Privacy Policy

Effective date June 2026 Applies to: Lunar Defense Mobile Security (Consumer)

Lunar Defense is a device-based security app. Its job is to check whether your iPhone and its network connection show signs of compromise, then tell you what it found and what to do about it. The analysis runs on your phone, and the results stay on your phone.

This policy explains exactly what that means: what we process locally, the few specific things that do leave your device and why, and what we never touch.

Our approach: on-device first

When you run a sweep, the security checks and the AI model that weighs them run entirely on your device. Your scan results (the findings, the verdict, and the device and network signals we examine to produce them) are computed locally and are never transmitted to us or stored off your device.

There is no account to create, no profile, and no login.

What we process on your device (and never send)

To assess your device's security, the app inspects local security-relevant signals, such as:

All of this is read, analyzed, and turned into a verdict on your device. None of it, and none of the resulting findings, is transmitted to us or retained anywhere off your phone.

What leaves your device, and why

The app makes a small number of network connections. None of them carry your scan results, findings, security posture, or personal information. They are the security mechanisms themselves, and they are limited to the following:

1

Confirming your device is genuine (Apple App Attest)

To verify that your iPhone is a genuine, untampered Apple device, the app uses Apple's App Attest service and confirms the result with our server. This sends an opaque install identifier (a random ID generated on install, not your name, Apple ID, phone number, or device serial number) and Apple's cryptographic attestation material. Our server keeps a minimal per-install record (the opaque install ID, an attestation public key, and a timestamp) so the check can't be abused. This runs once per install and is then cached. It contains nothing about you or what your scans found.

2

Verifying the connection to our service (certificate pinning)

The app sends a contentless request to our backend and fetches a signed configuration file to confirm no one is impersonating our service or intercepting the connection. This carries no personal data and no scan data. It is the security check itself.

3

Background scan notifications (paid automation tier only)

If you subscribe to the automated-scanning tier, the app registers for push notifications so we can wake it to run scans in the background. This uses an Apple-issued push token, which is not personal information and is not tied to your identity.

4

Payments (Apple In-App Purchase)

Subscriptions are handled entirely by Apple's In-App Purchase system. We never receive or see your payment details. We only receive your subscription status from Apple so the app can unlock paid features.

What we never collect

We do not collect, transmit, sell, or share your personal data. In particular, the app does not collect:

There are no third-party trackers, no analytics SDKs, and no advertising networks in the app.

No selling, no sharing

We do not sell, rent, trade, or share any information with advertisers, data brokers, other companies, or governments. The only third party involved is Apple (for device attestation, push notifications, and payments, as described above), which acts under Apple's own privacy terms.

Data retention

We do not store your scan results or personal data, so there is nothing for us to retain about your activity. The only records we keep are the minimal, non-personal anti-abuse and operational records described in "What leaves your device" (the opaque install attestation record and, for subscribers, a push token). You can end these by uninstalling the app and, for subscriptions, canceling through Apple.

Security

Analysis runs inside Apple's app sandbox using on-device machine-learning frameworks. The limited network connections we do make are protected by certificate pinning to prevent impersonation or interception.

Children's privacy

Lunar Defense is not directed to children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect personal information from children.

Your choices

Changes to this policy

If we change how the app handles data, we will update this policy and revise the effective date above.

Contact

Questions about this policy? Get in touch.

Lunar Defense LLC

Email: support@lunardefense.co

Website: lunardefense.co