Privacy Policy

Last updated: May 21, 2026

This Privacy Policy explains how Lunaura ("Lunaura", "we", "us", or "our") collects, uses, shares, and protects information when you use our mobile application and related services (the "Service").

Who We Are (Data Controller)

For purposes of applicable data protection laws, Lunaura is the controller of personal data processed through the Service unless otherwise stated in this Privacy Policy.

Information We Collect

Depending on how you use the Service, we may collect the following categories of information:

• Account and identifiers: Email address, display name, and authentication identifiers provided via Firebase Authentication. If you sign in using Google or Apple, we receive the information that provider shares with us (for example, your name and email address). With Sign in with Apple, you may choose to hide your email; in that case we receive an Apple relay email address.
• Astrology, numerology, dream, question, and compatibility input data you provide: Date of birth, time of birth, place of birth, names or nicknames, relationship/connection context, horary questions, tarot or dream entries, and other details you voluntarily enter for calculations, interpretations, saved profiles, or app preferences.
• Location data: If you grant permission, we may access precise location to help you find places and improve calculation accuracy (for example, time zone and coordinates). You can disable location access in your device settings.
• Subscription, credit, and purchase information: Subscription status, entitlement information, consumable credit balances, and purchase metadata received from our subscription provider (RevenueCat) and/or the app store. We do not receive your full payment card details. Apple may provide us with transaction identifiers and subscription state.
• Generated content and AI feature inputs: Readings, interpretations, generated summaries, image prompts or outputs, and the relevant chart, profile, question, dream, tarot, compatibility, beauty, wellness, or destiny-matrix context used to create them.
• Device, app update, and usage data: Device information (such as device model, OS version, app version, language/region), IP address, request/log metadata, basic diagnostic and update-delivery data, notification interaction data, and app interaction information to maintain, secure, deliver updates for, and improve the Service.
• Photo library and sharing permissions: If you choose to save or share cards or images, the app may request access to your device media library or share sheet. This access is used for the action you request and is controlled by your device settings.
• Support communications: Information you share when you contact us (for example, email content and attachments).

How We Use Your Information

We use personal data to operate, improve, and secure the Service, including to:

• Provide the Service and its core features (for example, account access, charts, forecasts, tarot, horary, dream interpretation, compatibility, destiny matrix, numerology, cosmic beauty, wellness, generated images, and personalized content)
• Process and manage subscriptions, including entitlement checks and restoring purchases
• Store your settings, saved profiles, credits, readings, generated content, and astrology input so you can access them across sessions/devices
• Generate AI-assisted interpretations, summaries, readings, and images when you use features that request or display generated content
• Provide customer support and respond to your requests
• Monitor, prevent, and address fraud, abuse, and security issues
• Maintain and improve performance, reliability, and user experience
• Comply with legal obligations and enforce our terms

Legal Bases for Processing (GDPR/EEA/UK)

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases where applicable:

• Contract: To provide the Service you request (for example, creating an account, saving your data, generating requested readings or images, managing credits, and providing subscription features).
• Consent: For optional processing such as precise location access (when you grant permission).
• Legitimate interests: To secure, maintain, and improve the Service, prevent fraud, and understand how the Service is used (only where our interests are not overridden by your rights).
• Legal obligation: To comply with laws, lawful requests, and to maintain records required by law.

You may withdraw consent at any time by changing your device settings (for example, location permissions) or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal.

How We Share Information

We do not sell your personal information. We may share information in the following situations:

• Service providers (processors): We use vendors to help us operate the Service. These providers process data on our behalf under contractual restrictions.
• Legal and safety: We may disclose information if required by law or to protect the rights, safety, and security of users, our business, or others.
• Business transfers: If we are involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction.

