The privacy promise, in plain language.

Lunara Privacy is built for people who want period tracking without a tracker account, cloud copy, ad profile, or in-app analytics trail.

The app runs in your browser. Saved period dates, symptoms, notes, and cycle history stay in the browser profile on the device you use.

This design is practical, not magical: it depends on your device, browser storage, PIN or passphrase, and backup habits.

• No Lunara cloud account for cycle data.
• No sign-in identity tied to your tracker history.
• No ad pixels, session replay, or third-party tracking scripts inside the tracker.
• No analytics SDKs that read cycle entries, symptoms, notes, or backup activity.
• No remote recovery copy of cycle entries or notes.
• No automatic sharing of tracker content with supporter checkout.

Saved tracker records are encrypted before storage in the current browser profile. Lunara uses browser Web Crypto, AES-GCM encryption, and keys derived locally from your PIN or passphrase.

Refreshing or closing Lunara returns the tracker to the lock screen, so the next visit asks for your PIN or passphrase again.

The full technical boundary is documented on Privacy & Security Details.

Local browser storage helps because Lunara does not keep a central account database of your cycle entries, symptoms, notes, or backup content.

It does not protect against browser data clearing, device resets, shared device access, screenshots, malware, downloaded files, synced device backups, or someone who can access the device or browser profile.

It also does not change legal, workplace, school, family, or device access limits. Keep password-protected backups current and store them somewhere you trust.

Lunara cannot recover forgotten PINs, forgotten passphrases, deleted browser storage, or missing backup files. That is the tradeoff of not keeping a cloud recovery copy.

Password-protected backups are the safer restore option. Plain backups and readable exports can be useful, but they are not the safer default if someone else may find the file.

If you are moving from another tracker, start with the safe data move guide.

Local-first storage reduces what Lunara can keep centrally because there is no Lunara account database holding your cycle history. It does not prevent access to your device, browser profile, screenshots, downloaded files, email, cloud backups, or records kept elsewhere.

The optional safety PIN opens a separate empty-looking space. It does not hide real data, send alerts, contact anyone, erase evidence, or replace emergency, legal, or safety-planning help.

Lunara is not medical, legal, or emergency guidance.

The public marketing pages, including this one, are not the same surface as the tracker at /app. The tracker holds cycle data and is built to carry zero telemetry, ad pixels, session replay, or third-party tracking scripts.

The public pages may carry cookieless, IP-free, aggregate page-view stats so the project can see which pages reach people and which do not. If used, that measurement runs only on the public pages, never inside the tracker, never reads cycle entries, and never sets a cookie or stores an IP address on the visitor.

The split lets the project be honest in two directions at once: the tracker stays untouched, and the public side can still be improved from real evidence rather than guesswork. If this policy changes, this page is updated before any new measurement is added.

• Read the public privacy pages before entering sensitive details.
• Install only from the browser on this domain.
• Create and check a password-protected backup before relying on it.
• Do not send PINs, passphrases, backup passwords, or backup contents to support.
• Review the terms for medical, legal, emergency, and availability limits.

Does Lunara Privacy have a cloud account for cycle data?

No. Lunara Privacy does not create a cloud account for cycle entries, symptoms, notes, or backup content.

Does local-first storage stop legal access?

No. Local-first storage reduces what Lunara can hold centrally, but it does not protect a device, browser profile, downloaded backups, screenshots, or records kept elsewhere.

Can Lunara recover deleted local tracker data?

No. If local data and working backups are gone, Lunara Privacy has no account recovery path.

Does the tracker inside the app use analytics?

No. The tracker side of Lunara Privacy does not add analytics SDKs, ad pixels, session replay, or third-party tracking scripts. Cycle entries, symptoms, notes, and backup activity never leave the device through a measurement script.

Do the public marketing pages use any measurement?

The public pages may run privacy-respecting, cookieless, IP-free, aggregate page-view stats so the project can see what reaches people. They run only on the public pages, never inside the tracker, and never read cycle data. If this changes, the policy below is updated first.