Lullaby does not collect or transmit any personal information to any developer-operated server. All usage data (selected apps to block, sleep records, schedules, settings) is stored only on your iOS device, and the Developer cannot access your data. Payments are handled by Apple. The Service does not include any advertising SDK and does not display advertisements.
1. Overview
Andreality (the "Developer") treats user privacy as a top priority. This Privacy Policy explains how the iOS application "Lullaby" (the "Service") handles user information.
Service: Lullaby (Bundle ID: com.kkuljami.app)
Provider: Andreality
Contact: contact@andreality.app
Supported OS: iOS 26 or later
2. Information the Developer Directly Collects
The Developer does not operate any backend server and does not directly collect, store, or transmit any personal information from users.
Specifically:
No first-party server: The Developer does not operate any server-side system that retains user data.
No first-party analytics: The Service does not use Firebase, Google Analytics, Amplitude, or any other analytics SDK.
No first-party crash reports: The Service does not collect user-identifiable crash reports (any anonymized aggregate statistics gathered by Apple at the system level are subject to Apple's policies).
No advertising SDK: The app does not bundle any advertising network SDK such as Google AdMob or Meta Audience Network, and does not use the advertising identifier (IDFA).
No tracking: The Service does not perform any activity that meets Apple's App Privacy "Tracking" definition (the Privacy Manifest's NSPrivacyTracking value is false).
3. On-Device Data (No Developer Access)
The following data is stored only on your iOS device and the Developer cannot access it.
3.1 Screen Time Data
Selected apps to block: Managed via iOS FamilyControls.FamilyActivitySelection and stored as Apple-encrypted, anonymized tokens. The Developer cannot identify the actual names, bundle IDs, or icons of the apps you select.
Blocking schedule: Bedtime hour/minute, wake hour/minute, active weekdays (Sun–Sat), enabled/disabled state, schedule creation timestamp.
Auxiliary data in the App Group container (group.com.kkuljami.shared): last sleep session start time, session completion flag, shield breach counter, paywall last-shown timestamp, mission-completion flags, and other transient keys used to drive the blocking behavior.
3.2 Sleep Records (SwiftData)
Date, bedtime, wake time, success flag, shield breach count.
Stored only in on-device SwiftData with no external sync or backup (if you have iOS iCloud Backup enabled, the data may be backed up by Apple in a protected form per Apple's policies).
3.3 App Settings & State
Notification opt-in flag, onboarding completion, pause state, premium active cache (monthly/yearly/lifetime tier), and similar UI flags.
Stored in iOS UserDefaults (app-private) and App Group UserDefaults (group.com.kkuljami.shared).
4. Permissions
The Service may request the following iOS permissions. You can change them at any time in iOS Settings.
4.1 Screen Time Permission (FamilyControls)
When requested: When you set up your first blocking schedule.
Purpose: To let you block apps you yourself selected, on your own device, during your own bedtime ("self-control"). The Service is not intended for parental control of another person.
Handling: Permission and selection data are managed by Apple; the Developer cannot see which apps are being blocked.
4.2 Notifications Permission (Optional)
When requested: Optionally during onboarding.
Purpose: 30-minute pre-bedtime reminder and at-bedtime reminder, plus blocking start/end notices.
Handling: All notifications are scheduled locally via UNUserNotificationCenter. The Service does not use remote push (APNs) and does not transmit notification content externally.
The Service does not request App Tracking Transparency (ATT) consent because it does not use the advertising identifier (IDFA).
5. Payment Information
All paid products (monthly subscription, yearly subscription, lifetime access) are processed through Apple App Store In-App Purchase (IAP).
Payment instrument data (credit card, Apple ID, billing address, etc.) is handled solely by Apple; the Developer has no access to it.
The Service uses StoreKit 2 to validate transactions and caches the premium-active flag (isPremium) and tier (monthly/yearly/lifetime) in the App Group UserDefaults. This cached value is not transmitted externally.
The Developer receives only anonymized aggregate sales statistics from Apple and cannot identify individual users.
The Service does not run advertisements — neither now nor as a planned feature.
No advertising network SDK (Google AdMob, Meta Audience Network, etc.) is bundled with the app.
The Service does not use the advertising identifier (IDFA), ad-tracking tokens, or marketing analytics SDKs.
If advertising is ever introduced in the future, this Policy and the App Privacy labels in App Store Connect will be updated and announced in advance.
7. Third-Party Sharing and Processing
Because the Developer does not directly collect user data, there is no data the Developer shares with third parties on its own. However, the following parties may process certain data to provide the Service:
8. Data Retention and Deletion
All on-device data (sleep records, schedules, app selections, settings) is permanently removed when you delete the app.
The Developer does not retain any user data of its own, so no separate deletion request process is required.
Purchase and subscription history on the App Store is retained per Apple's policies. You can manage it under [Settings] > [Apple ID] > [Subscriptions].
9. Children's Privacy
Under the Korean Personal Information Protection Act, the Service does not knowingly collect personal information from children under 14.
For users in other regions, the Service complies with applicable child-privacy laws (e.g., COPPA at age 13 in the US, GDPR Article 8 default of 16 or member-state alternative such as 13 in the EU).
The Service is suitable for all ages. As described above, the Developer does not directly collect or retain any user information and does not display any advertisements.
10. Security Measures
All blocking-target app information is processed only as Apple-managed encrypted tokens and is never converted into a developer-identifiable form.
Payments are processed via Apple StoreKit 2, with standard signature verification (Transaction.currentEntitlements, verified/unverified cases).
Because the Developer does not operate any backend server, there is no server-side breach surface.
The Service ships an Apple Privacy Manifest (PrivacyInfo.xcprivacy) with the main app and the blocking-related extensions (DeviceActivityMonitor / ShieldConfiguration / ShieldAction), declaring the following:
11. Changes to This Policy
If this Policy is updated, the change will be announced in advance via in-app notice or App Store release notes.
For material changes that affect user rights — such as adding a new SDK, requesting a new permission, or introducing advertising — notice will be given at least 7 days before the effective date (or the longer period required by applicable law).
12. Your Rights
Under the Korean Personal Information Protection Act and EU GDPR, you may have the following rights:
Right of access to processing of your personal data
Right to rectification or deletion
Right to restrict processing
Right to object to and obtain an explanation of automated decision-making
Right to data portability (GDPR Article 20)
However, since the Developer does not directly collect or retain any personal information, there is no personal data subject to these rights held by the Developer. On-device data can be removed at any time by deleting the app.
13. Contact
For all privacy-related inquiries, please contact: