Privacy Policy - Lullogram
Privacy Policy - Lullogram
Privacy Policy - Lullogram
rablab.
Last updated: 2nd April 2026
Effective date: 2nd April 2026
1. Who We Are
Lullogram is developed and operated by Rhys Rabaiotti ("I", "me", "my"), an independent developer based in the United Kingdom. I am the data controller responsible for your personal information.
Contact: You can reach me via the in-app feedback form or by writing to sayhi@rablab.info.
2. Age Requirement
Lullogram is intended for users aged 13 and over. I do not knowingly collect personal data from anyone under the age of 13. If you are under 13, please do not use this app or provide any personal information.
If you are a parent or guardian and believe your child under 13 has used Lullogram or provided personal data, please contact me immediately using the details in Section 1. I will promptly delete that data.
For users aged 13–15 in the European Union, additional protections under EU GDPR Article 8 may apply depending on your country of residence, and parental consent may be required. Please check the rules in your country.
3. What Data We Collect
3.1 Account Information
Email address — used to create and manage your account via one-time passcode (OTP) sign-in. No password is ever created or stored.
3.2 Health & Wellbeing Data
Sleep data — sleep schedules, session start/end times, and sleep quality information you log or that is synced via Apple HealthKit.
Focus & attention sessions — duration, timing, and session notes for focus activities you record in the app.
This data is classified as sensitive health data and is handled with the highest level of care.
3.3 Journal Entries
Journal text — written entries you create within the app.
Location data — if you choose to attach your location to a journal entry, your approximate or precise location at the time of writing is recorded. This is always optional and requires your explicit permission via the iOS location prompt.
Soundscape selections — which ambient sounds or soundscapes you use during journalling sessions.
Fidget toy interactions — session data from digital fidget features within the app (e.g. session duration and type).
3.4 Device & Technical Data
Anonymised device identifiers — used for crash reporting and analytics.
Crash logs and diagnostic data — technical error reports generated when the app encounters a problem, used solely to improve stability.
App usage analytics — anonymised data about which features you use and how often, used to improve the app. (The specific analytics provider will be confirmed prior to launch and this policy will be updated accordingly.)
3.5 Purchase Information
In-app purchase and subscription records — transaction identifiers and subscription status, processed entirely by Apple. I do not receive or store your payment card details.
3.6 Weather Data
Local weather conditions — fetched via Apple WeatherKit based on your location to contextualise journal entries or soundscape suggestions. This data is processed on-device or by Apple and is not stored by me independently.
4. Why We Collect This Data (Legal Basis)
The table below sets out the legal basis for each type of data processing. This is primarily relevant to users in the UK and European Economic Area (EEA) under UK GDPR and EU GDPR.
Data Purpose Legal Basis Email address Account creation and authentication Performance of a contract Health & sleep data Core app functionality Explicit consent Focus session data Core app functionality Performance of a contract Journal text Core app functionality Performance of a contract Location (journal) Optional contextual feature Explicit consent Analytics & crash data App improvement and stability Legitimate interests Purchase data Subscription management Performance of a contract Weather data Contextual app features Legitimate interests
For health data and location data specifically, I rely on your explicit consent. You may withdraw this consent at any time via iOS Settings → Privacy & Security, or by contacting me.
5. How We Store Your Data
Your account and app data is stored securely using Supabase, a cloud database platform. Data is encrypted in transit using TLS and encrypted at rest.
Health data synced via Apple HealthKit remains on your device and in your personal iCloud account under Apple's control. I only access HealthKit data with your explicit permission and use it solely to provide app features — it is never used for advertising, shared with third parties, or used for any purpose beyond what you would reasonably expect.
6. Who We Share Your Data With
I do not sell your personal data. I may share data with the following categories of third-party service providers only to the extent necessary to operate the app:
Supabase — cloud database and backend infrastructure.
Apple Inc. — HealthKit, WeatherKit, App Store payments, and crash reporting via Xcode Organizer.
Analytics provider (to be confirmed) — anonymised, aggregated usage analytics.
Crash reporting provider (to be confirmed) — anonymised diagnostic data.
All third-party providers are required to handle your data in accordance with applicable privacy law. I do not share your health data, journal content, or location data with any third party for marketing or advertising purposes.
7. International Data Transfers
If you are located in the UK or EEA, your data may be transferred to and stored in countries outside those regions (for example, where Supabase infrastructure operates). Where this occurs, I ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO or European Commission.
