Privacy Policy

1. Introduction

We are committed to protecting your privacy and ensuring you have a positive experience using our Services. This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect:

• Email address
• Password (encrypted and hashed - we cannot see your actual password)
• Display name (optional)

Project Information: When you create projects, we collect:

• Project name
• Bundle ID (application identifier)

Build Metadata: When you upload builds via the Unity plugin, we collect:

• Build size (in bytes)
• Build time (duration)
• Platform (iOS, Android, WebGL, etc.)
• Unity version
• Scripting backend (Mono, IL2CPP)
• Development build flag (true/false)
• Artifact type
• Build timestamp

Payment Information: Payment details (credit card, billing address) are collected and processed by our payment processor, Paddle.com Market Limited. We do not store your full payment details on our servers.

2.2 Information Collected Automatically

When you use our Services, we automatically collect:

• Log Data: IP address, browser type, operating system, pages visited, timestamps, referring URLs
• Usage Analytics: Features used, buttons clicked, pages viewed, session duration
• Device Information: Device type, screen resolution, language preferences
• Cookies: Session cookies for authentication, preference cookies for settings
• Error Reports: Crash logs, error messages, stack traces (may be collected via error tracking services)

2.3 Information from Third Parties

We may receive information from third-party services you connect to our platform, such as authentication providers or integrations you enable.

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Delivery

• Provide and maintain the Services
• Display build analytics and trends in your dashboard
• Store and process build metadata
• Authenticate users and maintain sessions
• Process payments and manage subscriptions

3.2 Communication

• Send service-related notifications (password resets, billing updates, feature announcements)
• Respond to support requests and inquiries
• Send security alerts and important updates
• Send marketing communications (only if you opt in - you can unsubscribe anytime)

3.3 Improvement and Analytics

• Analyze usage patterns to improve the Services
• Identify and fix bugs and technical issues
• Develop new features based on user behavior
• Monitor performance and uptime
• Conduct A/B testing and experiments

3.4 Security and Fraud Prevention

• Detect and prevent fraudulent activity
• Protect against security threats and abuse
• Enforce our Terms of Service
• Comply with legal obligations

3.5 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract: Processing is necessary to perform our contract with you (providing the Services)
• Legitimate Interest: We have a legitimate interest in improving our Services, preventing fraud, and ensuring security
• Consent: You have given explicit consent (e.g., for marketing communications)
• Legal Obligation: Processing is required to comply with legal requirements

4. Third-Party Services

We use the following third-party services to operate the Services. Each service has its own privacy policy and data practices:

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share your data in the following circumstances:

5.1 Service Providers

We share data with third-party service providers listed in Section 4 who help us operate the Services. These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Respond to emergency situations

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice on our website before your data is transferred.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active or as needed to provide the Services:

• Build metadata: Stored indefinitely while your account is active
• Account information: Stored while your account exists
• API keys: Stored until you revoke them

6.2 Deleted Accounts

When you delete your account:

• 30-day grace period: Your account and data are soft-deleted and can be restored upon request
• After 30 days: Your account and all associated data (projects, builds, API keys) are permanently deleted from our active databases
• Backups: Data may persist in encrypted backups for up to 90 days for disaster recovery purposes, then permanently deleted
• Legal retention: Some data may be retained longer if required by law (e.g., tax records, transaction logs for 7 years)

6.3 Analytics and Logs

Anonymized usage logs and analytics data may be retained for up to 2 years for statistical analysis and service improvement.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, you have the following rights:

7.1 Right to Access

You have the right to request a copy of all personal data we hold about you. To request your data, contact us at moonlightember1@gmail.com. We will provide your data in a machine-readable format (JSON/CSV) within 30 days.

7.2 Right to Rectification

You have the right to correct inaccurate or incomplete personal data. You can update your account information directly in your dashboard settings, or contact us for assistance.

7.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data. You can delete your account through your dashboard settings. After the 30-day grace period, all data will be permanently deleted as described in Section 6.

7.4 Right to Data Portability

You have the right to receive your data in a structured, commonly used, machine-readable format and transmit it to another service. Contact us to request a data export.

7.5 Right to Object

You have the right to object to processing of your personal data for direct marketing purposes. You can unsubscribe from marketing emails using the link in any email, or contact us directly.

7.6 Right to Restriction of Processing

You have the right to request that we limit how we use your data in certain circumstances (e.g., while we verify data accuracy).

7.7 Right to Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This does not affect the lawfulness of processing before withdrawal.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

To exercise any of these rights, contact us at: moonlightember1@gmail.com

We will respond to your request within 30 days and may require identity verification to protect your data.

8. Data Security

We implement industry-standard security measures to protect your personal information:

8.1 Technical Measures

• Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest (AES-256)
• Password Security: Passwords are hashed using bcrypt with unique salts
• API Key Security: API keys are hashed with SHA-256 and never stored in plain text
• Database Security: Database access is restricted to authorized personnel and services only
• Regular Updates: We keep all software dependencies up to date with security patches

8.2 Organizational Measures

• Access controls and authentication for all systems
• Regular security audits and monitoring
• Incident response procedures
• Employee training on data protection

8.3 Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify you via email within 72 hours of discovering the breach
• Describe the nature of the breach and affected data
• Explain steps we're taking to mitigate the breach
• Provide recommendations for protecting your account
• Notify relevant authorities as required by law

While we implement strong security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

We use the following types of cookies:

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from using the Services. Most browsers allow you to:

• View and delete cookies
• Block all cookies
• Block third-party cookies
• Clear cookies when you close your browser

10. International Data Transfers

Your data is primarily stored in the European Union (Supabase EU region). However, some of our third-party service providers may process data outside the EU:

• Paddle.com processes payments globally but is GDPR compliant
• Cloudflare operates a global CDN network but maintains EU-US Data Privacy Framework certification
• Render may process data in the United States

When we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

11. Children's Privacy

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at moonlightember1@gmail.com. We will delete such information from our systems.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or new features.

When we make material changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email at least 30 days before the changes take effect
• We may display a prominent notice in the Services
• For significant changes, we may require you to re-accept the updated policy

Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us: