Privacy Policy

Nightlamp is operated by NOVA-LUMEN LABS LLP (trading as Lumen Labs), a Limited Liability Partnership incorporated in India. We are the data controller (GDPR) and data fiduciary (India DPDP Act 2023) for personal data processed through Nightlamp.

• App identifier: works.lumenlabs.nightlamp
• LLPIN: ACW-8836
• Registered office: Plot No 10/A, Rail Nagar, Belgaum, Karnataka 590001, India
• General contact: [email protected]
• Grievance Officer (India DPDP Act 2023): the Grievance Officer, NOVA-LUMEN LABS LLP — [email protected]

This policy applies to the Nightlamp mobile application and the information it handles. It works alongside our studio-wide Privacy Policy (which also covers this website); where this app-specific policy and the studio policy differ, this one governs Nightlamp. Links to third-party services are governed by their own policies.

Nightlamp works with the following information, most of which you create by using it:

• Parent Apple user ID (anonymous token, used for account identity only)
• Kid profiles: first name, age band, narrator voice preference (stored on-device and in iCloud, never sent to analytics)
• Ritual completion timestamps (anonymous streak data)
• Anonymous funnel events (age band, narrator id, plan id — no names or emails)

What we do not collect:we do not collect your contacts, your precise advertising identifier for ad targeting, or any data we don't need to run a feature you use. We do not build advertising profiles, and we do not track you across other apps or websites.

We use the information above only to:

• provide the app's features to you;
• process and validate your purchases;
• understand, anonymously and with your consent, how the app is used so we can improve it;
• diagnose crashes and fix bugs (with your consent);
• comply with our legal obligations and protect our rights.

Legal bases (GDPR / UK GDPR): we rely on the performance of a contract with you to provide the app and process purchases; on your consent for optional analytics, crash reporting, and (where applicable) notifications, which you can withdraw at any time; and on our legitimate interests in securing and improving the app, balanced against your rights. Under the India DPDP Act 2023 we process personal data on the basis of your consent or for legitimate uses permitted by the Act.

Kid profiles and ritual history are stored on-device; completion history syncs across the parent's devices via iCloud/CloudKit.

iCloud CloudKit is used to sync per-kid profiles and bedtime-streak history across the parent's Apple devices.

We use PostHog (anonymous funnel events only; kid names and identifiers are explicitly scrubbed before any event is sent — COPPA gate enforced in code) for anonymous product analytics — events such as which screens are opened and which buttons are tapped, tied to a random, app-specific identifier. We never attach your name or email, and your actual content (entries, balances, documents, charts, prayers — whatever the app holds) is never sent. You can turn analytics off at any time in Settings.

If you opt in, we use Sentry (no PII; sendDefaultPii = false, user interaction tracing disabled, custom breadcrumb filter strips any UI text that could contain a child's name) to receive anonymous crash diagnostics — a stack trace, device model, OS version, and app version — so we can fix what breaks. Crash reports are stripped of personal content and are not used to identify you.

We request the following permissions, each only for the feature that needs it and only when you use it:

• Notifications (optional — parent bedtime reminder only, never sent to or about the child)

You can revoke any of these at any time in your device settings.

Payments are handled by RevenueCat (manages $9.99/mo and $59/yr subscriptions with a 7-day free trial on the annual plan). We never see or store your full payment-card details — the relevant app store processes payment and shares with us only what is needed to validate your purchase or subscription status. Those providers handle your payment data under their own privacy policies.

We do not sell your data and we do not share it for advertising. The only third parties involved are the service providers (processors) that make the app work, each acting under contract and for the limited purpose shown:

• RevenueCat — Subscription management and purchase validation
• PostHog — Anonymous funnel analytics (install, first ritual, paywall, convert)
• Sentry — Crash and error reporting with PII capture disabled
• OneSignal — Parent-only bedtime reminder push notification (opt-in)
• Apple CloudKit — iCloud sync of kid profiles and streak history

Some of our service providers may process limited data on servers outside your country, including outside the EEA, the UK, or India. Where that happens we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or an equivalent mechanism, and the providers' own compliance programmes — to protect your data to the standard required by applicable law.

Data stored on your device is retained until you delete it in the app or remove the app. Where we process data on our backend, we keep it only for as long as needed to provide the relevant feature, and we delete or anonymise it within a reasonable period after you delete your account or it is no longer needed. Anonymous analytics and crash data are retained in aggregate for a limited period and cannot be tied back to you.

We use reasonable, industry-standard technical and organisational measures to protect information — including on-device storage by default, encryption in transit for any network calls, and access controls on any backend systems. No method of electronic storage or transmission is 100% secure, however, and we cannot guarantee absolute security. If a personal-data breach occurs that is likely to affect your rights, we will notify the relevant supervisory authority and affected users as required by applicable law.

You can delete your Nightlampaccount and all associated data at any time from within the app's settings, or by emailing [email protected]; we will delete it and instruct our processors to do the same, except where we must retain limited records by law. In addition, depending on where you live, you have the following rights, which we honour for all users:

• Access a copy of the personal data we hold about you;
• Rectify inaccurate data;
• Erase your data (“right to be forgotten”);
• Port your data to another service;
• Object to or restrict certain processing, and withdraw consent for optional processing such as analytics;
• Nominate a person to exercise your rights in the event of death or incapacity (India DPDP Act);
• Not be discriminated against for exercising your rights (CCPA/CPRA), and to know that we have not sold or “shared” your personal information in the preceding 12 months.

To exercise any right, email [email protected]. We will respond within the timeframes required by law. You also have the right to complain to your data-protection authority — for example the Data Protection Board of India, your EU/EEA supervisory authority, or the UK ICO.

This app is used with children ages 4–9. The app does not collect any personal information from children. Kid names and profile data remain on-device and in the parent's iCloud account. Analytics explicitly scrub any property that could identify a child before leaving the device.

Nightlampdoes not make decisions about you that produce legal or similarly significant effects through solely automated means. The app does not use advertising cookies or cross-app tracking. Our website may use strictly necessary cookies and respects browser “Do Not Track” and Global Privacy Control signals where applicable.

If we change this policy we will update the date above and, for material changes, surface a notice in the app. Questions, requests, or grievances? Write to our Grievance Officer at [email protected]. See also the Nightlamp Terms of Service.