Skip to main content

Last updated:2026-06-04

Lullacraft — Privacy Policy

Effective Date: 2026-06-04.

This Privacy Policy explains what personal data Lullacraft (“Lullacraft”, “we”, “us”, or “our”) collects, how we use it, who processes it, and the choices you have. It applies to the Lullacraft mobile applications, the web properties at sleepwise.sanva.tk, and any related services (collectively, the “Service”).

The Service is operated by Sanva Independent Developer (the “Operator”). If you have any questions about this policy, contact us at privacy@sanva.tk.

1. Data We Collect

We collect only what is necessary to operate the Service. Specifically:

1.1 Account data

  • Apple account identifier — the opaque user identifier returned by Sign in with Apple. It does not include your real name (unless you choose to share it during Apple Sign-In). We do not receive your Apple ID password.
  • Email address — only if you sign in with an email magic link, or if you choose to share it during Apple Sign-In.

1.2 On-device data (stays on your device)

  • Practice records — which meditation and breathing sessions you completed.
  • Sleep journal — your nightly check-ins and journal scores.
  • Preferences — your goal, blocker, reminder time, and similar settings.

This data is stored locally on your device using SQLite and the system secure store. It is not uploaded to our servers.

1.3 Mood check-in data (cloud)

  • Daytime mood check-ins — optional emoji check-ins are stored in our cloud database and automatically deleted after 90 days. They are used only to personalize that evening’s guided meditation.

1.4 Subscription data

  • Subscription status, plan, and expiry — synced through the Apple App Store / Google Play and RevenueCat so we can grant the correct entitlement.

1.5 What we do not collect

  • We do not collect your real name (unless you share it via Apple Sign-In), precise location, contacts, call logs, or photo library.
  • We do not record audio and do not request microphone access.
  • We do not use third-party advertising SDKs and do not access your clipboard.
  • We do not sell your personal data to anyone.

2. How We Use Your Data

We use the data above to:

  1. Provide the Service — authenticate you, generate your personalized nightly meditation and breathing script, and keep your subscription entitlement in sync.
  2. Personalize your night — use your goal, blocker, mood, and recent practice signals to compose a session tailored to tonight.
  3. Process subscriptions — verify entitlement and handle renewals.
  4. Comply with law — respond to lawful requests and enforce our Terms.

We do not use your data for advertising, profiling, or third-party marketing, and your inputs are never used to train AI models.

3. AI Processing — What We Send, To Whom, and For What

To compose your nightly meditation script, optional tonight recommendation, or optional weekly reflection, the relevant non-identifying fields — your chosen goal, blocker, current mood, and recent practice/journal signals — are sent from your device over an encrypted (TLS) connection through our secure gateway to an AI model provider.

  • Your device does not call the AI provider directly, and provider API keys are never stored on your device.
  • We do not send your real name, email, Apple ID, or location to the AI provider.
  • We do not record or send any audio or microphone data.
  • Your inputs and outputs are not used to train any model.
ProcessorPurposeData sharedRetention
newapi (AI gateway)Generate your guided meditation script, tonight recommendation, and weekly reflection textGoal, blocker, mood, recent practice/journal signals (no name/email/location)Per-request usage logs retained ≤ 30 days

4. Other Third-Party Services

We share narrowly scoped data with the following services, each used only for the purpose described below.

ServicePurposeData shared
Apple App Store / StoreKitSubscription and payment processingReceipt and platform user identifier
Google PlaySubscription and payment processing (Android)Receipt and platform user identifier
RevenueCat, Inc.Subscription state aggregation & receipt validationStore receipts and an anonymous app user ID

Apple and Google handle all payment data; we never see your card.

5. Data Retention

  • On-device data — practice records, sleep journal, and preferences remain on your device until you delete them or delete your account.
  • Mood check-in data — automatically deleted 90 days after collection.
  • AI gateway usage logs — retained for no more than 30 days.
  • After you delete your account — your on-device data is wiped and your Apple Sign-In token is revoked. Cloud-side records are removed within 72 hours; limited backup snapshots may persist up to 30 days before being overwritten.
  • Legal retention — limited records (e.g., tax records of paid subscriptions) may be retained where required by law.

6. Account Deletion

You can delete your account and all on-device data at any time:

  1. In-app — Settings → Delete account and data → confirm. One tap wipes everything on your device. This cannot be undone.
  2. From the web — visit /delete-account for the full step-by-step guide.

When you delete your account, your Apple Sign-In token is revoked per App Store guideline 5.1.1(v), and deleting your account is treated as withdrawing all consents.

7. Your Controls and Rights

  • Access — all of your data is visible inside the app.
  • Delete — one tap in Settings → Delete account and data wipes everything on-device (see Section 6).
  • Withdraw consent — deleting your account withdraws all consents.
  • Export — not yet supported; planned for a future release.

To exercise any of these rights or ask a question, email privacy@sanva.tk. We respond within 30 days.

8. Children’s Privacy

Lullacraft is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has used Lullacraft, contact privacy@sanva.tk and we will delete the related data promptly.

9. Security

  • Transport-layer encryption (TLS 1.2+) for all network traffic.
  • On-device data stored via the system secure store.
  • API tokens scoped per user; admin keys never live on user devices.
  • Apple App Store and Google Play handle payment data; we never see your card.

No system is perfectly secure. If you suspect unauthorized access to your account, contact privacy@sanva.tk immediately.

10. Cookies & Web Tracking

The Lullacraft website uses only essential cookies (e.g., theme preference). We do not use third-party advertising cookies, behavioral tracking, or fingerprinting. No analytics SDK is loaded on the marketing site.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the Effective Date at the top and, for material changes, notify you in-app before the change takes effect.

12. Contact

For privacy questions, requests, or complaints, email privacy@sanva.tk. We respond within 30 days.

For questions about this document, contact support@sanva.tk.