Privacy Policy

1. Controller and contact details

The controller responsible for Lulnara is Praelion Health LTD, a company registered in England and Wales with company number 17209225. Our registered office is First Floor, Swan Building, 20 Swan Street, Manchester, M4 5JW, United Kingdom.

You can contact us about privacy, data protection or your rights at hello@praelion.com.

We do not currently have a statutory data protection officer. We review this as the product and processing activities develop.

2. Scope of this policy

This policy applies to Lulnara, including our app, website, account services, support channels, beta programmes, email communications and related family-care features. It should be read alongside our Terms of Service.

Lulnara is designed for use by parents, guardians and authorised caregivers. It is not intended for children to create independent accounts unless we expressly release a version with appropriate age-assurance, parental involvement and child-facing privacy information.

3. Personal data we collect

Account and identity data

This may include your name, email address, login method, role in a family, authentication identifiers, verification status, account settings, subscription status and support history.

Child profile data

This may include a child's name, date of birth, age, profile image, avatar settings, sex or gender where you choose to provide it, family relationships and permissions linked to that child.

Care, wellness and health-adjacent data

You may choose to log sleep, feeds, nappies, growth, symptoms, temperature, medicine notes, vaccinations, appointments, milestones, mood, behaviour, routines, development, allergies, medical conditions, emergency contacts, photos, voice notes, reports and free-text notes.

Special-category data

Some data you enter may reveal information about physical or mental health, disability, development or care needs. Under UK data protection law, health data is special-category data and receives extra protection. We process it only where a lawful basis and special-category condition apply.

Technical and usage data

This may include device type, operating system, app version, browser, IP address, approximate location derived from technical data, timezone, crash logs, diagnostic events, security logs, feature usage, notification tokens and cookie or similar technology identifiers where used.

Voice, images and uploaded content

If you use voice or media features, we process the audio, image or document you provide to create the requested log, transcript, attachment, summary or report. Where possible, raw audio is not retained after transcription unless needed for a feature you request, troubleshooting, safety, abuse prevention or legal compliance.

4. How we collect data

We collect personal data:

• directly from you when you create an account or add logs;
• from people you invite, where they add information to a shared family space;
• automatically from your device and app usage, such as security, diagnostic and crash data;
• from payment, authentication, app-store or subscription providers where you use those services; and
• from support messages, feedback, surveys or email interactions.

5. How we use personal data

We use personal data to:

• create, authenticate and secure accounts;
• provide family spaces, child profiles, logs, reports, reminders, sharing and sync;
• generate summaries, transcripts, predictions and other AI-assisted outputs you request;
• send service emails, verification links, password resets, support replies and important product notices;
• process subscriptions, entitlements, trials, refunds and billing status where paid plans are available;
• monitor reliability, investigate bugs, prevent abuse and secure the service;
• understand aggregated usage patterns so we can improve Lulnara; and
• comply with legal, accounting, tax and regulatory duties.

6. Lawful bases and special-category conditions

UK data protection law requires us to identify a lawful basis for each purpose. Where special-category data is involved, we also identify an additional condition.

Where we rely on consent, you can withdraw it at any time. This does not affect processing that took place before withdrawal and may mean that some features can no longer be provided.

7. How we share personal data

People you invite

If you invite family members or caregivers, they may see, add, edit or export information according to the permissions available in Lulnara. You should only invite people who need access and who you trust with the relevant child and family information.

Service providers

We use trusted providers to operate Lulnara. These may include providers for hosting, databases, authentication, email, push notifications, analytics, crash reporting, media storage, subscriptions, payments, app distribution, customer support and AI processing. They may process personal data only for our instructed purposes and under appropriate contractual safeguards.

AI providers

When you use AI features, relevant prompts, logs, audio, transcripts or context may be sent to AI service providers to generate the requested output. We configure providers, where available, so data is not used to train their public models. You should avoid entering information that is unnecessary for the AI request.

Legal and safety disclosures

We may disclose data if required by law, court order, regulator, tax authority, app-store process, legal claim, security incident, safeguarding concern or to protect the rights, safety and security of users, children, families, Praelion or others.

Business changes

If Praelion is involved in a merger, acquisition, restructuring, financing, due diligence process or sale of assets, personal data may be shared with advisers and potential successor organisations under confidentiality and data protection safeguards.

8. What we do not do

• We do not sell personal data.
• We do not share child health or care data with advertisers.
• We do not use family care logs for targeted advertising.
• We do not knowingly collect account data directly from children without appropriate parental involvement.

9. International transfers

We operate from the United Kingdom, but some providers may process personal data in other countries. Where UK data protection law requires safeguards for international transfers, we use appropriate mechanisms such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to EU Standard Contractual Clauses, or other lawful transfer mechanisms.

10. Retention and deletion

We keep personal data only for as long as needed for the purposes described in this policy, unless a longer period is required for legal, accounting, security, dispute or compliance reasons.

• Account and family data is usually retained while your account is active.
• Deleted logs may remain in backups or recovery systems for a limited period before final removal.
• Support, transaction, security and compliance records may be retained for longer where needed to protect rights or meet legal duties.
• Aggregated or anonymised analytics may be retained where it no longer identifies you or a child.

You can request deletion through available in-app controls or by contacting us at hello@praelion.com.

11. Security

We use technical and organisational measures designed to protect personal data, including encryption in transit, access controls, least-privilege internal access, authentication safeguards, monitoring, backups, vulnerability management and supplier review.

No online service can be guaranteed completely secure. You should use a strong password, protect your devices, keep your app updated and tell us promptly if you suspect unauthorised access.

12. Children and family privacy

Lulnara handles information about children because parents, guardians and authorised caregivers choose to create records about their care. We expect adults using Lulnara to consider the child's best interests, minimise what they enter, invite only appropriate people, and delete or correct information when it is no longer needed or is inaccurate.

If you believe someone has created a child profile or entered child information without proper authority, contact us promptly at hello@praelion.com.

13. Cookies and similar technologies

Our website and app may use cookies, local storage, device identifiers, analytics SDKs or similar technologies to remember preferences, keep sessions secure, understand reliability and improve the service. Where consent is required for non-essential cookies or similar technologies, we will ask for it.

14. Marketing communications

We may send service messages that are necessary for your account or the operation of Lulnara. If we introduce marketing emails, we will provide a lawful basis and an unsubscribe route. We will not use children's care records, health information or family notes to target advertising.

15. Your rights

Depending on your circumstances and the applicable law, you may have the right to:

• access personal data we hold about you;
• correct inaccurate or incomplete personal data;
• request deletion of personal data;
• restrict or object to certain processing;
• receive portable data where the right applies;
• withdraw consent where processing is based on consent;
• challenge solely automated decisions with legal or similarly significant effects, if any are introduced; and
• complain to a data protection authority.

To exercise rights, contact us at hello@praelion.com. We may need to verify your identity and authority before responding, especially where child or family data is involved.

16. Complaints

We would appreciate the chance to resolve privacy concerns first. You also have the right to complain to the UK Information Commissioner's Office.

• Website: ico.org.uk/make-a-complaint
• Telephone: 0303 123 1113

17. Changes to this policy

We may update this policy as Lulnara develops or as legal, technical or operational requirements change. If a change is material, we will take reasonable steps to notify you. The date at the top shows when this version took effect.