1. Your Data, Your Rights
At mooncloak, we respect your privacy and your right to control your personal data. This page explains how to exercise your rights under various privacy laws, including GDPR (EU), CCPA (California), and other data protection regulations.
2. What Rights Do You Have?
Depending on where you live, you may have some or all of these rights:
2.1 Right to Know / Access
What it means: Request a copy of the personal data we have about you
What you’ll receive:
- Account information (email, username, OAuth provider)
- Usage data and logs (if retained)
- Payment history
- Support communications
- Any other personal data we’ve collected
Format: JSON or CSV file, machine-readable
2.2 Right to Correction / Rectification
What it means: Update inaccurate or incomplete personal data
How to do it:
- Update most information directly in your account settings
- For other corrections, contact us at [email protected]
2.3 Right to Deletion / Erasure
What it means: Request deletion of your account and personal data
What happens:
- Account is immediately deactivated
- Personal data deleted within 30 days
- Backups may persist up to 90 days
- Some data retained for legal obligations (payment records: 7 years)
- Deletion is permanent and cannot be undone
Note: You must cancel any active subscriptions before requesting deletion
2.4 Right to Data Portability
What it means: Receive your data in a format you can transfer to another service
What you’ll receive:
- Your personal data in JSON or CSV format
- Machine-readable and structured
- Includes account info, settings, and any user content
2.5 Right to Object
What it means: Object to certain types of data processing
Examples:
- Object to processing based on legitimate interests
- Object to automated decision-making (we don’t do this)
- Object to direct marketing (we don’t do this)
2.6 Right to Restrict Processing
What it means: Limit how we use your data while keeping your account
Examples:
- Suspend processing while disputing accuracy
- Restrict to storage only
- Limit to legal defense purposes
2.7 Right to Withdraw Consent
What it means: Withdraw permission for consent-based processing
Note: Most of our processing is based on contract performance, not consent. Withdrawing consent may prevent us from providing the Services.
2.8 Right Not to Be Discriminated Against
CCPA Right: We will not discriminate against you for exercising your privacy rights
We will NOT:
- Deny you Services
- Charge different prices
- Provide lower quality Services
- Suggest you’ll receive different services
3. How to Exercise Your Rights
3.1 Email Request
Send an email to [email protected] with:
Subject: Privacy Rights Request - [Your Right]
Include:
- Your full name
- Email address associated with your account
- Specific right you want to exercise
- Any additional details or context
Example:
Subject: Privacy Rights Request - Data Access
I would like to request a copy of all personal data you have about me.
My email: [email protected]
Account username: johndoe3.2 Identity Verification
To protect your privacy, we need to verify your identity before processing requests.
Verification process:
- We’ll send a verification link to your registered email
- Click the link to confirm your identity
- We’ll process your request once verified
Why we verify: To prevent unauthorized access to your personal data
3.3 Response Time
We will respond to your request within:
- GDPR (EEA, UK): 1 month (extendable to 3 months for complex requests)
- CCPA (California): 45 days (extendable to 90 days for complex requests)
- General: 30 days for most requests
If we need more time, we’ll notify you and explain why.
3.4 No Fee (Usually)
Requests are free unless:
- Your request is manifestly unfounded or excessive
- You request multiple copies of the same data
In these cases, we may charge a reasonable fee based on administrative costs.
4. Specific Rights by Location
4.1 GDPR Rights (EEA, UK, Switzerland)
If you’re in the European Economic Area, UK, or Switzerland:
Additional Rights:
- Right to restriction of processing
- Right to lodge a complaint with your data protection authority
- Right to object to automated decision-making
Data Protection Authorities:
- Find your local authority: https://edpb.europa.eu/about-edpb/board/members_en
- UK: Information Commissioner’s Office (ICO)
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
Contact our DPO: [email protected]
4.2 CCPA Rights (California)
If you’re a California resident:
Your CCPA Rights:
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination
Important: We do NOT sell your personal information. There is nothing to opt out of.
California Privacy Rights: [email protected]
4.3 Other US States
If you’re in Virginia, Colorado, Connecticut, or other states with privacy laws:
Your Rights: Similar to CCPA - access, deletion, correction, opt-out
Contact: [email protected]
4.4 Other Countries
If you’re outside the EEA and US, you may still have rights under your local laws. Contact us to inquire about your specific rights.
5. Common Requests
5.1 Delete My Account
Quick steps:
- Log in to your account
- Go to Settings > Account > Delete Account
- