Keeping health data on the device

Cycle and fertility data is some of the most sensitive information a person can record. The safest way to protect it isn't a better privacy policy — it's to never collect it in the first place.

No account, no cloud, no leak

Lunara has no servers. There's no sign-up, no sync to a backend, and no analytics on your health data. Everything you log lives on your iPhone, encrypted by the device, and goes nowhere else.

That's a deliberate constraint, and it changes the engineering:

• The model is local. Predictions are computed on-device from your own history.
• There's nothing to breach. A server you don't run can't leak data it never had.
• Backups stay yours. Your data rides along in your encrypted device backup — under your control, not ours.

"The best way to protect something is to never collect it."

Privacy as a feature, not a footnote

When data never leaves the device, "privacy" stops being a marketing line and becomes a property of the architecture. It's also freeing: no consent banners to manage, no breach surface to defend, no temptation to monetise something that was never ours to sell.

For the right kind of app, on-device is simply the honest default.