Moonwritten

Moonwritten Privacy Policy

TEMPLATE GRADE. REVIEW BY COUNSEL RECOMMENDED BEFORE PUBLICATION. This document is a working draft for launch preparation and has not been reviewed by a licensed attorney. Bracketed items require completion.

Effective date: [DATE] Data controller: [LEGAL ENTITY NAME], [POSTAL ADDRESS] Contact: [email protected]

1. Summary

Moonwritten creates personalized tarot and astrology readings. To do that, we collect the information you give us in the reading quiz and your account, we process it with third party providers (including AI providers), and we email you your readings. We do not sell your personal information. You can export or delete your data by emailing [email protected].

2. What We Collect

You provide:

Collected automatically:

3. How We Use It

Legal bases (GDPR): performance of contract (delivering readings and membership), legitimate interests (analytics, service improvement, fraud prevention), consent (marketing where required, non-essential cookies), legal obligation (tax and accounting records).

4. Who We Share It With (Processors)

We share personal data only with service providers who process it on our behalf under contract:

ProviderPurposeData shared
StripePayments and billingEmail, payment details, subscription status
ResendEmail deliveryEmail, name, reading links, engagement events
ElevenLabsAudio narrationReading text (may include your question text)
PostHogProduct analyticsUsage events, device data, pseudonymous IDs
LLM providers ([NAMES])Reading generationBirth data, quiz answers, question text
[HOSTING PROVIDER]InfrastructureAll service data

We may also disclose data if required by law, to protect rights and safety, or in connection with a merger or acquisition (with notice to you). We do not sell your personal information and we do not share it for cross-context behavioral advertising.

5. International Transfers

Our providers may process data in the United States and other countries. Where GDPR applies, transfers rely on adequacy decisions or Standard Contractual Clauses. [COUNSEL: confirm transfer mechanisms per provider.]

6. Retention

7. Your Rights

Depending on your location (including under GDPR and CCPA/CPRA), you may have the right to:

To exercise any right, including export or deletion, email [email protected] from the address on your account, or use the controls on your account page where available. We respond within 30 days (45 for complex CCPA requests). You may use an authorized agent where the law allows. EU/UK residents may also lodge a complaint with their supervisory authority.

8. Security

We use encryption in transit, access controls, and reputable infrastructure providers. Magic link sign-in means we never store a password for you. No system is perfectly secure; if a breach affects your data we will notify you as required by law.

9. Children

The Service is for adults 18 and over. We do not knowingly collect data from anyone under 18; if we learn we have, we delete it.

10. Sensitive Topics, Honestly

Your questions to Moonwritten can be intimate. We designed for that: your question text is used to generate your readings and is visible to the AI processors listed above under contractual confidentiality, and to a limited number of our staff for support and quality purposes. It is never published, never used in marketing, and never shared with advertisers.

11. Changes

We will post changes here and, for material changes, notify you by email at least 14 days before they take effect.

12. Contact

[LEGAL ENTITY NAME] [POSTAL ADDRESS] [email protected]

[COUNSEL: add EU/UK representative and DPO details if thresholds are met.]