Loonari World
Contact
Legal · Last updated April 29, 2026 · Document v2.1

Privacy Policy
NanoMama iOS application

This application is developed and operated by LOONARI WORLD CORP, TOO (BIN 251040022519, Kazakhstan).

Document version: 2.1 · Effective date: April 29, 2026 · Previous version: 2.0 from April 28, 2026. Changes in v2.1: aligned with updated Terms of Use v2.1 (introductory plan is now paid — 5 RUB for 7 days). Payment-data processing including the v2.0 RebillId / CustomerKey block is unchanged.

This Privacy Policy applies to the NanoMama mobile application for iPhone and iPad and related mobile interfaces and services (collectively, the "App"). The App is operated by LOONARI WORLD CORP, TOO, BIN 251040022519, Kazakhstan (the "Operator", "we", "us", or "our").

By downloading or using the App, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the App.

1. Data Controller

The data controller responsible for your personal data is:

  • Company: LOONARI WORLD CORP, TOO
  • BIN: 251040022519
  • Address: Kazakhstan, Almaty, Nauryzbay district, Alatau gardening partnership, house 80, postal code 050000
  • Contact email: inbox@loonariworld.com

2. Data We Collect

2.1 Account and Registration Data

  • Email address used for registration
  • Display name (optional)
  • Password (stored in encrypted form using bcrypt; we never store plain-text passwords)

2.2 Profile and Health Data

  • Pregnancy information: due date, gestational age, current week
  • Child profile data: birth date, weight, height, developmental milestones
  • Health diary entries: symptoms, mood, temperature, vital signs entered by the user
  • Sleep tracking data entered by the user
  • Menstrual cycle data entered by the user
  • Medical documents and notes uploaded voluntarily by the user

2.3 AI Interaction Data

  • Questions and messages submitted to the AI assistant
  • AI response history within the session

2.4 Technical and Device Data

  • Device type and model
  • Operating system version
  • App version
  • IP address (for security and fraud prevention)
  • Crash reports and error logs
  • App usage analytics (aggregated, non-identifiable where possible)

2.5 Payment Data

Apple In-App Purchase: All in-app purchases and subscriptions on iOS processed via Apple IAP do not result in any payment card details being collected or stored by the Operator. Apple provides us only with a subscription status confirmation (active/inactive) and the subscription tier.

Tinkoff Card-on-File (web / non-IAP purchases): If you subscribe via the web (nanomama.ru) or any non-IAP path, payment is processed by Tinkoff Bank JSC (PCI DSS Level 1). Card details (PAN, CVV, expiry, holder name) are never sent to the Operator's servers. From Tinkoff we receive only:

  • RebillId — a tokenised reference to the saved card, used solely to initiate subsequent recurring charges via Tinkoff's Charge API;
  • CustomerKey — an internal identifier generated by the Operator from your unique account ID, used to bind the saved card to your account for subscription management;
  • transaction status, amount and timestamp;
  • fiscal-receipt metadata required by Federal Law 54-FZ.

The RebillId / CustomerKey pair is stored encrypted at rest. When you disable auto-renewal or delete your account, the RebillId is removed from the Operator's database within 24 hours and is no longer used for charges.

3. How We Use Your Data

  • Create and manage your user account
  • Provide personalised AI assistant responses based on your profile and health data
  • Deliver weekly pregnancy and child development content tailored to your stage
  • Process and manage your subscription through Apple In-App Purchase
  • Send push notifications and reminders (only if you grant permission)
  • Improve the App's features, content accuracy, and AI model quality
  • Ensure security, prevent fraud, and troubleshoot technical issues
  • Comply with legal obligations under applicable law
  • Confirm payment for the subscription or AI pack
  • Initiate automatic recurring charges with your consent (see Terms of Use, Section 5.4)
  • Refund payments where required by the Terms of Use
  • Generate and transmit fiscal receipts to the Russian Federal Tax Service through an OFD operator (Federal Law 54-FZ requirement)
  • Detect and prevent fraudulent transactions in cooperation with Tinkoff Bank's anti-fraud system
  • Contract performance: processing necessary to provide the App services you have requested.
  • Legitimate interests: security, fraud prevention, improving our services, and app analytics.
  • Consent: for push notifications and any optional features where we explicitly request your consent. You may withdraw consent at any time.
  • Legal obligation: where we are required to process data under applicable law.

5. Third-Party Services and Data Sharing

We do not sell your personal data to third parties. We may share data with:

  • Apple Inc. — for In-App Purchase subscription management and App Store distribution.
  • AI infrastructure providers — anonymised or pseudonymised prompts may be processed by third-party AI API providers to generate responses. Providers are contractually bound to confidentiality and data minimisation obligations.
  • Cloud hosting and infrastructure — our servers and databases are hosted with reputable cloud providers under data processing agreements.
  • Analytics services — aggregated, non-identifiable usage data may be shared with analytics providers to improve the App.
  • Legal authorities — where required by applicable law, court order, or regulatory requirement.

5.1 International Transfers

Your data may be processed in countries outside Kazakhstan, including countries where servers operated by our cloud infrastructure providers are located. We ensure adequate protection through standard contractual clauses or other approved transfer mechanisms.

Payment-data retention (added in v2.0)

  • RebillId / CustomerKey — until you disable auto-renewal or delete your account, plus 24 hours for guaranteed deletion;
  • Transaction history — 5 years per Russian accounting and tax law;
  • Fiscal receipt logs — 5 years per Federal Law 54-FZ.

6. Data Retention

  • Account data: retained until you delete your account or request deletion.
  • Health diary and profile data: retained as long as your account exists; deleted upon account deletion.
  • AI interaction history: retained for up to 12 months for service quality purposes, then anonymised or deleted.
  • Technical logs: retained for up to 90 days for security and debugging purposes.
  • Financial/subscription records: retained as required by applicable accounting and tax law (typically up to 5 years).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your personal data ("right to be forgotten").
  • Restriction: request that we limit the processing of your data.
  • Data portability: request your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdrawal of consent: where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at inbox@loonariworld.com. We will respond within 30 days.

7.1 Account and Data Deletion

You may request full deletion of your account and all associated personal data by emailing inbox@loonariworld.com with the subject line "Account Deletion Request". We will process the request within 30 days.

8. Children's Privacy

The NanoMama App is intended for adults (parents, expectant mothers). We do not knowingly collect personal data from children under 13 years of age. The App may collect data about a user's child (such as developmental milestones and health records) — this data is entered by the parent/guardian and is associated with the parent's account.

If you believe we have inadvertently collected data from a child without parental consent, please contact us at inbox@loonariworld.com and we will promptly delete it.

9. Security

  • All data in transit is encrypted using TLS/HTTPS.
  • Passwords are stored using bcrypt hashing with a secure salt.
  • Access to production databases is restricted to authorised personnel only.
  • Regular security reviews and vulnerability assessments are performed.

No method of transmission over the internet or electronic storage is 100% secure. If you suspect any security incident, please notify us immediately at inbox@loonariworld.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the App or by email (if provided) at least 7 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the App after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact Us

  • Company: LOONARI WORLD CORP, TOO
  • BIN: 251040022519
  • Address: Kazakhstan, Almaty, Nauryzbay district, Alatau gardening partnership, house 80, postal code 050000
  • Email: inbox@loonariworld.com

We aim to respond to all inquiries within 30 days.

Last updated: April 29, 2026 · Contact: inbox@loonariworld.com