Privacy policy
Luneon is an audio storytelling app for children. We take family privacy very seriously. This policy explains, in plain language, what data we process, why, and what your rights are.
1. Data we process
Luneon is built to run on as little data as possible. We do not collect any advertising data and we run no ad targeting.
- Child profiles (first name, birth date, avatar): stored by default only on the device. If you turn on multi-device sync (see Section 4), this information is end-to-end encrypted on your device before any upload to our servers — we never hold a readable copy.
- Parent account (email, Google sign-in): created via Firebase Authentication only if you choose to sign in, in order to sync your subscription.
- Purchases and subscriptions: handled by RevenueCat and Google Play Store. We receive an anonymous id and the subscription status — never payment details.
- Technical data (device model, OS version, app version, app language, timezone, a randomly generated device identifier created by the app, and the last sync or payment error if any): used to diagnose bugs, prevent promo-code abuse, and handle multi-device sync.
- Progress sync (optional, only when you are signed in): a random opaque identifier generated per child profile, plus the related reading progress (stars earned, books read, animals unlocked, current journeys), is stored on Cloud Firestore so progress can be restored on another device. No personal child data (first name, birth date, avatar) is sent in cleartext. You can erase this data at any time from the parent area.
2. Children and COPPA / GDPR
Luneon is meant for supervised family use. We do not request any personal information from children. Child profiles are created by the parent and stay local. Luneon contains no advertising, no tracking, no marketing pixels, and no sharing of data with ad networks.
3. Subprocessors
- Google Firebase — parent account authentication and Cloud Firestore for progress backup (opaque identifier + progress only) and, if you enable multi-device sync, to store an end-to-end encrypted blob containing your child profiles (see Section 4). Google has no access to first names, birth dates, or the decryption key.
- RevenueCat (RevenueCat, Inc.) — subscription technical management. Receives your Firebase user id and the RevenueCat id associated with your account in order to validate, restore and transfer your purchases across your devices. Policy: https://www.revenuecat.com/privacy.
- Firebase Crashlytics (Google Ireland Ltd.) — anonymized crash reports used to diagnose and fix bugs. Data sent: stack trace, app and OS version, device model, language, and a pseudonymous installation id generated by Firebase. No personal data, no user content, no child first name. Retained for up to 90 days. Disabled in development builds. Policy: https://firebase.google.com/support/privacy.
- Google Play Billing — subscription payment.
- Microsoft Azure — used at studio time to generate illustrations and TTS narration. Children send nothing to Azure; everything is pre-rendered.
- Cloudflare Pages — hosts the story catalog and the audio/image files. On startup, the app fetches the list of available stories and any new content from our servers. No personal data is sent with this request (only standard technical information such as IP address and device model, which Cloudflare retains for security and anonymous traffic analysis).
4. Multi-device sync (end-to-end encryption)
Luneon offers an optional feature to restore child profiles and progress on a second family device (e.g. the kids' tablet and the parent's phone).
- This feature is disabled by default and only activates when you explicitly scan, on the second device, a QR code generated by the first one (parent area → “Sync another device”).
- On activation, your child profiles are encrypted on-device with an AES-256-GCM cryptographic key generated randomly on your device.
- This key is shared only through the optical reading of the QR code between your two devices. It never travels through our servers or any network. Luneon, Google, Cloudflare and any third party are technically unable to decrypt the data stored in the cloud.
- You can delete this encrypted backup at any time from the parent area (“Delete my data” or, if you have lost your key, “Start fresh”).
5. Local content storage
Downloaded stories (text, illustrations, audio files) are stored only on your device to allow offline playback. You can delete them at any time from the app settings or by uninstalling Luneon.
Parent voice recordings: when you record your own voice to narrate a story to your child, the audio file is stored only on your device, inside the app's private folder. These recordings are never uploaded to our servers or shared with any third party. You can delete them at any time from the recording screen or by uninstalling the app.
6. Retention
Technical and progress data is kept for as long as your parent account is active. Parent accounts can be deleted at any time from the parent area, or by writing to contactus@luneon.fr; deletion removes all associated data within 30 days.
7. Your rights
Under GDPR, you have the right to access, rectify, erase and port your data. To exercise these rights, write to contactus@luneon.fr.
8. Contact
For any question about this policy, reach us at contactus@luneon.fr.