand – Privacy Act 2020.
  • Switzerland – revised Federal Act on Data Protection (revFADP).
  • Brazil – Lei Geral de Proteção de Dados (LGPD).
  • Mexico – Ley Federal de Protección de Datos Personales en Posesión de los Particulares.
  • Argentina – Ley 25.326 de Protección de Datos Personales.
  • Chile – Ley 19.628 de Protección de Datos Personales.
  • Colombia – Ley 1581 de 2012 (Habeas Data).
  • South Africa – Protection of Personal Information Act (POPIA).
  • Japan – Act on the Protection of Personal Information (APPI).
  • South Korea – Personal Information Protection Act (PIPA).
  • China (Mainland) – Personal Information Protection Law (PIPL), Cybersecurity Law (CSL), Data Security Law (DSL).
  • Hong Kong – Personal Data (Privacy) Ordinance (PDPO).
  • Taiwan – Personal Data Protection Act (PDPA).
  • Singapore – Personal Data Protection Act (PDPA).
  • Malaysia – Personal Data Protection Act 2010.
  • Philippines – Data Privacy Act of 2012.
  • Thailand – Personal Data Protection Act (PDPA).
  • Indonesia – Personal Data Protection Law (UU PDP).
  • Vietnam – Personal Data Protection Act (PDPA).
  • India – Digital Personal Data Protection Act (DPDPA), 2023, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
  • Israel – Protection of Privacy Law, 5741-1981.
  • Saudi Arabia – Personal Data Protection Law (PDPL) and its Implementing Regulations.
  • United Arab Emirates – Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data.
  • Türkiye – Law No. 6698 on the Protection of Personal Data.

If you are a resident of any of these jurisdictions and would like to exercise a right granted to you under local law, contact support@lunarnetlogicbyte.com with details of your request. We will respond within the timeframes set by the applicable law.

§ 20 Data Sharing & Disclosure

We do not sell Personal Information. The only circumstances in which we disclose Personal Information are:

  • With your consent – when you direct us to share it (for example, when you enable an optional cloud backup or an opt-in analytics feature).
  • Service providers – with vendors that perform services on our behalf (hosting, error monitoring, billing, customer service). These vendors are bound by written contracts that require them to use the data only to provide services to us and to protect it with appropriate technical and organizational measures.
  • Advertising partners – only as described in the Advertising and Ad Partners sections, and only after consent where required.
  • Legal compliance – when we believe in good faith that disclosure is necessary to comply with a legal obligation, a binding court order, or to protect our rights, your safety, or the safety of others.
  • Business transfers – in connection with a merger, acquisition, or sale of assets, with a contractual commitment that the recipient will honor this Policy or an equivalent one.

§ 21 International Data Transfers

We are headquartered in the United Kingdom. Some of our service providers (including the integrated advertising networks) are based in the United States or other countries. When Personal Data is transferred outside the EEA, UK, Switzerland, or another jurisdiction with adequacy requirements, we rely on the following safeguards:

  • The European Commission's Standard Contractual Clauses (SCCs), as updated in 2021, together with the UK International Data Transfer Addendum (IDTA) where applicable.
  • European adequacy decisions, including the EU–US Data Privacy Framework (DPF), the UK Extension to the DPF, and the Swiss–US DPF.
  • Vendor risk assessments that consider the laws and practices of the recipient country.
  • Encryption in transit and at rest, pseudonymization of identifiers, and minimization of transmitted data fields.

§ 22 Data Security

We employ a defense-in-depth approach to security, designed to keep your data safe:

  • Encryption in transit – all network traffic between your device and our servers uses TLS 1.3 (or TLS 1.2 as a fallback).
  • Encryption at rest – on-device data is stored in an encrypted SQLite/Realm store backed by the platform's secure enclave or keystore.
  • End-to-end encryption for opt-in cloud sync – we use AES-GCM 256 with keys derived from your account password via a memory-hard KDF (Argon2id).
  • App hardening – root/jailbreak detection, anti-tampering, certificate pinning, and runtime application self-protection (RASP).
  • Secure software development lifecycle – code review, static analysis, dependency scanning, and routine penetration tests by independent third-party auditors.
  • Access controls – least-privilege role-based access to production systems, hardware security keys for administrative sign-in.
  • Incident response – a 24/7 incident-response procedure with breach notification to supervisory authorities within 72 hours and to affected users without undue delay where required by law.

§ 23 Data Retention

We retain Personal Data for as long as needed to provide our Services and to comply with our legal obligations:

  • Local user content is retained until you delete the app or invoke the in-app "Delete Everything" control.
  • Opt-in cloud backup retention follows the duration of your subscription plus a 30-day grace period.
  • Web analytics data is retained for 13 months.
  • Server logs are retained for no longer than 30 days, unless required to investigate an incident.
  • Tax, accounting, and certain transactional records are retained for the periods required by applicable law (typically 6–10 years).

When Personal Data is no longer needed, we securely delete or irreversibly anonymize it.

§ 24 Third-Party Services

Our Services may contain links to third-party websites, mobile applications, or services (for example, the App Store page for a particular app). We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy notices of every third-party service that collects your information.

§ 25 Do Not Track & Global Privacy Control

We honor the Do Not Track (DNT) and Global Privacy Control (GPC) signals transmitted by your browser or device operating system. When we detect such a signal we treat it as a valid request to opt out of the "sale" or "sharing" of Personal Information under the CCPA/CPRA and equivalent state laws, and as a request to disable non-essential cookies and analytics.

§ 26 Your Rights and Choices (Summary)

Regardless of where you live, you have the following universal choices:

  • Access – request a copy of the Personal Information we hold about you.
  • Correct – fix inaccurate or incomplete information.
  • Delete – permanently delete your data (via in-app controls or by emailing us).
  • Export – receive a portable copy of your data in JSON or CSV.
  • Opt out of personalized ads – via your device's advertising settings and our in-app "Privacy Choices" panel.
  • Restrict – limit the data we collect by disabling optional features or using the CMP on this website.

§ 27 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our applications, or applicable law. The "Last Updated" date at the top of this page indicates when the Policy was last revised. Material changes will be communicated to you through a prominent notice within our applications, on our website, or by email (where you have provided an email address), at least 30 days before they take effect, except where a shorter notice period is required by law.

Your continued use of our Services after the effective date of any change constitutes your acceptance of the updated Policy.

§ 28 Contact Us

If you have any questions, complaints, or requests regarding this Privacy Policy or the way we handle your Personal Information, please contact us:

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO). In the EEA, contact your national Data Protection Authority.

© 2024–2026 LunarNetLogicByte. All rights reserved. This document is offered in English. Translations, where available, are provided for convenience; in case of any conflict, the English version prevails.