Your privacy at Lanu
This Privacy Policy explains how LANU DIGITAL LTD ("LANU", "we", "us") collects, uses, shares and protects your
personal information when you use the Lanu website, iOS app, and related services (the "Service").
We are a UK-registered company launching digitally in South Africa. We aim to comply with applicable data protection laws,
including the UK GDPR and the UK Data Protection Act 2018, and (where applicable) South Africa's
Protection of Personal Information Act, 2013 (POPIA).
1) Who we are (Responsible party / Controller)
Company: LANU DIGITAL LTD
Company number: 16573482
Registered office: 124 City Road, London, England, EC1V 2NX
Contact email: admin@lanu.app
We have also registered and paid the UK ICO data protection fee for LANU DIGITAL LTD.
2) What information we collect
We may collect the following categories of information:
- Account information: name, email address, password (stored in encrypted/hashed form), login timestamps, account settings, and contact details you choose to add.
- Subscription and billing: plan type, subscription status, purchase history, entitlement records, Apple StoreKit transaction metadata for iOS purchases, and Stripe billing metadata for web purchases. Payment card details are processed by Stripe or Apple and are not stored on our servers.
- Profile and preferences: preferences you set in the app, such as home area, interests, favourites, collections, saved places, saved plans, and family profile settings.
- Family data you choose to provide: optional details about family members, including children's names, ages or dates of birth, interests, dietary needs, accessibility needs, and profile images.
- Location information: approximate or precise location if you choose to enable location features, search areas, selected places, and data needed for distance or travel-time features. You can disable location permissions in your device/browser settings.
- User-generated content: reviews, venue submissions, comments, messages, support requests, photos, profile images, or other uploads you choose to provide.
- Planner and AI feature inputs: prompts, selected venues, preferences, location context, family context, itinerary choices, and feedback you provide when using Plan My Day or similar AI-assisted planning features.
- Device and notification data: device identifiers, platform, app version, push notification tokens, and native app configuration data needed to run the iOS app and deliver notifications you enable.
- Technical and usage data: device type, browser type, IP address, pages viewed, clicks/events, cookie choices, analytics preferences, and diagnostic logs for security, performance, and product improvement.
- Support communications: messages you send to our support channels.
3) How we use your information (purposes)
- Provide and operate the Service, including accounts, listings, search, favourites, collections, family profiles, messaging, submissions, and saved plans.
- Generate and manage itinerary, planning, recommendation, and AI-assisted features you ask to use.
- Process web subscriptions through Stripe, process iOS purchases through Apple StoreKit, manage entitlements, and prevent fraud.
- Personalise recommendations and improve content relevance based on preferences, location choices, saved items, and family profile settings.
- Enable location-based functionality, travel times, nearby recommendations, and maps features where you allow or request them.
- Send push notifications and service messages where enabled or required for the Service.
- Respond to support requests and communicate service-related messages.
- Maintain security, prevent abuse, and diagnose technical problems.
- Measure usage and improve product performance with analytics where you have granted consent.
4) Legal bases for processing (UK GDPR)
Where UK GDPR applies, we process personal data under one or more of these legal bases:
- Contract: to provide the Service you request (account, subscriptions, core features).
- Legitimate interests: to secure and improve our Service, prevent fraud, and understand usage (balanced against your rights).
- Consent: where required, including non-essential analytics cookies, precise location permissions, push notifications, optional uploads, and certain family profile details.
- Legal obligation: where we must comply with applicable laws (e.g. accounting/tax, lawful requests).
5) POPIA (South Africa)
Where POPIA applies, we process personal information for lawful purposes connected to the Service, and we take reasonable
steps to ensure your information is processed lawfully and securely. You may have rights to access, correct, object to,
or request deletion of your personal information (see “Your rights” below).
6) Sharing your information
We may share personal information with:
- Payment providers: Stripe processes web payments and subscriptions. Apple processes iOS in-app purchases and subscriptions through StoreKit/App Store services. We receive limited billing, transaction, and entitlement metadata, not full card details.
- Analytics provider (PostHog): after you grant analytics consent, we use PostHog to understand how the Service is used, such as page views and interaction events, so we can improve the product.
- AI and planning providers: when you use Plan My Day or AI-assisted planning features, we may send relevant prompts, preferences, selected venues, and context to AI providers such as Google Gemini to generate the requested output.
- Service providers ("operators" / processors): hosting, database, email delivery, error monitoring (e.g. Sentry), and media storage (e.g. Cloudinary) providers who process data on our instructions.
- Maps/location providers: if you use location features, search by area, or request travel times, we may send limited location or place data to mapping APIs such as Google Maps, Places, or Routes.
- Notification providers: if you enable push notifications in the iOS app, notification tokens and message delivery data may be processed through Apple Push Notification service.
- Legal and safety: where required to comply with law, enforce our Terms, or protect users and the Service.
We do not sell your personal information. We do not currently use third-party advertising SDKs, share personal information with data brokers, or use your data for targeted advertising tracking across apps or websites owned by other companies.
7) iOS app and App Store privacy
The iOS app uses a native shell around Lanu's service. Apple requires App Store privacy information to describe data collected by the app and integrated third-party services. Based on the current implementation, App Store privacy disclosures should include categories such as contact information, user content, identifiers, location, usage data, purchase or transaction data, and diagnostics where applicable.
Some data may be linked to your account or device when it is needed for app functionality, account management, subscriptions, analytics you consent to, push notifications, fraud prevention, or support. We do not currently use the iOS app for Apple-defined tracking or targeted advertising.
8) International transfers
Our providers (including analytics providers) may process data in the UK, South Africa, the EEA, the United States, or other countries.
Where required by applicable law, we take steps to ensure appropriate safeguards are in place for cross-border transfers.
9) Data retention
We retain personal information only for as long as needed for the purposes described above, including:
- Account data: retained while your account is active, and for a reasonable period after deletion to handle disputes and legal obligations.
- Family profile, favourites, collections, saved plans, messages, and uploads: retained while your account is active or until you delete them, subject to backups, moderation, legal, or safety requirements.
- Billing, purchase, and entitlement records: retained as required for accounting, tax, audit, subscription management, and fraud prevention.
- Device tokens: retained while needed to deliver enabled notifications, maintain device records, or until they become inactive or are removed.
- Security logs: retained for a limited period to protect the Service and investigate abuse.
- Analytics data: retained according to our analytics configuration and provider settings, and only collected after analytics consent where consent is required.
10) Your rights
UK GDPR (where applicable): you may have rights to access, correct, delete, restrict processing, object, and data portability.
POPIA (where applicable): you may have rights to be notified about collection, access your information, request correction/deletion, and object to processing in certain circumstances.
To exercise your rights, contact us at admin@lanu.app. We may need to verify your identity before responding.
11) Complaints
If you're in the UK, you may be able to complain to the UK Information Commissioner's Office (ICO).
If you're in South Africa, you may be able to complain to the Information Regulator.
12) Children's information
Our Service is intended for adults. You must be 18+ to create an account. Children do not create their own Lanu accounts.
To personalise recommendations for family outings, you may optionally add details about your children, such as name, age or date of birth, interests, dietary requirements, accessibility needs, or profile images.
This information is used solely to tailor suggestions and is never shared with third parties for marketing.
You can update or remove this information from your profile settings or by contacting us.
13) Security
We use reasonable technical and organisational measures designed to protect personal information.
However, no method of transmission or storage is 100% secure.
14) Cookies and analytics (PostHog)
We use cookies and similar technologies for core functionality, such as session management, security, and remembering your cookie choices.
We also use PostHog for product analytics, but analytics is loaded only after you grant analytics consent where consent is required.
The cookie banner lets you accept or decline analytics. Your choice may be stored in local storage and in cookies such as la_cookie_consent or an analytics opt-out cookie for about one year, and signed-in users may also have an analytics preference saved to their account. You can usually control or delete cookies through your browser settings.
15) Changes to this policy
We may update this Privacy Policy from time to time. We'll update the "Last updated" date and, where appropriate,
notify you of material changes.