📅 Last Updated: 08 May 2026 | Effective Date: 08 May 2026
This Privacy Policy describes how Luna Medical Diary ("Luna", "we", "us", or "our") collects, uses, stores, and protects information when you use our website and services available at luna-diary.in (the "Service").
By registering for or using Luna, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of the Service.
Your health data is private. Luna does not sell, rent, or share your personal health information with advertisers, data brokers, or third parties for commercial purposes. Your diary entries are visible only to you.
1. Information We Collect
1.1 Information You Provide
- Account information: Username, email address, and password (stored in encrypted/hashed form)
- Health diary entries: Symptoms, notes, mood, energy levels, severity ratings, and tags you log for each date
- Uploaded files: Medical reports, images, scans, and documents you attach to diary entries
- Contact information: If you contact us via email or our contact form
1.2 Information Collected Automatically
- Session data: Login session information stored in cookies to keep you signed in
- Remember-me tokens: An encrypted cookie if you choose "Keep me signed in" (stored for up to 10 years, deleted on logout)
- Server logs: IP address, browser type, and access time (standard server logs, retained for up to 30 days)
- Language preference: Your selected language, stored in browser localStorage
1.3 Payment Information
We do not store your card number, CVV, or banking credentials. All payment transactions are processed by Razorpay Payment Solutions Pvt. Ltd., a PCI-DSS compliant payment gateway. We only store the payment ID, order ID, and subscription status that Razorpay provides after a successful transaction.
2. How We Use Your Information
| Data | Purpose |
|---|
| Email & username | Account creation, authentication, password recovery |
| Health diary entries | Storing and displaying your personal health records |
| Uploaded files | Serving files back to you when you access your diary |
| Payment data (from Razorpay) | Verifying subscription status and activating/extending access |
| Server logs / IP address | Security monitoring, abuse prevention, debugging |
| Contact form data | Responding to your support requests |
3. Data Storage and Security
Your data is stored on secured servers. We implement the following security measures:
- Passwords are hashed using PHP's
PASSWORD_DEFAULT (bcrypt) algorithm — we cannot see your password
- Remember-me tokens are generated using cryptographically secure random bytes
- Uploaded files are stored outside publicly accessible paths and served only after authentication checks
- Database connections use prepared statements to prevent SQL injection
- All file MIME types are verified server-side before storage
While we take all reasonable precautions, no system is 100% secure. We encourage you to use a strong, unique password.
4. Data Sharing and Disclosure
We do not sell or rent your personal data. We may share information in the following limited circumstances:
- Razorpay: Payment data is transmitted to Razorpay for processing. Please review Razorpay's Privacy Policy.
- Legal obligation: If required by Indian law, court order, or government authority
- Business transfer: In the event of a merger or acquisition, users will be notified in advance
- Safety: To protect the safety of users or others in an emergency
5. Cookies and Local Storage
Luna uses the following cookies and browser storage:
- luna_remember (cookie): Stores your login token if you select "Keep me signed in". Expires in 10 years or when you log out. This is an HttpOnly cookie.
- PHP session cookie: A standard session cookie to maintain your login during a browser session. Expires when your browser closes.
- luna_lang (localStorage): Stores your language preference. Not a cookie — stored locally in your browser only.
We do not use third-party advertising cookies, tracking pixels, or analytics cookies.
6. Your Rights
As a user of Luna, you have the following rights:
- Access: View all data associated with your account by logging in
- Correction: Update or correct any diary entry at any time
- Deletion: Delete individual diary entries, files, or request full account deletion by contacting us
- Data portability: Request an export of your data by emailing us
- Withdraw consent: Stop using the service and request deletion of your account
To exercise any of these rights, email us at haribhaichaudhary096@gmail.com. We will respond within 7 business days.
7. Data Retention
- Account data and diary entries are retained as long as your account is active
- If you request account deletion, all your data will be permanently deleted within 7 business days
- Server access logs are retained for up to 30 days
- Payment records (transaction IDs only) are retained for 7 years as required by Indian accounting and tax law
8. Children's Privacy
Luna is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.
9. Third-Party Links
Luna may contain links to external websites (e.g., Razorpay). We are not responsible for the privacy practices of third-party websites and encourage you to read their privacy policies.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of significant changes by email or by displaying a prominent notice within the app. Continued use of Luna after any changes constitutes your acceptance of the revised policy.
11. Governing Law
This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of Ahmedabad, Gujarat, India.
12. Contact Us
For any privacy-related questions, concerns, or requests: