Privacy Policy
Last updated: June 4, 2026
LunaRabbit ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services, including:
- LunaRabbit Chat — AI chat assistant available at lunarabbit.ai and as a mobile app (iOS/Android). Features include web search, financial data retrieval, image generation, deep research, file analysis, and voice input.
- LunaRabbit Office — AI productivity tools for Microsoft Office™ and Google Workspace™ (Google Sheets™, Microsoft Excel™, Microsoft Word™, Microsoft PowerPoint™, and a standalone web editor).
Collectively referred to as the "Services."
Geographic scope. The Services are intended for users in South Korea, the United States, and other supported regions. They are not directed to, or intended for, residents of the European Economic Area (EEA) or the United Kingdom, our mobile apps are not distributed there, and we do not target, market to, or monitor individuals in those regions. This Policy is framed around the laws that apply to our supported markets (primarily Korea's PIPA and US privacy law).
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Password (stored in hashed form; we never store plaintext passwords).
- Display name
Usage Data
We automatically collect:
- Feature usage statistics (which tools and functions you use)
- Performance metrics (response times, error rates)
- Device and browser information
- IP address (for rate limiting and security)
Chat Data (LunaRabbit Chat)
When you use LunaRabbit Chat, we collect:
- Conversations: Your messages and AI responses are stored on our servers until you delete them (see Section 6).
- Tool usage: When you use built-in tools (web search, financial data, image generation), the queries you submit and results received are stored as part of your conversation.
- Voice input: If you use voice input, your audio is sent to a third-party speech-to-text service (OpenAI speech-to-text API) for transcription. We do not store audio recordings; only the resulting text is retained as part of your conversation.
- Generated images: Images created by the AI image generation tool are stored in Cloudflare R2 object storage and retained as part of your conversation history until you delete them (or delete the conversation or your account). You can delete generated images at any time.
- File uploads: Files you attach to messages (images, PDFs, Office documents, etc.) are uploaded to Cloudflare R2, processed for AI context, and retained for the duration of the conversation. Accepted file types are limited to a whitelist of safe formats. Files are scanned for malware indicators (VBA macros, ActiveX controls). You can delete uploaded files at any time.
- Deep Research: When you use the Deep Research feature, the AI performs multiple automated web searches and reads web pages to compile a research report. Search queries, fetched page content, and the final report are stored as part of your conversation. Research activity traces (steps, sources, duration) are retained alongside the report.
- Screen width: Your device's viewport width (in pixels) is sent with each message to optimize response formatting. This is a single number (e.g., 375) and cannot identify you.
- User memory: LunaRabbit Chat may proactively save facts you share (name, preferences, interests) to personalize future responses. You can view, edit, and delete saved memories at any time via Settings. Memory personalization is opt-in — saved memories are used to tailor responses only when you enable LunaRabbit Chat data use (the Settings toggle or the sign-up Disclaimer).
- Quality feedback: When you provide thumbs-up or thumbs-down feedback on AI responses or generated images, this feedback is stored alongside the associated message. Anonymized feedback (with personal identifiers removed) may be used to improve service quality regardless of your training data opt-out preference.
Account Required (LunaRabbit Chat)
A LunaRabbit account is required to use LunaRabbit Chat. We do not offer anonymous (non-logged-in) access to the chat service, and we do not process chat messages from users who are not signed in.
Document Data
We access your active document content to provide context for AI responses. Specifically:
- Google Sheets™: The content of your active sheet (used range) will be sent to our servers for processing. Sheet names will also be sent for navigation context.
- Microsoft Excel™: The content of your active worksheet (used range), sheet names, and cell formatting data will be sent to our servers for processing. This applies to both Microsoft Excel™ desktop and Microsoft Excel™ Online.
We also support Microsoft Word™, Microsoft PowerPoint™, and a standalone web editor. Similar data access policies apply to all platforms. Additional platforms (Google Docs™, Google Slides™) may be added in the future.
We do not access data from other files, closed documents, or documents you are not actively working with. During a conversation, the AI may read additional content from your active document as needed to complete your request.
Document content sent for AI processing is used to generate a response. Image-upload caches and transient processing artifacts are deleted within 24 hours; custom function result caches are retained for up to 30 days as described in Section 6.
Conversation History (Cloud Storage)
Effective May 11, 2026: chat conversations are stored on LunaRabbit servers (cloud-only) until you delete them; we do not delete them automatically on a time schedule. This change replaces the previous "session-memory only" model and was made so you can resume conversations across devices and recover history if you switch browsers.
- What is stored: conversation messages (user prompts and AI responses), conversation metadata (title, timestamps), and tool-call records.
- Retention: kept until you delete them — there is no automatic time-based deletion. When you delete a conversation or your account, it is removed immediately and permanently.
- Your rights: you can delete individual conversations or your entire history at any time via the in-app Settings menu (My Info → Privacy). Deletion is immediate and cascades to all related messages.
- Encryption: stored at rest in our PostgreSQL database with AWS RDS encryption (KMS-managed keys). Access is restricted to authenticated requests by you (the conversation owner).
Anonymized Pattern Use — LunaRabbit Chat (Opt-in, Per-Product)
By default — and regardless of your consent setting — we do not currently collect, retain, or use any of your conversations to train or improve AI models. The Model improvement feature is not yet active. Turning on Model improvement (via the consent modal or in-app Settings — off by default) does not begin any collection now; it is advance authorization that takes effect only if and when we activate this feature. At that point, and only for users who have opted in, we may retain a de-identified snapshot of your conversation turns for the following planned purposes:
- Retrieval Augmentation (planned): snapshots may be extracted, quality-scored, and stored as fewshot examples in our vector database (Qdrant), to be retrieved as similar-case context for other users' prompts and improve response quality.
- Fine-Tuning (planned): when LunaRabbit develops its own AI models or undertakes directed fine-tuning of third-party models, anonymized patterns may be used as training data for supervised fine-tuning. This forward-looking disclosure covers planned uses of your LunaRabbit Chat conversation data only.
De-identification uses industry-standard techniques: named-entity recognition for personal names and organizations (Latin and CJK scripts), regex matching for emails, phone numbers, IP addresses, payment-card numbers, and government-issued identifiers. The retained data is associated only with an HMAC-derived session hash (never your user ID) and is intended to qualify as anonymized/de-identified information under applicable data protection law. We acknowledge no de-identification process is perfect and continuously improve our techniques.
Per-product consent: this opt-in applies to LunaRabbit Chat conversation data only. Other LunaRabbit products (Office document editing, coding) request their own separate consent within those products — your Chat consent never extends to documents, spreadsheets, or code processed elsewhere. Both Free and Paid plans: opt-in is independent of your subscription tier. Default is off — opt-in is required (we collect nothing for AI improvement until you affirmatively enable it). You can withdraw consent at any time via Settings. Note that already-incorporated patterns in our fewshot database or fine-tuned models cannot be retroactively removed, but no new patterns will be extracted from your conversations after withdrawal.
Legal basis (all users): explicit opt-in consent via the Model improvement item in the consent modal or in-app Settings, which you may withdraw at any time. The consent is stored on your account. Your conversations are not used for model improvement unless this opt-in is present. This satisfies the Korean PIPA Art. 22 별도 동의 (separate consent) requirement and the consent basis recognized under the US CCPA. We do not rely on processing-without-consent provisions (such as PIPA Art. 28-2) for this purpose — model-improvement use is consent-based.
When de-identified data is retained under this opt-in, it is associated only with an HMAC-derived session hash (never your user ID); no re-identification is attempted or permitted, and any downstream recipients are contractually prohibited from re-identification (consistent with the US CCPA definition of de-identified information). We maintain internal pseudonymization review procedures in accordance with PIPC guidelines (가명처리 적정성 검토). Retained data is kept for up to 3 years or until the model-improvement purpose is fulfilled, whichever is earlier, then securely destroyed.
Custom Function Inputs
When you use our custom AI functions (such as =LR.AI(), =LR.TRANSLATE(), =LR.WEB()), the prompt text and parameters you supply are stored as part of your usage history for analytics, billing accuracy, and abuse prevention. This information is associated with your account and is distinct from conversation content. You may export or delete this data at any time using the rights described in Section 8.
2. How We Use Your Information
We use your information to:
- Provide and improve our AI services
- Process your AI queries and return results
- Manage your account and billing
- Monitor service health and prevent abuse
- Communicate important service updates
- Enforce our Terms of Service
3. Third-Party Sub-Processors
To deliver our Services we share data with sub-processors under their commercial API or DPA terms. They fall into three categories:
- AI Model Processors — receive conversation text and document content for model inference (OpenAI, Anthropic, Google, Together AI).
- Web Search, Fetch, and Research Processors — receive only search query strings or target URLs you reference (Serper.dev, Jina AI, Perplexity AI).
- Financial Data Processors — receive only ticker symbols or economic indicator IDs for data retrieval (Twelve Data, Finnhub, Federal Reserve FRED).
- Code Execution Processors — receive code snippets for sandboxed execution; no personal data is sent (E2B).
- Infrastructure Processors — host our backend and receive request metadata only (AWS, Cloudflare, Qdrant Cloud, Microsoft Azure AD).
- Payment Processor — Paddle (Merchant of Record) processes payments; we never see your card details (see Section 15).
The complete current list — including each sub-processor's purpose, region, and DPA URL — is published at lunarabbit.ai/subprocessors. We give at least 30 days' advance notice on that page before adding any new sub-processor that materially changes the categories of data we share.
Default behavior on commercial API tiers is no training on customer data — this is contractually guaranteed and not subject to opt-in toggles. If you opt in to anonymized pattern use (Section 1), de-identified snapshots may additionally be sent to AI model providers for engineering analysis and future fine-tuning of LunaRabbit's own models.
Engineering Analysis (Internal). Authorized LunaRabbit personnel may review individual conversations for the limited purpose of debugging regressions, improving prompt quality, or investigating user-submitted error reports. This is human review of stored data — it does not send data to AI model providers and does not update any model's weights. Access is SSO + IP-allowlist gated and logged for audit. The same policy applies to "Improvement / Error Report" attachments you opt-in to submit.
4. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. The table below summarizes the principal cross-border transfers:
| Recipient | Country | Data Transferred | Purpose | Retention |
|---|---|---|---|---|
| OpenAI, L.L.C. | United States | Conversation text, system prompts | AI model inference (GPT) | Up to 30 days (abuse monitoring) |
| Anthropic, PBC | United States | Conversation text, system prompts | AI model inference (Claude) | Up to 30 days |
| RunPod, Inc. | United States | Conversation text (transit only) | Self-hosted LLM inference (Qwen) | Not stored (GPU memory only) |
| Amazon Web Services, Inc. | United States | Account data (incl. email), conversation history, usage records | Infrastructure hosting, data storage and backups | Until account deletion |
| Cloudflare, Inc. | Global (United States) | IP addresses, request paths, login/signup requests (incl. email), generated images | CDN, DDoS protection, request proxy, image storage | Per our retention policy (Section 6) |
| Resend, Inc. | United States | Email address, email content | Transactional email delivery (signup, verification, etc.) | Per our retention policy |
| Paddle.com Market Ltd. | United Kingdom | Name, email, billing address, payment method | Payment processing (Merchant of Record) | Per billing record requirements |
Your primary account data (profile, conversations, usage history) is stored on AWS Seoul (ap-northeast-2). However, it may be transferred to or accessed from the United States and other countries through the infrastructure operator (Amazon Web Services, Inc.) and the sub-processors listed above. We apply safeguards required by applicable law to any personal data so transferred.
For overseas transfers we rely on your consent (collected at account registration) and on data processing agreements with each sub-processor, together with other lawful transfer safeguards, to ensure adequate protection. These jurisdictions may have different data protection laws than your country of residence. For the complete list of sub-processors, see lunarabbit.ai/subprocessors.
5. Data Security
We implement industry-standard security measures:
- All data is transmitted over HTTPS (TLS 1.2/1.3). TLS is terminated at Cloudflare and the internal origin.
- Regular security audits and vulnerability assessments.
- Server access restricted to authorized LunaRabbit personnel. Production databases are accessed only through audited session pipelines.
6. Data Retention
- Account data: Retained until you delete your account.
- Conversation history (cloud-only since 2026-05-11): Stored on LunaRabbit servers until you delete them; there is no automatic deletion. You can delete individual conversations or your entire history at any time via Settings (immediate, permanent, cascade-delete).
- Anonymized pattern data (opt-in only): If you have opted in, anonymized snapshots (with personal information removed) are retained for retrieval augmentation and future fine-tuning. Retention follows our internal data lifecycle policy; once incorporated into the fewshot database or fine-tuned models, individual patterns cannot be retroactively removed (see Section 1, "Anonymized Pattern Use").
- Sub-processor retention: OpenAI up to 30 days (abuse monitoring), Anthropic up to 30 days, Google varies, Together AI varies (Zero Data Retention available). None of these providers use data for training under commercial API tiers.
- AI processing cache: Temporary data (images, context) is deleted within 24 hours. Custom function result caches are retained for up to 30 days to improve performance.
- Usage analytics: Retained in aggregated, anonymized form.
- Billing records: Retained as required by applicable law.
7. Cookies and Local Storage
Our Services use browser local storage and session storage to maintain your authentication state and preferences. We do not use third-party tracking cookies. Essential storage is required for the Services to function and cannot be disabled.
For full details on what we store and how to manage it, see our Cookie Policy.
LunaRabbit Chat specific storage:
lr_session(httpOnly, 4-hour expiry) — Maintains your login session.lr_refresh(httpOnly, 30-day expiry) — Enables automatic session renewal so you stay signed in.lr_csrf(30-day expiry) — Prevents cross-site request forgery.lr_consent(1-year expiry) — Records your cookie consent preference. Classified as an essential cookie required for the Services to function.
8. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Delete your account and associated data
- Export a machine-readable copy of your personal data. You can download your data directly from the Settings menu in your account, or by contacting us.
- Restrict processing of your personal data in certain circumstances
- Object to processing of your personal data based on legitimate interest
- Opt out of non-essential data processing (anonymized pattern use — see Section 1, "Anonymized Pattern Use")
To exercise any of these rights, contact us at [email protected]. For data export, you can also use the self-service "Download My Data" option in your account Settings, which provides a JSON file containing your profile, transaction history, and usage records.
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information.
Our Services do not respond to "Do Not Track" (DNT) browser signals because there is no industry-accepted standard for DNT. However, we do not engage in cross-site tracking.
South Korea Residents (PIPA)
If you are located in South Korea, the following provisions under the Personal Information Protection Act (개인정보 보호법) apply:
- Collection Notice (Art. 15): The categories of personal information we collect and the purposes for which we use them are described in Sections 1 and 2 of this Privacy Policy.
- Third-Party Provision (Art. 17): We provide personal data to third-party sub-processors as described in Section 3 and on our Sub-Processors page. Each sub-processor's purpose, data categories, and region are disclosed.
- Overseas Transfer (Art. 28-2, 39-12): Personal data is transferred to sub-processors outside Korea (primarily the United States) as described in Section 4. The recipient entities, purposes, data categories, and regions are listed on our Sub-Processors page. Retention periods per recipient: OpenAI up to 30 days, Anthropic up to 30 days, Google varies by service, Together AI varies (Zero Data Retention available), AWS/Cloudflare per our retention policy (Section 6), Paddle per billing record requirements. Full details are available upon request at [email protected].
- Separate Consent for Anonymized Pattern Use (Art. 22): See Section 1, "Anonymized Pattern Use."
- Data Protection Officer: [email protected]
9. Google API Services User Data Policy
LunaRabbit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only access Google user data necessary to provide the Services (active spreadsheet content for AI processing).
- We do not use Google user data for serving advertisements.
- We do not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes, or it is required by law.
- We do not transfer Google user data to third parties except as necessary to provide the Services (AI model providers under their commercial API terms, which prohibit the use of customer data for model training), with your consent, for security purposes, or as required by law.
10. Children's Privacy
Our Services are intended for adults and are not directed to anyone under the age of 18 (or the minimum age required by applicable law in your jurisdiction). We do not knowingly collect personal information from anyone under 18. By creating an account, you represent that you are at least 18 years old. If we learn that we have collected personal information from someone under the applicable minimum age, we will promptly delete that information. In all cases, we apply the heightened protections required by Korean law for children under 14, including legal-guardian consent.
11. Data Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, as required by applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending an email to your registered address. Your continued use of the Services after such changes constitutes acceptance of the updated policy.
13. Data Retention After Account Deletion
Upon account deletion, your personal identifiers (email, name, IP address) are removed immediately. Anonymized, aggregated usage data (such as feature usage counts, response time metrics) that was previously de-identified during your use of the Service is retained indefinitely for service improvement, consistent with Section 6. This data cannot be used to identify you.
14. AI-Generated Content Transparency
As a matter of transparency and responsible-AI practice, all content generated by our AI services is proactively labeled as AI-generated within the user interface. When our AI agents produce text, formulas, code, or other outputs, a visible indicator is displayed alongside the response. This ensures you can always distinguish AI-generated content from human-authored content.
AI-generated outputs should be reviewed before use. We do not guarantee the accuracy, completeness, or fitness of AI-generated content for any particular purpose.
15. Payment Processing (Merchant of Record)
Payments for paid plans are processed through Paddle.com Market Limited, a third-party payment processor that acts as our Merchant of Record (MoR). Paddle is identified at checkout. Under this arrangement:
- Your card or other payment method is collected and processed by Paddle on its own hosted checkout. LunaRabbit never sees your full payment card details — we only receive a customer identifier and a transaction summary (amount, status, invoice link).
- Paddle handles multi-currency conversion, VAT / GST / US sales tax calculation, and invoice issuance on our behalf as the legal seller of record.
- Paddle's own privacy policy governs the processing of payment data; a link is also provided at checkout.
16. Contact Us
If you have questions about this Privacy Policy, contact us at:
- Email: [email protected]
- Website: https://lunarabbit.ai
- Services: LunaRabbit Chat and LunaRabbit Office, operated by LunaRabbit Inc.
- Data controller (entity): LunaRabbit Inc., a Delaware corporation
- Mailing address: LunaRabbit Inc., 131 Continental Drive, Suite 305, Newark, DE 19713, United States