Privacy policy

Last updated: May 2, 2026

Luneon is an audio storytelling app for children. We take family privacy very seriously. This policy explains, in plain language, what data we process, why, and what your rights are.

1. Data we process

Luneon is built to run on as little data as possible. We do not collect any advertising data and we run no ad targeting.

• Child profiles (first name, birth date, avatar): stored only on the device. They never leave your phone.
• Parent account (email, Google sign-in): created via Firebase Authentication only if you choose to sign in, in order to sync your subscription.
• Purchases and subscriptions: handled by RevenueCat and Google Play Store. We receive an anonymous id and the subscription status — never payment details.
• Technical data (device model, Android version, crash logs): used only to fix bugs.

2. Children and COPPA / GDPR

Luneon is meant for supervised family use. We do not request any personal information from children. Child profiles are created by the parent and stay local. Luneon contains no advertising, no tracking, no marketing pixels, and no sharing of data with ad networks.

3. Subprocessors

• Google Firebase — parent account authentication.
• RevenueCat — subscription technical management.
• Google Play Billing — subscription payment.
• Microsoft Azure — used at studio time to generate illustrations and TTS narration. Children send nothing to Azure; everything is pre-rendered.
• Cloudflare Pages — hosts the story catalog and the audio/image files. On startup, the app fetches the list of available stories and any new content from our servers. No personal data is sent with this request (only standard technical information such as IP address and device model, which Cloudflare retains for security and anonymous traffic analysis).

4. Local storage of content

Downloaded stories (text, illustrations, audio files) are stored only on your device to allow offline playback. You can delete them at any time from the app settings or by uninstalling Luneon.

5. Retention

Technical data is kept for at most 90 days. Parent accounts can be deleted at any time from the parent area, or by writing to gcjjosephgcj@gmail.com.

6. Your rights

Under GDPR, you have the right to access, rectify, erase and port your data. To exercise these rights, write to gcjjosephgcj@gmail.com.

7. Contact

For any question about this policy, reach us at gcjjosephgcj@gmail.com.