Third-Party Services Used by Lunaura

We use the following third-party services and SDKs as part of the Service:

• Firebase Authentication (Google): Account creation and sign-in.
• Firebase Firestore (Google): Storage of user-provided content and app data (for example, your saved profiles/settings, readings, credits, and generated content metadata).
• Firebase Storage / Google Cloud Storage (Google): Storage and delivery of generated image assets and related service files when features create images.
• Google Cloud Run / Google Cloud Platform (Google): Backend hosting, API processing, secure service operations, and infrastructure logs needed to operate the Service.
• Google AI / Gemini (Google): AI-assisted interpretation, reading, summary, and image-generation features. When you use these features, relevant prompts and context (for example, chart data, profile data, questions, dream entries, tarot or horary context, destiny-matrix inputs, beauty and wellness context, and image prompts) may be sent to Google for processing.
• RevenueCat: Subscription management and entitlement verification.
• Google Maps Platform: Place search, geocoding, and map-related features. When you use these features, Google may process data as described in its own policies.
• OneSignal: Push notification delivery and management. OneSignal may collect device identifiers, notification tokens, notification preferences/tags, and interaction data to deliver and manage notifications. Their processing is governed by their own privacy policy.
• Google Sign-In (Google): Authentication and identity information Google provides based on your selections.
• Sign in with Apple (expo-apple-authentication): Authentication and identity information Apple provides based on your selections.
• Expo / EAS Updates: App update delivery and related technical metadata for over-the-air updates and app operation.

These third parties may collect information directly from your device in connection with providing their services. Their processing is governed by their own privacy policies.

Data Retention

We retain personal data only as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Typical retention periods are:

• Account data: Retained while your account is active.
• User-provided astrology and feature data (for example, birth details, saved profiles, questions, dream entries, and compatibility inputs): Retained while your account is active and until you delete it or delete your account.
• Generated readings, interpretations, images, and related metadata: Retained while your account is active unless you delete the relevant content where deletion is available or delete your account.
• Subscription records and related metadata: Retained for as long as needed to manage access, prevent fraud, and comply with financial and tax obligations.
• Backups and logs: Deleted or anonymized on a rolling basis; backup copies may persist for a limited period after deletion (typically up to 90 days) due to backup/restore processes.

International Data Transfers

We and our service providers may process and store information in countries other than your country of residence, including the United States and other locations where our providers operate. Where required by law, we rely on appropriate safeguards for international transfers (such as Standard Contractual Clauses) and implement additional measures as needed.

Your Choices and Controls

• Location: You can enable or disable location access in your device settings.
• Notifications: You can enable or disable push notifications and notification categories in the app or your device settings.
• Photos/media library and sharing: You can control media-library permission in your device settings. Sharing uses your device's system share sheet and the destination you choose.
• Account information: You can review and update certain information within the app.
• Account deletion: You can delete your account through the app's Settings > Account > Delete Account (or by contacting us). Account deletion is intended to remove your personal data from our active systems, subject to the retention details above.

Your Privacy Rights (GDPR/EEA/UK)

If you are located in the EEA/UK/Switzerland, you may have the right to:

• Request access to your personal data
• Request rectification of inaccurate or incomplete data
• Request erasure ("right to be forgotten")
• Request restriction of processing
• Object to processing (including processing based on legitimate interests)
• Request data portability
• Lodge a complaint with your local supervisory authority

We may need to verify your identity before fulfilling certain requests.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have rights regarding your personal information, subject to legal limitations:

• Right to know: You may request information about the categories and specific pieces of personal information we collected, the sources, purposes, and categories of third parties to whom we disclosed it.
• Right to delete: You may request deletion of personal information we collected from you, subject to exceptions.
• Right to correct: You may request correction of inaccurate personal information.
• Right to opt-out of sale/share: We do not sell your personal information and we do not share it for cross-context behavioral advertising as those terms are defined under California law. If our practices change, we will update this policy and provide required choices.
• Non-discrimination: We will not discriminate against you for exercising your rights.

Categories collected (past 12 months): Identifiers (for example, email), internet/network activity (app usage and device data), geolocation data (if you enable location), commercial information (subscription status, credit balances, and transaction metadata), and user-provided content (for example, saved profiles, questions, dream entries, readings, and generated content). We collect these directly from you, from your device, and from service providers (for example, RevenueCat, Apple, Google, and OneSignal) to operate the Service.

How to exercise rights: Use in-app account deletion (where applicable) and/or contact us by email. We may ask you to verify your request. You may use an authorized agent where permitted by law.

Children's Privacy

The Service is not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us so we can take appropriate action.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the "Last updated" date above. If changes are material, we may provide additional notice within the app.