Privacy Policy

Luna ("the App", "we", "us") is a personal menstrual cycle tracking application operated by an individual developer. If you have questions about how we handle your data, please contact us using the information provided in the App.

This Privacy Policy explains what data we collect, how we use it, and what rights you have in relation to it. It applies to all users of the Luna application.

We collect only the minimum data necessary for the App to function. We do not collect analytics, behavioural tracking data, advertising identifiers, or any data we don't need.

We do not collect: IP addresses (beyond what your hosting provider may log), device identifiers, location data, or any information about your contacts.

We use your data only for the following purposes:

• To authenticate you and maintain your session
• To calculate your cycle phase and generate personalised recommendations
• To display your preferences in the partner view (only if you choose to enable it)
• To send transactional emails (magic links and, optionally, partner invites) via Resend
• To allow you to review, edit, and delete your data at any time

We do not use your data for advertising, profiling, automated decision-making that affects you legally, or any purpose beyond providing the App's features.

Your daily logs (flow, mood, symptoms, sexual activity, energy levels) are stored in a database accessible only to you. They are never shared with any third party without your explicit action (i.e., you choosing to generate and share a partner view link).

The partner view deliberately exposes only a limited subset of information (current phase, phase preferences you set, phase timeline). It never exposes raw logs, sexual activity data, or any other sensitive health information.

We share your data in only the following limited, necessary circumstances:

• Resend — We use Resend to send authentication emails (magic links) and optional partner invite emails on your behalf. Resend receives your email address for the purpose of delivering these emails only. Resend's privacy policy applies to their handling of your email address.
• Your hosting provider — If Luna is self-hosted, the operator of the server may have access to server logs. If Luna is hosted on a third-party platform, that platform's terms and privacy policy apply to infrastructure-level data (e.g., server logs).
• People you choose to share with — If you generate and share a partner view link, the recipient can view the limited information displayed on that page. You control this entirely and can revoke access at any time.

We do not sell, rent, trade, or otherwise transfer your data to any other third parties.

Luna uses session cookies solely for authentication (to keep you signed in). We do not use advertising cookies, tracking pixels, or any third-party analytics cookies.

The App may store minimal state in your browser's local storage (e.g. theme preferences) for performance reasons. This data never leaves your device.

We take reasonable technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These include:

• Authentication via cryptographically signed magic links (no passwords stored)
• Partner view access protected by a one-time 6-digit code
• HTTPS encryption in transit

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data and accept no liability for unauthorised access resulting from circumstances beyond our reasonable control.

We retain your personal data for as long as your account is active. When you delete your account, all associated data — including your profile, cycle logs, preferences, and partner invites — is permanently and irreversibly deleted from our systems.

Backup copies (if any) are purged within 30 days of account deletion.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — You can view all your data within the App at any time.
• Rectification — You can update or correct your data from your profile settings.
• Erasure — You can permanently delete your account and all data from Profile → Delete my account. This is immediate and irreversible.
• Portability — Contact us to request a machine-readable export of your data.
• Restriction / Objection — You may contact us to restrict or object to specific processing activities.

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Our lawful basis for processing your data is your consent (given when you register and use the App) and the performance of a contract (providing the App's features to you).

You have the right to lodge a complaint with your local data protection authority at any time.

Luna is not intended for children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

Your data is stored on servers in the region where the App is hosted. If you access the App from outside that region, your data may be transferred internationally. We take steps to ensure any such transfers comply with applicable data protection laws.

Resend, our email provider, may process your email address in the United States. They are certified under applicable cross-border data transfer frameworks.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes, we will make reasonable efforts to notify you (e.g. via email). Your continued use of the App after changes take effect constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests relating to this Privacy Policy or your data, please contact us via the contact information provided within the App. We aim to respond within 30 days.