Idle Light
Legal

Effective 2026·04·06

Privacy Policy

Idle Light, LLC builds apps for people who collect and care for analog things. This policy explains how we collect, use, and protect your information when you use our applications, including Lunet and any future products.

We believe your data is yours. We collect only what we need to make the app work. We don't sell your data, and we never will.
§ 01

What we collect

Account information

When you create an account, we collect your email address and password. Your password is securely hashed and never stored in plain text. We use this information solely to authenticate you and provide access to your data across devices.

Collection data

When you use Lunet, you may provide information about your watch collection, including:

  • Watch details (brand, model, reference number, nickname, production year)
  • Technical specifications (case size, material, movement type, dial color, water resistance)
  • Purchase and ownership information (purchase date, sale price, market value, serial number)
  • Wear history (which watch you wore on a given day, optional notes)
  • Condition and status (sold, in safe, insured)

This data is provided entirely at your discretion. You choose what to enter and can delete it at any time.

Images

You may upload photos of your watches. We store three resolution variants (original, medium, and thumbnail) on our servers to display them within the app. Images are associated with your account and are not shared with other users or third parties.

Device permissions

  • Camera — used to photograph your watches and for on-device watch identification. Images used for identification are processed locally on your device and are not uploaded to our servers.
  • Photo Library — used to select existing photos for your watch collection.

You can revoke these permissions at any time in your device's Settings.

Automatically collected information

We do not use analytics services, crash reporting tools, or third-party tracking SDKs. We do not collect device identifiers, IP address logs, usage analytics, or behavioral data beyond what is described in this policy.

§ 02

How we use it

  • Provide the app — store and sync your collection data, display your watches and wear history, and generate insights about your collection.
  • Authenticate your account — verify your identity when you sign in.
  • Look up watch specifications — when you enter a reference number, we may send that reference number to Anthropic's API to retrieve watch specifications. Only the reference number is sent — no personal information, account details, or images are included.
  • Process images on-device — we use Apple's Vision framework to create image fingerprints locally on your device for watch identification. These are stored only on your device.
§ 03

How we store and protect your information

Your data is stored on servers provided by Supabase, a hosted infrastructure service. All data is transmitted over encrypted connections (HTTPS/TLS). Access to your data is restricted at the database level — row-level security policies ensure that only you can view or modify your own records.

Watch images are stored in a secure, isolated storage bucket with access controls tied to your authenticated account.

On your device, image caches and identification data are stored locally and can be cleared by deleting the app.

§ 04

Third-party services

We use the following third-party services to operate the app:

Service Purpose Data shared
Supabase Authentication, database, image storage Account email, collection data, images
Anthropic Watch specification lookups Reference numbers only (no personal data)
Apple App distribution, purchase processing Standard App Store data per Apple's privacy policy

We do not share your data with advertisers, data brokers, or any other third parties. We do not sell, rent, or trade your personal information.

§ 05

Data retention and deletion

Your data is retained for as long as you maintain an active account. You may:

  • Delete individual watches or wear records at any time within the app.
  • Delete your entire account from the app's account settings. This permanently removes your account, all collection data, wear history, and images from our servers.

Upon account deletion, your data is removed from our active systems. Residual copies in encrypted backups may persist for up to 30 days before being overwritten.

§ 06

Data export

You can export your watch collection data as a JSON file from within the app. This gives you a portable copy of your data that you can use however you choose.

§ 07

Children's privacy

Our apps are not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will promptly delete it.

§ 08

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you within the app.

§ 09

Contact us

If you have questions about this Privacy Policy or your data, write to us:

Idle Light, LLC
Email: privacy@idlelight.co
Support: support@idlelight.co
Web: idlelight.co

§ 10

California privacy rights

As a California-based company, we respect the privacy rights of California residents under the California Consumer Privacy Act (CCPA). You have the right to:

  • Know what personal information we collect and how we use it.
  • Delete your personal information (available via account deletion in the app).
  • Opt out of the sale of personal information — we do not sell personal information, so this right is satisfied by default.

To exercise any of these rights, contact us at privacy@idlelight.co.

§ 11

For users in the European Economic Area

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional information applies to you under the General Data Protection Regulation (GDPR) and equivalent local laws.

Data controller

The data controller responsible for your personal data is:

Idle Light, LLC
Email: privacy@idlelight.co

Legal basis for processing

Processing activity Legal basis
Account creation and authentication Performance of a contract
Storing collection data and images Performance of a contract
Watch specification lookups (Anthropic) Legitimate interest
On-device image processing Legitimate interest (data never leaves device)

We do not rely on consent as a legal basis for core app functionality. Where we process data based on legitimate interest, we have assessed that our interests do not override your rights, particularly given that we collect minimal data and do not engage in profiling or advertising.

Your rights under GDPR

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — request that we restrict processing under certain circumstances.
  • Data portability — receive your data in a machine-readable format. The app's JSON export provides this.
  • Object — object to processing based on legitimate interest.

To exercise any of these rights, contact us at privacy@idlelight.co. We will respond within 30 days.

International data transfers

Your data is processed and stored on servers located in the United States via our infrastructure provider, Supabase. Watch specification lookups are processed by Anthropic, also based in the United States. These transfers are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission.

Right to lodge a complaint

You have the right to lodge a complaint with your local data protection supervisory authority. We encourage you to contact us first at privacy@idlelight.co so we can attempt to resolve your concern directly.