8. How Long We Keep Your Data
Data type Retention period Account & journal data Until you delete your account Health & session data Until you delete the data or your account Analytics & crash logs Up to 24 months, then automatically deleted Purchase records As required by Apple and applicable tax law
When you delete your account, I will delete or anonymise your personal data within 30 days, except where I am required to retain it by law.
9. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
Access — request a copy of the data I hold about you.
Correction — ask me to correct inaccurate data.
Deletion — ask me to delete your data ("right to be forgotten").
Restriction — ask me to limit how I use your data.
Portability — request your data in a portable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — for health or location data, at any time without affecting prior processing.
To exercise any of these rights, use the in-app feedback form or contact me at sayhi@rablab.info. I will respond within 30 days.
If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local data protection authority.
10. Cookies and Tracking
Lullogram is a native iOS application and does not use browser cookies. Any tracking is limited to anonymised, in-app analytics described in Section 3.4. I do not use cross-app tracking or advertising identifiers.
You can limit ad tracking on your device via iOS Settings → Privacy & Security → Tracking.
11. Children's Privacy
Lullogram is not directed at children under 13. I do not knowingly collect personal data from children under 13. If I become aware that a child under 13 has provided personal data, I will delete it promptly. See Section 2 for more detail.
12. Security
I take the security of your data seriously. Measures include:
Encrypted data transmission (TLS/HTTPS).
Encrypted data storage via Supabase.
OTP-based authentication with no stored passwords.
Access to user data restricted to the developer only.
No system is completely secure. If you believe your account has been compromised, please contact sayhi@rablab.info immediately.
13. Changes to This Policy
I may update this policy from time to time. Where changes are material, I will notify you via an in-app notice or email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.
Continued use of Lullogram after any changes constitutes your acceptance of the updated policy.
14. Contact
If you have any questions, concerns, or requests relating to this privacy policy or your personal data, please contact me:
In-app: via the feedback form in Settings
Email: sayhi@rablab.info.
Address: Lullogram, 16 Beatrice road, Whitchurch Cardiff, WALES CF14 1DT
This privacy policy was written for Lullogram, an independent iOS application. It is provided for informational purposes. You should seek independent legal advice to ensure full compliance with all applicable laws in your target markets.
Last updated: 2nd April 2026
Effective date: 2nd April 2026
1. Who We Are
Lullogram is developed and operated by Rhys Rabaiotti ("I", "me", "my"), an independent developer based in the United Kingdom. I am the data controller responsible for your personal information.
Contact: You can reach me via the in-app feedback form or by writing to sayhi@rablab.info.
2. Age Requirement
Lullogram is intended for users aged 13 and over. I do not knowingly collect personal data from anyone under the age of 13. If you are under 13, please do not use this app or provide any personal information.
If you are a parent or guardian and believe your child under 13 has used Lullogram or provided personal data, please contact me immediately using the details in Section 1. I will promptly delete that data.
For users aged 13–15 in the European Union, additional protections under EU GDPR Article 8 may apply depending on your country of residence, and parental consent may be required. Please check the rules in your country.
3. What Data We Collect
3.1 Account Information
Email address — used to create and manage your account via one-time passcode (OTP) sign-in. No password is ever created or stored.
3.2 Health & Wellbeing Data
Sleep data — sleep schedules, session start/end times, and sleep quality information you log or that is synced via Apple HealthKit.
Focus & attention sessions — duration, timing, and session notes for focus activities you record in the app.
This data is classified as sensitive health data and is handled with the highest level of care.
3.3 Journal Entries
Journal text — written entries you create within the app.
Location data — if you choose to attach your location to a journal entry, your approximate or precise location at the time of writing is recorded. This is always optional and requires your explicit permission via the iOS location prompt.
Soundscape selections — which ambient sounds or soundscapes you use during journalling sessions.
Fidget toy interactions — session data from digital fidget features within the app (e.g. session duration and type).
3.4 Device & Technical Data
Anonymised device identifiers — used for crash reporting and analytics.
Crash logs and diagnostic data — technical error reports generated when the app encounters a problem, used solely to improve stability.
App usage analytics — anonymised data about which features you use and how often, used to improve the app. (The specific analytics provider will be confirmed prior to launch and this policy will be updated accordingly.)
3.5 Purchase Information
In-app purchase and subscription records — transaction identifiers and subscription status, processed entirely by Apple. I do not receive or store your payment card details.
3.6 Weather Data
Local weather conditions — fetched via Apple WeatherKit based on your location to contextualise journal entries or soundscape suggestions. This data is processed on-device or by Apple and is not stored by me independently.
4. Why We Collect This Data (Legal Basis)
The table below sets out the legal basis for each type of data processing. This is primarily relevant to users in the UK and European Economic Area (EEA) under UK GDPR and EU GDPR.
Data Purpose Legal Basis Email address Account creation and authentication Performance of a contract Health & sleep data Core app functionality Explicit consent Focus session data Core app functionality Performance of a contract Journal text Core app functionality Performance of a contract Location (journal) Optional contextual feature Explicit consent Analytics & crash data App improvement and stability Legitimate interests Purchase data Subscription management Performance of a contract Weather data Contextual app features Legitimate interests
For health data and location data specifically, I rely on your explicit consent. You may withdraw this consent at any time via iOS Settings → Privacy & Security, or by contacting me.
5. How We Store Your Data
Your account and app data is stored securely using Supabase, a cloud database platform. Data is encrypted in transit using TLS and encrypted at rest.
Health data synced via Apple HealthKit remains on your device and in your personal iCloud account under Apple's control. I only access HealthKit data with your explicit permission and use it solely to provide app features — it is never used for advertising, shared with third parties, or used for any purpose beyond what you would reasonably expect.
6. Who We Share Your Data With
I do not sell your personal data. I may share data with the following categories of third-party service providers only to the extent necessary to operate the app:
Supabase — cloud database and backend infrastructure.
Apple Inc. — HealthKit, WeatherKit, App Store payments, and crash reporting via Xcode Organizer.
Analytics provider (to be confirmed) — anonymised, aggregated usage analytics.
Crash reporting provider (to be confirmed) — anonymised diagnostic data.
All third-party providers are required to handle your data in accordance with applicable privacy law. I do not share your health data, journal content, or location data with any third party for marketing or advertising purposes.
7. International Data Transfers
If you are located in the UK or EEA, your data may be transferred to and stored in countries outside those regions (for example, where Supabase infrastructure operates). Where this occurs, I ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK ICO or European Commission.
8. How Long We Keep Your Data
Data type Retention period Account & journal data Until you delete your account Health & session data Until you delete the data or your account Analytics & crash logs Up to 24 months, then automatically deleted Purchase records As required by Apple and applicable tax law
When you delete your account, I will delete or anonymise your personal data within 30 days, except where I am required to retain it by law.
9. Your Rights
Depending on where you live, you may have the following rights regarding your personal data:
Access — request a copy of the data I hold about you.
Correction — ask me to correct inaccurate data.
Deletion — ask me to delete your data ("right to be forgotten").
Restriction — ask me to limit how I use your data.
Portability — request your data in a portable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — for health or location data, at any time without affecting prior processing.
To exercise any of these rights, use the in-app feedback form or contact me at sayhi@rablab.info. I will respond within 30 days.
If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. If you are in the EEA, you may contact your local data protection authority.
10. Cookies and Tracking
Lullogram is a native iOS application and does not use browser cookies. Any tracking is limited to anonymised, in-app analytics described in Section 3.4. I do not use cross-app tracking or advertising identifiers.
You can limit ad tracking on your device via iOS Settings → Privacy & Security → Tracking.
11. Children's Privacy
Lullogram is not directed at children under 13. I do not knowingly collect personal data from children under 13. If I become aware that a child under 13 has provided personal data, I will delete it promptly. See Section 2 for more detail.
12. Security
I take the security of your data seriously. Measures include:
Encrypted data transmission (TLS/HTTPS).
Encrypted data storage via Supabase.
OTP-based authentication with no stored passwords.
Access to user data restricted to the developer only.
No system is completely secure. If you believe your account has been compromised, please contact sayhi@rablab.info immediately.
13. Changes to This Policy
I may update this policy from time to time. Where changes are material, I will notify you via an in-app notice or email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent version.
Continued use of Lullogram after any changes constitutes your acceptance of the updated policy.
14. Contact
If you have any questions, concerns, or requests relating to this privacy policy or your personal data, please contact me:
In-app: via the feedback form in Settings
Email: sayhi@rablab.info.
Address: Lullogram, 16 Beatrice road, Whitchurch Cardiff, WALES CF14 1DT
This privacy policy was written for Lullogram, an independent iOS application. It is provided for informational purposes. You should seek independent legal advice to ensure full compliance with all applicable laws in your target markets.