Moonwell.aiBeta
Loading...

Privacy Policy

Last updated: January 2025

1. Introduction

Moonwell.ai (“we”, “us”, “our”) operates within the European Union and takes your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

2. Information We Collect

Account Information

  • Email address (for authentication via AWS Cognito)
  • Account metadata (creation date, last login)

Usage Data

  • Tool invocation metadata (tool name, timestamp, credits consumed)
  • API request logs (for debugging and billing purposes)
  • MCP client metadata (client IDs, creation dates)

Payment Information

  • Payment processing is handled by Stripe
  • We do not store your credit card information
  • We receive transaction IDs and payment status from Stripe

Technical Data

  • IP addresses (for rate limiting and fraud prevention)
  • User agent strings
  • Analytics via Google Analytics (anonymized)

3. How We Log and Use Data

What We Log

  • Tool invocation requests and responses (for debugging and support)
  • API request/response metadata and content
  • Error logs and system diagnostics
  • Usage patterns and analytics

Log Retention

  • System logs: 30 days
  • Usage metadata: 12 months (billing/audit)
  • Aggregated analytics: Indefinitely (anonymized)

What We Don't Do

  • We do not use your data to train AI models
  • We do not sell your data to third parties
  • We do not share your data except as described in Section 6

4. How We Use Your Information

We use collected information for:

  • Service Delivery: Authenticating users, processing API requests, managing MCP clients
  • Billing: Tracking credit consumption, processing payments via Stripe
  • Service Improvement: Analyzing usage patterns, identifying bugs and performance issues
  • Communication: Sending service updates, billing notifications, security alerts
  • Compliance: Meeting legal obligations, preventing fraud and abuse

5. Data Storage and Security

Your data is hosted on AWS infrastructure, primarily in EU region eu-central-1 (Frankfurt). We implement industry-standard security measures including encryption at rest and in transit, access controls, and regular security audits.

6. Data Sharing

We share your data only with:

  • AWS: Hosted on AWS infrastructure
  • Stripe: Payment processing
  • Google: Gemini API for image generation

We do not sell your data to third parties. We do not use your data for advertising.

7. Data Retention

  • Account data: Retained until account deletion
  • Usage metadata: Retained for 12 months for billing and audit purposes
  • System logs: Retained for 30 days
  • Payment records: Retained for 7 years (tax and legal requirements)

8. Cookies and Tracking

We use:

  • Essential cookies: For authentication and session management
  • Analytics cookies: Google Analytics for anonymized usage statistics

You can disable non-essential cookies through your browser settings.

9. Your Rights

You have the right to:

  • Access: Request a copy of your personal data
  • Deletion: Request deletion of your account and associated data
  • Correction: Request correction of inaccurate data
  • Portability: Request your data in a machine-readable format

To exercise these rights, contact us at [email protected]

10. International Data Transfers

We primarily operate within the EU. When using third-party services (Google Gemini, Stripe), data may be transferred internationally subject to those providers' safeguards and EU-approved transfer mechanisms.

11. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy as we implement new features or compliance measures. We will notify you of material changes via email or through the Service.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us at: [email protected]