Lunarly

Lunarly Privacy Policy

Effective date: 20 May 2026
Version: 2.1

Lunarly (“we”, “the app”) respects your privacy. This document explains how your data is processed, in accordance with Turkish Personal Data Protection Law No. 6698 (KVKK), the European GDPR, and Google Play Data Safety requirements.

1. Data Controller

Under KVKK and GDPR the data controller is:

  • Controller: Lunarly Operator
  • Privacy contact: privacy@lunarly.cc
  • General support: support@lunarly.cc

EEA-resident users may exercise their rights under GDPR Article 27 directly through the contacts above.

2. Data We Collect

The table below summarises every category of personal data that Lunarly processes, the purpose of processing, and whether it stays on your device. This summary matches the disclosures made in the Google Play Console Data Safety form.

Category Purpose On-device Sent off-device
Anonymous device identifierAbuse-prevention / usage-limit keyYesAI / birth-chart requests
Date / time / place of birthAstrology input (optional)YesBirth chart request
Gender (optional)Optional input for AI personalisationYesAI insight request
Journal text / transcriptTyped journal + speech-to-text outputYesOnly the excerpt you choose to analyse
Voice recordingsMicrophone capture, kept on-deviceYesNo
PhotosGallery / camera photos, kept on-deviceYesNo
Mood, tags, manifests, coinsJournal metadataYesNo
App Lock PINStored only as a secure hash; never in plain textYesNo
Crash / error reportsAnonymous crash data (optional, can be disabled)Yes (opt-in)
Advertising ID (AAID/IDFA)Ad serving (only if ad consent granted)Yes (if ad consent granted)
Purchase historySubscription validation transaction IDYes

3. Data We Do NOT Collect

Lunarly does not collect:

  • location (GPS / Wi-Fi / network-based location). For birth-chart purposes we only use the place / city name string you type,
  • contacts,
  • SMS or call logs,
  • microphone audio outside of explicit voice-journal recording you initiate,
  • biometric templates. App Lock biometrics are handled by your operating system; Lunarly never sees fingerprint or face data.

4. Data Storage

  • Your journal text, voice recordings, photos and related content are stored locally on your device.
  • Voice recordings and photos remain inside the app’s isolated storage area (sandbox).
  • The App Lock PIN is stored only as a secure hash inside the secure storage area provided by your operating system; it is never kept in plain text.
  • Temporary anonymous usage-limit records held on the server side are automatically deleted within at most 7 days.

5. Data Sharing and Processor Categories

  • We do not sell your data and do not market it to third parties for advertising purposes. We do not share it except for the processing purposes described below.

5.1 AI Insight Generation

When you request an AI insight, only the excerpt of the journal entry you choose to analyse, your gender (if provided), and the zodiac information computed from your birth data (Sun, Moon, Rising) are processed through our secure servers by an AI analysis service provider.

  • Your device identifier and your name are not sent to the analysis provider.
  • The returned insight is written to your device; it is not stored on our servers.
  • The provider does not, by default, use API customer data to train its models; it may retain such data for a limited period (typically up to 30 days) for abuse-monitoring purposes and then deletes it.

5.2 Birth Chart and Astrological Calculations

For birth-chart and astrological calculations, your date of birth, time of birth, and the latitude / longitude of your place of birth are transmitted to a third-party astrology data provider. The calculation result is written to your device; it is not stored on our servers.

5.3 Ads and Premium

  • Premium subscriptions are processed through a subscription management platform using the Google Play / Apple App Store billing infrastructure.
  • Ads are served by an advertising network and consent management service. The advertising identifier (AAID / IDFA) may be used for personalised ads; you can withdraw consent at any time from the device settings and from the in-app consent prompt.

5.4 Crash Reporting

Anonymous crash and error reports may be collected via an error monitoring / application health service. You can disable this from Settings.

5.5 Processor Categories (KVKK Art. 10(b), GDPR Art. 13(1)(e))

Limited strictly to the purposes described above, your data may be processed by the following categories of service providers:

  • AI analysis service provider,
  • cloud infrastructure / proxy service provider,
  • third-party astrology data provider,
  • error monitoring / application health service,
  • subscription management platform,
  • advertising network and consent management service,
  • mobile application stores (subscription billing).

Processing by any provider in a given category is limited to the corresponding purpose listed above.

6. International Data Transfers (KVKK Article 9 / GDPR Chapter V)

The service-provider categories listed above may be located outside Turkey and the European Economic Area (EEA), primarily in the United States. Consequently, the data described above may be transferred abroad when processed. This transfer is assessed under KVKK Article 9 and GDPR Chapter V (international data transfers).

By using the AI insight and birth-chart features you provide explicit consent to this transfer. You may choose not to use these features at any time; in that case Lunarly will not send your data off-device (except for ads and opt-in crash reports).

7. User Rights (KVKK Article 11 / GDPR)

You have the following rights:

  • Access (KVKK 11/b, GDPR Art. 15): view all stored data from the “My Data” screen.
  • Portability (GDPR Art. 20): download all your data in JSON format via “Export My Data”.
  • Erasure / Right to be Forgotten (KVKK 11/e, GDPR Art. 17): see the “Data Deletion Procedure” below.
  • Rectification (KVKK 11/d, GDPR Art. 16): edit your birth information from the Profile screen or update your journal entries.
  • Objection / Withdrawal of consent (KVKK 11/c, GDPR Art. 7(3)): disable the anonymous analytics opt-in and ad consent at any time; stop using the AI / birth-chart features to withdraw consent for the associated international transfer.

8. Data Deletion Procedure

  • In-app deletion: Settings → Data Management offers a “Delete All Data” option that irreversibly removes every journal entry, voice recording, photo, profile field and coin balance from your device.
  • One-tap “Delete My Data + Delete Account”: Until this in-app flow ships, email support@lunarly.cc with your request; we will delete any server-side usage-limit / cache record within 30 days of receipt.
  • Server-side records: Anonymous usage-limit records are auto-deleted within at most 7 days; we can delete them sooner on request.
  • Third-party processors: Each processor category listed above may apply its own retention windows under its own policy. For deletion at those processors we can direct you to the privacy portal of the relevant provider.

9. Children’s Privacy

Lunarly is not designed for users under the age of 13. Because the digital-consent age is 16 in most EU member states, users under 16 should use Lunarly only with the consent of a parent or legal guardian. If we learn that a child under 13 has created an account, we delete the data.

10. Security

  • Your data is protected by industry-standard encryption and by the isolation (sandbox) mechanisms provided by your operating system.
  • All server requests are encrypted using current TLS standards.
  • We apply data-minimisation: only the data strictly necessary for a feature is sent off-device.

11. Updates

When this policy is updated, the version number is incremented and, for material changes, at least 14 days’ in-app notice is provided; you will be asked to accept the new text when you open the app.

12. Related Documents

13. Contact

For questions: privacy@lunarly.cc (privacy) / support@lunarly.cc (general support).

Lunarly is a mystical journaling companion. Your data belongs to you.