Luminara Trust & Legal
PrivacyChildrenTermsSafety
Back to Luminara →
RetentionPrinciplesPublic scheduleChildren’s dataDeletion processExceptionsReview

Written policy

Data Retention & Deletion

Effective: July 2, 2026Owner: Luminara Privacy
Our rule

We do not retain children’s personal information indefinitely. We keep it only while there is a documented purpose and business need, then delete or de-identify it using reasonable measures.

1. Retention principles

  • Purpose limitation: retain information only for the purpose disclosed when it was collected.
  • Data minimization: avoid collecting information that is not needed for a family feature.
  • Parent control: honor verified parent requests to review, correct, stop collection, or delete a child’s information.
  • Deletion by design: remove photo data from rejected work, use capacity limits for family content, and preserve only limited deletion markers when synchronization requires them.
  • Service-provider follow-through: delete or cause deletion from active systems and allow protected backup copies to expire on their normal cycle.

2. Public retention schedule

CategoryPurpose and business needDeletion timeframe or trigger
Grown-up account and family membershipAuthenticate the grown-up and authorize family management.While the family is active; delete within 30 days after a verified account/family deletion request, subject to exceptions below.
Child profile, PIN hash, schedules, settings, progress, and rewardsProvide the child’s family experience and synchronize it across connected devices.While the profile is active; remove when the grown-up deletes the child or family, resets applicable progress, or submits a verified request.
Proof submissions and photosLet a grown-up review completed work and optionally keep a limited family gallery.Pending until reviewed or deleted. Rejected photo data is removed during review. Local storage keeps at most 48 recent approved gallery photos and 240 submissions; a grown-up may request earlier cloud deletion.
Messages and image attachmentsProvide supervised family communication and synchronization.Until sender deletion, child/family deletion, or verified request. Clients retain at most 300 recent messages; a limited tombstone may remain to synchronize deletion.
Announcements and reactionsSupport family updates and encouragement.Until deleted, family deletion, or verified request. Clients retain at most 50 announcements and 500 reactions.
Guardian daily activity summaries and blocked domainsShow time on approved apps and whether family browsing controls are working.On-device until extension data is cleared or Guardian is uninstalled; cloud copies remain while the family is active or until verified deletion.
Pairing codesConnect a child device to the correct family.Designed to expire after 5 minutes and removed after successful use when possible; expired records may remain briefly for operational cleanup.
Local and session storageKeep a device connected, preserve settings, and remember the current child session.Session data ends when the browser session ends. Local data remains until unpaired, reset, removed through the product, browser storage is cleared, or the app removes it.
Support and privacy correspondenceRespond to requests, document completion, and resolve disputes.Up to 24 months after the request closes, unless a longer period is legally required.
Security and abuse recordsProtect users, investigate incidents, and meet legal obligations.Normally up to 24 months; longer only when reasonably necessary for an active investigation, claim, or legal hold.

Capacity limits describe current client behavior and may remove information sooner; they are not a promise that cloud deletion occurs solely because a local limit is reached.

3. Children’s personal information

Children’s personal information may not be retained for a secondary, undisclosed purpose or beyond the period reasonably necessary for the specific purpose described in this policy. The operative trigger is the earliest of: the information is no longer needed, the grown-up deletes it, the child/family profile is deleted, consent is withdrawn and no other lawful basis applies, or a verified deletion request is completed.

4. Deletion process

  1. The requester emails ava.moonaro@gmail.com or uses an available grown-up control.
  2. Luminara verifies identity and parental authority using proportionate information.
  3. Relevant active data is identified and deleted or de-identified. The target completion time is 30 days after verification.
  4. Protected backups expire within up to 90 additional days unless an exception applies.
  5. A minimal request log may be retained for up to 24 months to document completion.

Uninstalling Guardian, clearing a browser, or disconnecting one device does not by itself delete cloud information. A grown-up should also submit a deletion request when cloud deletion is desired.

5. Limited exceptions

Information may be retained beyond the ordinary period only when reasonably necessary to comply with law, preserve evidence during an active security investigation or legal dispute, prevent fraud or abuse, complete a transaction requested by the user, or protect a child or another person. Access is restricted and the information is deleted when the exception ends.

6. Policy review and responsibility

Luminara Privacy owns this policy. The schedule is reviewed at least annually and whenever a material feature or service provider changes. Product behavior, database configuration, backups, and support procedures should be tested against this schedule. Material changes affecting children’s information require updated notice and consent when applicable.

© 2026 Luminara
PrivacyChildren’s PrivacySafetyAll policies