BabyRadarBabyRadar
Legal

Privacy Policy

Last updated April 21, 2026Questions? hello@babyradar.co

BabyRadar was built around one idea: nothing about your nursery should become someone else's data. This Privacy Policy explains what information we collect, why, how we protect it, and the choices you have. It applies to the BabyRadar iOS app and related services offered by Lunana Global Inc.

Contents
  1. 01Summary
  2. 02Who we are
  3. 03Information we collect
  4. 04What we do not collect
  5. 05Your baby and your child
  6. 06How we use information
  7. 07How we share information
  8. 08Our service providers
  9. 09Law enforcement and legal process
  10. 10Abuse, surveillance, and misuse reports
  11. 11Data retention
  12. 12Security and breach notification
  13. 13Your rights
  14. 14California residents
  15. 15EEA, UK, and Swiss residents
  16. 16International transfers
  17. 17Changes to this Policy
  18. 18How to contact us
The short version. We do not record audio from your home. A machine-learning model running on the Monitor iPhone decides whether a sound is a cry, a stir, or quiet, and sends only the result (an event with a timestamp) to your paired Viewers. When you tap to listen in, audio is streamed live through an encrypted relay from one phone to the other, then discarded.We never save, play back, mine, train on, or sell your nursery audio. We collect the minimum account and diagnostic data needed to run the Service, and we do not sell your personal information.

1. Summary

  • Audio analysis runs on-device. Raw audio from the Monitor iPhone is not sent to our servers for analysis.
  • Live listen is transient. Audio flows through an encrypted relay to your Viewer phone and is discarded as it passes.
  • No camera, no video. BabyRadar is audio-only.
  • We do not sell personal information and we do not share it for cross-context behavioral advertising.
  • We do not use your household audio or your child’s voice to train any machine-learning model, including our own.
  • We do not create biometric profiles of your child or anyone else in the home.
  • You can delete your account and data at any time by emailing hello@babyradar.co.

2. Who we are

The Service is provided by Lunana Global Inc., a Delaware corporation. For purposes of this Policy and of laws such as the EU/UK General Data Protection Regulation and the California Consumer Privacy Act, Lunana is the “controller” or “business” that decides how your personal information is processed. Contact: hello@babyradar.co.

3. Information we collect

3.1 Information you give us

  • Account information: the email address you provide, a display name if you set one, and an authentication token associated with your account. If you sign in with Apple, we receive the identifier Apple provides (and your email if you choose to share it).
  • Household and pairing information: the six-digit pair codes and cryptographic identifiers used to link your Monitor and Viewer devices, and the role (Monitor or Viewer) you assign to each device.
  • Support communications: messages and attachments you send to hello@babyradar.co or through other support channels.

3.2 Information collected automatically

  • Device information: iPhone model, iOS version, app version, language, time zone, and a per-install random identifier that resets if you reinstall the app. We use these to support the app and diagnose issues.
  • Diagnostics and crash reports: stack traces, error codes, approximate battery level, network type (Wi-Fi or cellular), and performance metrics. Crash reports do not include audio.
  • Usage analytics: aggregate, pseudonymous events such as “session started,” “pair completed,” “notification delivered,” or “live listen tapped.” We do not log the content of any audio event.
  • Audio event metadata generated on-device: the outputs of the on-device classifier, such as “baby voice at 01:42:18, 12 seconds” or “adult voice at 02:05:04.” These metadata records describe a sound detection, not the sound itself. They are stored on your device and synced to your paired Viewers; we do not process their content on our servers except to deliver the corresponding push notifications.
  • Relay session metadata: when you start a live listen, our relay logs the session start time, end time, approximate duration, and connection quality for up to seven (7) days so we can diagnose outages. The relay does not record audio.
  • Subscription and purchase records: purchase receipts returned by Apple to verify an active subscription. We receive the product identifier, purchase date, and transaction ID; we do not receive your credit-card number or your full Apple ID.

4. What we do not collect

We have designed the Service to minimize personal data. We do not:

  • record, store, or save audio from the monitored room, whether before, during, or after a live-listen session;
  • receive audio on our servers except as a transient encrypted stream during an active live-listen session that you initiate;
  • store or transmit audio from the Monitor’s microphone for any purpose other than on-device classification and the relay’s real-time delivery to a Viewer you have paired;
  • use any camera, video, or photo data;
  • collect precise location data;
  • collect your contact list, calendar, health records, or data from other apps on your phone;
  • collect your child’s name, date of birth, medical information, biometric identifiers, or any clinical data;
  • create voice prints or voice-based biometric identifiers of anyone in the home;
  • track you across other apps or websites, or allow third parties to do so through us;
  • sell or rent your personal information to anyone;
  • use your household audio, your child’s voice, or your sleep-event timeline to train machine-learning models.

5. Your baby and your child

A baby monitor is an inherently child-adjacent product. We have built the Service so that a child’s voice and sounds leave the Monitor iPhone only in two circumstances: briefly, in their encrypted stream form during a live-listen session you have started, and as anonymized event metadata (“baby voice at X time, Y seconds”) that you have chosen to sync to your paired Viewers. Nothing about your child becomes data in our hands that we could release, analyze, or sell.

5.1 The Service is not directed to children

BabyRadar is an app for parents and caregiving adults. The paying customer and user is always an adult; a child does not interact with the Service. For this reason we do not believe the Service is “directed to children” for purposes of the U.S. Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501 et seq.; 16 C.F.R. Part 312) or the analogous provisions of the UK Age Appropriate Design Code and Article 8 of the EU GDPR.

5.2 Our voluntary child-data commitments

Even though COPPA likely does not require it, and even though the Service is not directed to children, we have adopted the following commitments because we think a baby monitor should hold itself to a higher standard than the statutory minimum:

  • we never persist audio of a child’s voice, cry, babble, or any other sound on our servers;
  • we never use audio of a child, event metadata about a child, or the sleep-timeline records derived from them to train, fine-tune, or evaluate any machine-learning model, including our own;
  • we never create or store voice prints, biometric identifiers, or any form of voice-based identification of a child (or any other person in the home);
  • we never use a child’s data to build advertising profiles, and we never permit third-party advertising inside the Service;
  • event metadata about a child’s sounds stays associated only with the parent’s account and is deleted within thirty (30) days when the account is deleted;
  • we never sell, rent, or commercially disclose any data relating to a child to any third party;
  • we will not release child-related data in response to a civil subpoena in a custody, divorce, or family-court matter without first raising every reasonable legal objection available to us (see Section 9).

We do not knowingly allow a child under 13 to create an account, purchase a subscription, or pair a Viewer. If you believe a child under 13 has done so on your account or anyone else’s, email hello@babyradar.co and we will reset the account.

6. How we use information

We use the information described above to:

  • provide, operate, and maintain the Service, including pairing your Monitor and Viewer devices and delivering live-listen and push notifications;
  • verify your subscription status with Apple and grant access to paid features;
  • respond to your support requests and communicate with you about the Service;
  • diagnose, debug, and improve the Service (for example, to investigate why a notification was delayed);
  • detect, prevent, and respond to fraud, abuse, security incidents, and unlawful activity, including reports that someone is using the Service to surveil a person without consent (see Section 10);
  • comply with law, respond to lawful requests, and enforce our Terms;
  • protect the rights, property, or safety of Lunana, our users, or the public, including the safety of a child we reasonably believe is at risk.

Where required by law (for example, under the GDPR), we rely on the following legal bases: performance of our contract with you (providing the Service), our legitimate interests (operating and improving the Service, preventing abuse, securing our systems), compliance with legal obligations, and, where applicable, your consent or vital-interests grounds (for situations involving risk to life or physical safety).

7. How we share information

We share personal information only as described below. We do not sell personal information.

  • Between your paired devices. The whole point of the Service is to route notifications and live listen from your Monitor to your Viewers. Pairing metadata and event notifications are shared between the devices you pair. We do not share them with any other household.
  • With our service providers (sub-processors) listed in Section 8, who process data on our behalf under written agreements that restrict their use of the data to the purposes we specify.
  • For legal reasons: as described in Section 9.
  • Corporate transactions. If Lunana is involved in a merger, acquisition, financing, reorganization, or sale of assets, personal information may be transferred to the successor entity, subject to confidentiality obligations at least as protective as those in this Policy. We will notify you of any change in ownership that materially affects your personal information.
  • With your consent for any other purpose we disclose to you.

8. Our service providers

We rely on a small set of trusted providers to operate the Service. Each is bound by contract and uses data only as necessary to perform its function.

  • Apple Inc.: app distribution (App Store), in-app purchases and subscription management, Apple Push Notification service (APNs), and Sign in with Apple. Apple’s handling of this data is governed by its own privacy policy.
  • Cloud hosting and relay provider: operates the encrypted relay that routes live-listen audio between your devices and runs the servers that deliver notifications.
  • Error reporting and analytics provider: collects crash reports and pseudonymous usage events so we can debug the Service.
  • Customer support email provider: delivers and stores email you send to hello@babyradar.co.

The current list of sub-processors and their roles is available on request. If you would like the list before installing the app, email us and we will send it.

9. Law enforcement and legal process

We will disclose personal information to government authorities, courts, or other third parties only when we are legally required to do so or, in our reasonable good-faith view, when disclosure is necessary to prevent imminent physical harm.

We will review every legal demand we receive. Where we believe a subpoena, court order, or other request is facially invalid, overbroad, or issued in bad faith, we will object, move to quash, or otherwise resist it before disclosing anything.

Because the Service does not store audio, we cannot produce audio recordings in response to any legal demand, period. What we can produce is limited to account information, event metadata, pairing history, and diagnostic logs, and only to the extent we hold it.

We regard civil subpoenas seeking child-related data in the context of a custody, divorce, paternity, or family-court matter as presumptively sensitive. We will raise every reasonable legal objection available to us before producing anything, and will notify the account holder where we are legally permitted to do so.

10. Abuse, surveillance, and misuse reports

BabyRadar is designed for use by a parent or guardian in their own home, and use of the Service to surveil another person without their consent is strictly prohibited under Section 5 of our Terms of Service.

If you believe someone has paired a BabyRadar Monitor in a place where you have a reasonable expectation of privacy without your informed consent, or is otherwise using the Service against you, please contact us:

  • email hello@babyradar.co with the subject line “Abuse Report”;
  • describe what you know about where the device is, who you believe controls it, and why you believe consent has not been given; and
  • include any evidence (photographs, correspondence) that helps us understand the situation.

We will investigate, preserve relevant records, and cooperate with law enforcement and court orders. Where appropriate, we will suspend the implicated account pending investigation. We may, consistent with applicable law, provide relevant information to law enforcement investigating a possible violation of the Wiretap Act or a state all-party-consent statute. Nothing in this Policy waives your right to contact law enforcement, a domestic-violence hotline, or a lawyer directly.

If you are in immediate danger in the United States, call 911 or the National Domestic Violence Hotline at 1-800-799-7233. Outside the United States, please contact your local emergency services and, if applicable, a national or local domestic-violence support organization in your country.

11. Data retention

We keep personal information only as long as we need it:

  • Account information: for the life of your account, plus a short wind-down period (up to 30 days) after deletion to allow recovery and to complete billing reconciliation.
  • Audio event metadata and sleep-timeline data: for the life of your account. You can delete specific sessions or your entire history from within the app; the data is purged from our servers within thirty (30) days.
  • Diagnostics and crash reports: typically 90 days, then aggregated or deleted.
  • Relay session metadata: up to 7 days, then deleted.
  • Support communications: up to 2 years after the ticket is closed, unless you ask us to delete them sooner.
  • Legal, tax, and compliance records: for as long as required by applicable law.
  • Records preserved under legal hold: for as long as needed to respond to the legal matter.

When a retention period ends, we delete the data, anonymize it, or put it beyond further use.

12. Security and breach notification

We take reasonable administrative, technical, and physical safeguards to protect personal information, including encryption of data in transit (TLS 1.2 or higher), encryption at rest for data we persist, least-privilege access controls for our employees and contractors, audit logging, and regular security reviews. The Service uses end-to-end authenticated encryption for the live-listen relay so that the relay provider cannot read audio passing through it.

No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your Apple ID credentials and the pair codes you share with other Viewers confidential; do not share a pair code with anyone you do not intend to grant live-listen access to your nursery.

If we become aware of a security incident that affects your personal information, we will notify you and any applicable regulator as required by law. For U.S. state breach-notification laws and GDPR Article 33/34, we will provide notice within the statutory deadline (typically 72 hours for GDPR; timelines vary for state laws).

13. Your rights

Depending on where you live, you may have some or all of the following rights:

  • Access a copy of the personal information we hold about you.
  • Correct information that is inaccurate or incomplete.
  • Delete your account and associated personal information.
  • Restrict or object to certain processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data-protection authority.

To exercise a right, email hello@babyradar.co with “Privacy Request” in the subject line. We will respond within the time required by applicable law (in any event within forty-five (45) days for U.S. state privacy laws and thirty (30) days for GDPR / UK GDPR). We may verify your identity by asking you to confirm details associated with your account. We will not discriminate against you for exercising these rights.

14. California residents

This Section applies if you are a California resident and supplements the rest of this Policy. It is provided under the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”).

14.1 Categories of personal information

In the 12 months preceding the date of this Policy we collected the following categories, as defined by CCPA/CPRA: identifiers (email, device identifiers); commercial information (subscription and purchase history); internet and network activity (diagnostics, usage analytics); audio information (event metadata generated on-device; transient live-listen streams that we do not retain); and inferences drawn from the foregoing that we use to operate the Service. We disclosed the same categories only to the service providers listed in Section 8 for operational purposes.

14.2 Sensitive personal information

We may process “sensitive personal information” within the meaning of CCPA/CPRA, namely transient audio streams passing briefly through our relay and account log-in credentials. We use sensitive personal information only to perform the Service, prevent security incidents, and for other purposes permitted by CCPA/CPRA § 1798.121(a). You have the right to limit our use of sensitive personal information for other purposes; we do not use it for any such other purpose, so no separate opt-out is required.

14.3 Sale and sharing

We do not “sell” or “share” personal information as those terms are defined by CCPA/CPRA (we do not disclose personal information for monetary or other valuable consideration, and we do not share it for cross-context behavioral advertising). We have not done so in the past 12 months, including with respect to minors under 16.

14.4 Your California rights

You have rights to know, to access in a portable format, to delete, to correct, to limit the use of sensitive personal information, and to be free from retaliation for exercising these rights. You may submit requests by emailing hello@babyradar.co or by using the in-app “Manage my data” control. You may designate an authorized agent to submit requests on your behalf; we will ask for written permission from you before honoring third-party requests.

14.5 “Shine the Light”

Under California Civil Code § 1798.83, California residents may request information about our disclosure of personal information to third parties for their direct-marketing purposes. We do not make such disclosures.

15. EEA, UK, and Swiss residents

If you are in the European Economic Area, the United Kingdom, or Switzerland, Lunana is the data controller. The legal bases we rely on are set out in Section 6. You have the rights listed in Section 13. You may lodge a complaint with the data protection authority in your country of residence. A full list is available at edpb.europa.eu.

16. International transfers

We are based in the United States, and we use service providers located in the United States and other countries. When we transfer personal information from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or other lawful transfer mechanisms. A copy of the safeguards is available on request.

17. Changes to this Policy

We may update this Policy from time to time. If we make a material change, we will give reasonable notice, such as by posting the updated Policy with a new “Last updated” date, sending email to the address associated with your account, or displaying a notice within the Service. Your continued use of the Service after the effective date constitutes your acceptance of the updated Policy. If a change requires your consent under applicable law, we will obtain it.

18. How to contact us

Lunana Global Inc.
Email: hello@babyradar.co
Please include a subject line describing your request (“Privacy,” “Privacy Request,” “Abuse Report,” “Child Account,” or similar). We aim to respond within five (5) business days for general inquiries, and within the legally required period for rights requests.

Also read:Terms of ServicePrivacy PolicyEnd-User License Agreement