BabyRadarBabyRadar
Legal

Privacy Policy

Last updated May 14, 2026Questions? hello@babyradar.co

BabyRadar was built around one idea: nothing about your nursery should become someone else's data. This Privacy Policy explains what information we collect, why, how we protect it, and the choices you have. It applies to the BabyRadar iOS app and related services offered by Lunana Global Inc.

Contents
  1. 01Summary
  2. 02Who we are
  3. 03Information we collect
  4. 04What we do not collect
  5. 05Your baby and your child
  6. 06How we use information
  7. 07How we share information
  8. 08Our service providers
  9. 09Law enforcement and legal process
  10. 10Abuse, surveillance, and misuse reports
  11. 11Data retention
  12. 12Security and breach notification
  13. 13Your rights
  14. 14Identity verification for rights requests
  15. 15Automated decision-making
  16. 16California residents
  17. 17Illinois residents (BIPA notice)
  18. 18Other U.S. state privacy laws
  19. 19EEA, UK, and Swiss residents
  20. 20International transfers
  21. 21Changes to this Policy
  22. 22How to contact us
The short version. Audio analysis runs on the Monitor iPhone; raw audio never reaches our servers. Only event metadata (timestamp + classification) is sent to a managed cloud database so paired Viewers can read the timeline back. Live listen passes through our relay encrypted in transit, in memory only, never written to disk. We never save, mine, train on, or sell your nursery audio.

1. Summary

  • On-device audio analysis. Raw audio is not sent to our servers; live listen is encrypted in transit and discarded by our relay as it passes.
  • Event metadata cloud sync. Timestamps and classifications (not audio) reach a Postgres database row-level-security-gated to your household.
  • Audio-only. No camera, no video, no precise location.
  • No selling, no advertising sharing, no ML training on your audio or your child’s voice. No biometric identifiers within the meaning of the Illinois BIPA (see Section 17).
  • Delete anytime by emailing hello@babyradar.co; we verify identity first (Section 14) to prevent abuse.

2. Who we are

The Service is provided by Lunana Global Inc., a Delaware corporation. For purposes of this Policy and of laws such as the EU/UK General Data Protection Regulation and the California Consumer Privacy Act, Lunana is the “controller” or “business” that decides how your personal information is processed. Contact: hello@babyradar.co.

3. Information we collect

3.1 Information you give us

  • Account information: no email or password is required. On first launch we create an anonymous per-install user ID (via Supabase Auth’s anonymous sign-in) so paired devices recognize each other. If you opt into Sign in with Apple later, we receive the Apple-provided identifier and your email if you choose to share it.
  • Pairing information: pair codes, cryptographic identifiers, role (Monitor or Viewer), and the iOS device display name.
  • Support communications sent to hello@babyradar.co.

3.2 Information collected automatically

  • Device information: iPhone model, iOS version, app version, language, time zone, and a per-install random identifier that resets if you reinstall the app. We use these to support the app and diagnose issues.
  • Diagnostics and crash reports: stack traces, error codes, approximate battery level, network type (Wi-Fi or cellular), and performance metrics. Crash reports do not include audio.
  • Usage analytics: aggregate, pseudonymous events such as “session started,” “pair completed,” “notification delivered,” or “live listen tapped.” We do not log the content of any audio event.
  • Audio event metadata generated on-device: the outputs of the on-device classifier, such as “baby voice at 01:42:18, 12 seconds” or “adult voice at 02:05:04.” These metadata records describe a sound detection, not the sound itself. They are stored on your device and, as described in Section 3.3, synchronized through our managed cloud database to your paired Viewers.
  • Relay session metadata: when you start a live listen, our relay logs the session start time, end time, approximate duration, and connection quality for up to seven (7) days so we can diagnose outages. The relay does not record audio.
  • Subscription and purchase records: purchase receipts returned by Apple to verify an active subscription. We use RevenueCat to manage and verify subscriptions; RevenueCat receives the Apple product identifier, the purchase date, the transaction ID, and a per-install identifier. Neither we nor RevenueCat receives your credit-card number or your full Apple ID.
  • Marketing-attribution events: if you grant App Tracking Transparency permission, the Meta (Facebook) SDK loaded by the app reports a small set of install-attribution events (app launch, app activation) to Meta along with the Identifier for Advertisers (IDFA) so we can measure which install ads bring families to BabyRadar. If you decline ATT, this attribution falls back to Apple’s aggregated SKAdNetwork postbacks, which carry no per-user identifier. We never report any sound, event, or pairing data to Meta.

3.3 Cloud event-metadata sync

From version 2.0, your event timeline (timestamps, sound classifications, durations, confidence scores, and a pointer to the on-device audio clip — not the audio itself) is mirrored to a managed Postgres database operated by Supabase Inc. so paired Viewers can read the timeline without waking the Monitor. Row-level-security rules tied to your anonymous device identifier ensure no household can read another household’s events. Event metadata is encrypted at rest and in transit (TLS 1.2+). Audio clips remain peer-to-peer and are never written to our servers or Supabase.

4. What we do not collect

We have designed the Service to minimize personal data. We do not:

  • record, store, or save audio from the monitored room, whether before, during, or after a live-listen session;
  • receive audio on our servers except as a transient encrypted stream during an active live-listen session that you initiate;
  • store or transmit audio from the Monitor’s microphone for any purpose other than on-device classification and the relay’s real-time delivery to a Viewer you have paired;
  • use any camera, video, or photo data;
  • collect precise location data;
  • collect your contact list, calendar, health records, or data from other apps on your phone;
  • collect your child’s name, date of birth, medical information, biometric identifiers, or any clinical data;
  • create voice prints or voice-based biometric identifiers of anyone in the home;
  • track you across other apps or websites, or allow third parties to do so through us;
  • sell or rent your personal information to anyone;
  • use your household audio, your child’s voice, or your sleep-event timeline to train machine-learning models.

5. Your baby and your child

A child’s voice leaves the Monitor only as transient encrypted live-listen frames you initiate or as anonymized event metadata (“baby voice at X, Y seconds”). Nothing about your child becomes data we could release, analyze, or sell.

5.1 Not directed to children

BabyRadar is for parents and caregiving adults. A child does not interact with the Service. The Service is not “directed to children” under COPPA (15 U.S.C. §§ 6501 et seq.; 16 C.F.R. Part 312), the UK Age Appropriate Design Code, or Article 8 GDPR. We do not knowingly allow a child under 13 to create an account; email hello@babyradar.co and we will reset any such account.

5.2 Our voluntary child-data commitments

Regardless of whether COPPA applies, we commit that we:

  • never persist child audio on our servers, and never use child audio, event metadata, or sleep-timeline records to train, fine-tune, or evaluate any machine-learning model;
  • never create voiceprints or any biometric identifier of a child (or anyone else in the home);
  • never sell, rent, advertise against, or commercially disclose any child-related data;
  • will raise every reasonable legal objection before producing child-related data in a custody, divorce, or family-court subpoena (see Section 9); and
  • delete child-related event metadata within thirty (30) days of account deletion.

6. How we use information

We use the information described above to:

  • provide, operate, and maintain the Service, including pairing your Monitor and Viewer devices and delivering live-listen and push notifications;
  • verify your subscription status with Apple and grant access to paid features;
  • respond to your support requests and communicate with you about the Service;
  • diagnose, debug, and improve the Service (for example, to investigate why a notification was delayed);
  • detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity, including reports that someone is using the Service to surveil a person without consent (see Section 10);
  • comply with law, respond to lawful requests, and enforce our Terms;
  • protect the rights, property, or safety of Lunana, our users, or the public, including the safety of a child we reasonably believe is at risk.

Where required by law (for example, under the GDPR), we rely on the following legal bases: performance of our contract with you (providing the Service), our legitimate interests (operating and improving the Service, preventing abuse, securing our systems), compliance with legal obligations, and, where applicable, your consent or vital-interests grounds (for situations involving risk to life or physical safety).

7. How we share information

We share personal information only as described below. We do not sell personal information.

  • Between your paired devices. The whole point of the Service is to route notifications and live listen from your Monitor to your Viewers. Pairing metadata and event notifications are shared between the devices you pair. We do not share them with any other household.
  • With our service providers (sub-processors) listed in Section 8, who process data on our behalf under written agreements that restrict their use of the data to the purposes we specify.
  • For legal reasons: as described in Section 9.
  • Corporate transactions. If Lunana is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the successor entity, subject to confidentiality obligations at least as protective as those in this Policy. We will notify you of any change in ownership that materially affects your personal information.
  • With your consent for any other purpose we disclose to you.

8. Our service providers

We rely on the providers below, each bound by a written agreement (and standard contractual clauses where applicable). We will notify you at least thirty (30) days before adding a new sub-processor, by updating this Policy; you may terminate your account during the notice period.

  • Apple Inc. (US) — App Store distribution, in-app purchases, APNs, and (if opted-in) Sign in with Apple.
  • Supabase Inc. (US) — managed Postgres for the event-metadata cloud sync (§3.3) and anonymous authentication.
  • Google Cloud Platform (US) — WebSocket relay routing live-listen audio frames in memory between paired devices; not written to disk.
  • RevenueCat, Inc. (US) — subscription verification. Receives Apple product ID, purchase date, transaction ID, per-install ID; no payment card data, no Apple ID.
  • Meta Platforms, Inc. (US) — install-attribution events (app open / activation) and, subject to your App Tracking Transparency permission, IDFA. No audio, event, or pairing data is sent to Meta. Revoke at any time in iOS Settings > Privacy & Security > Tracking.
  • Google Workspace (US) — customer support email.

9. Law enforcement and legal process

We will disclose personal information to government authorities, courts, or other third parties only when we are legally required to do so or, in our reasonable good-faith view, when disclosure is necessary to prevent imminent physical harm.

We will review every legal demand we receive. Where we believe a subpoena, court order, or other request is facially invalid, overbroad, or issued in bad faith, we will object, move to quash, or otherwise resist it before disclosing anything.

Because the Service does not store audio, we cannot produce audio recordings in response to any legal demand, period. What we can produce is limited to account information, event metadata, pairing history, and diagnostic logs, and only to the extent we hold it.

We regard civil subpoenas seeking child-related data in the context of a custody, divorce, paternity, or family-court matter as presumptively sensitive. We will raise every reasonable legal objection available to us before producing anything, and will notify the account holder where we are legally permitted to do so.

10. Abuse, surveillance, and misuse reports

Using BabyRadar to surveil another person without consent is prohibited under Terms §5. If you believe someone has paired a Monitor against you, email hello@babyradar.co with subject “Abuse Report” and what you know about the device location, who controls it, and why consent is absent. We will investigate, preserve relevant records, cooperate with law enforcement and court orders, and suspend accounts pending investigation where appropriate. Nothing here waives your right to contact law enforcement, a domestic-violence hotline, or a lawyer directly.

If you are in immediate danger in the US, call 911 or the National Domestic Violence Hotline at 1-800-799-7233. Outside the US, contact local emergency services.

11. Data retention

  • Account information: life of the account, plus up to 30 days after deletion for recovery and billing.
  • Event metadata + sleep-timeline: life of the account; per-session or whole-history deletion via the app purges from our servers within 30 days.
  • Diagnostics + crash reports: ~90 days, then aggregated or deleted.
  • Relay session metadata: up to 7 days.
  • Support communications: up to 2 years after ticket close, unless you ask us to delete sooner.
  • Legal / tax / compliance + legal-hold records: as long as required by law.

When retention ends we delete, anonymize, or put data beyond further use.

12. Security and breach notification

  • Encryption in transit: TLS 1.2+ on every hop between your phones, our servers, and our sub-processors.
  • Encryption at rest on our managed Postgres (Supabase) for event metadata (§3.3).
  • Live-listen audio: passes through the relay in memory only, not written to disk, logged, or retained. The relay decrypts the TLS envelope to route the frame, so audio is not end-to-end encrypted in the cryptographic sense; we are evaluating client-side E2E for a future release.
  • Access controls: least-privilege for staff, MFA on admin accounts, audit logging, periodic reviews.

No system is perfectly secure. Keep your Apple ID credentials and pair codes confidential; sharing a pair code grants live-listen access to your nursery.

If a security incident affects your personal information we will notify you and any applicable regulator within the statutory deadline (typically 72 hours under GDPR Art. 33/34; US state timelines vary).

Security researchers: please report to hello+security@babyradar.co. We acknowledge valid reports within 5 business days and will not pursue legal action against good-faith researchers who follow coordinated disclosure.

13. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your account and associated personal information.
  • Restrict or object to certain processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise a right, email hello@babyradar.co with “Privacy Request” in the subject line. We will respond within the time required by applicable law (in any event within forty-five (45) days for U.S. state privacy laws and thirty (30) days for GDPR / UK GDPR). We will not discriminate against you for exercising these rights.

14. Identity verification for rights requests

BabyRadar is sometimes installed in households experiencing domestic abuse. A request to delete or export another user’s data could destroy evidence or compromise a victim. We verify identity before acting on any rights request.

Before honoring an access, correction, deletion, portability, or opt-out request:

  • Standard requests: confirm details associated with your account from the device that holds it, or respond to a one-time code sent to the email on file.
  • Deletion / correction: same, plus up to a 48-hour cooling-off period and a second confirmation from the account’s device. Guards against compromised email accounts and stolen phones.
  • Authorized agents (CCPA/CPRA, certain GDPR rights): written authorization signed by you plus proof of the agent’s identity.

If we cannot verify, we will say so and will not act. Appeal by replying with “Appeal” in the subject line; appeals are reviewed by a different team member.

15. Automated decision-making

BabyRadar uses on-device models to classify sounds (cry, fuss, parent voice, ambient, door, footsteps, etc.) and to decide which events trigger a notification. These automatic decisions do not produce legal or similarly significant effects within the meaning of GDPR Article 22 — they affect your timeline and notifications, not access to credit, employment, housing, education, healthcare, or any other right or benefit. You may correct any individual event in the app, dispute a classification by email, and disable notifications in iOS Settings. We do not use your audio, your child’s voice, or sleep-event timeline data to train or evaluate any model.

16. California residents

This Section supplements the rest of this Policy under the California Consumer Privacy Act as amended (CCPA/CPRA).

16.1 Categories collected (last 12 months)

Identifiers (device IDs, optional email); commercial info (purchase history); internet and network activity (diagnostics, analytics); audio information (on-device-generated event metadata; transient live-listen streams we do not retain); and inferences drawn from these used to operate the Service. Disclosed only to the sub-processors in §8 for operational purposes.

16.2 Sensitive personal information

We may process “sensitive personal information” (audio passing briefly through the relay; account login credentials) only for purposes permitted by CCPA/CPRA § 1798.121(a). We do not use SPI for any other purpose, so no separate opt-out is required.

16.3 No sale or sharing

We do not “sell” or “share” personal information as those terms are defined by CCPA/CPRA and have not in the past 12 months, including with respect to minors under 16.

16.4 Your California rights

Rights to know, access (portable), delete, correct, limit SPI use, and freedom from retaliation. Submit via hello@babyradar.co or the in-app “Manage my data” control. Authorized agents require written authorization from you. “Shine the Light” (Cal. Civil Code § 1798.83): we make no direct-marketing third-party disclosures.

17. Illinois residents (BIPA notice and consent)

Notice required by the Illinois Biometric Information Privacy Act, 740 ILCS 14 (“BIPA”). Applies if you reside in Illinois or if any captured voice is located there.

Our on-device classifier reads short audio windows into volatile memory, applies a mel transform, runs a small neural network, and emits a sound-category label with confidence. The window is overwritten within ~5 seconds and never written to disk, transmitted to our servers, or combined across windows to build a per-speaker profile.

We represent that we do not capture, store, retain, transmit, sell, lease, trade, profit from, or disclose any “biometric identifier” or “biometric information” (740 ILCS 14/10), including any “voiceprint,” and we do not use classifier outputs to identify any individual. To the extent a court later deems any aspect of operation to fall within BIPA, by using the Service in Illinois you provide your written, informed consent under 740 ILCS 14/15(b) solely to provide the Service. Revoke by uninstalling. Our retention policy for any material within BIPA’s scope is destruction within ~5 seconds, materially shorter than the three-year ceiling BIPA imposes.

18. Other U.S. state privacy laws

If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland, Indiana, Kentucky, or Rhode Island, your rights under the relevant state comprehensive privacy law (VCDPA, CPA, CTDPA, UCPA, TDPSA, OCPA, MCDPA, and analogous statutes) are substantially similar to those for California residents in Sections 13 and 16: access, portability, correction, deletion, opt-out of sale or sharing for cross-context behavioral advertising (we do neither), and opt-out of profiling with legal effects (we do none). Exercise via hello@babyradar.co with your state in the subject. We honor Global Privacy Control / Sec-GPC. Identity verification under Section 14 applies. Appeal a denial by replying with “Appeal”; if denied, contact your state attorney general.

19. EEA, UK, and Swiss residents

If you are in the European Economic Area, the United Kingdom, or Switzerland, Lunana is the data controller. The legal bases we rely on are set out in Section 6. You have the rights listed in Sections 13 and 14. You may lodge a complaint with the data protection authority in your country of residence. A full list is available at edpb.europa.eu.

Our EU representative under Article 27 GDPR: pending assignment. Until appointed, EU/EEA residents may contact us directly at hello@babyradar.co and we will route your request through our European data protection counsel.

Our UK representative under Article 27 UK GDPR: pending assignment. UK residents may contact us directly at hello@babyradar.co in the interim.

Data Protection Officer. Because our processing of voice-derived data could be characterised as large-scale processing of a special category of personal data, we have designated a Data Protection Officer under Article 37 GDPR. You can reach the DPO at hello+dpo@babyradar.co.

20. International transfers

We are based in the United States, and we use service providers located in the United States and other countries. When we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms. A copy of the safeguards is available on request.

21. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will give reasonable notice, such as by posting the updated Policy with a new “Last updated” date, sending email to the address associated with your account, or displaying a notice within the Service. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy. If a change requires your consent under applicable law, we will obtain it.

22. How to contact us

Lunana Global Inc.
555 Burrard Street
Vancouver, BC V7X 1M8
Canada
General email: hello@babyradar.co
Privacy requests: hello@babyradar.co with “Privacy Request” in the subject line
Data Protection Officer: hello+dpo@babyradar.co
Security disclosures: hello+security@babyradar.co
DMCA copyright notices: see Terms of Service Section 11.5

We aim to respond within five (5) business days for general inquiries, and within the legally required period for rights requests (45 days for U.S. state privacy laws; 30 days for GDPR / UK GDPR).

Also read:Terms of ServicePrivacy PolicyEnd-User License Agreement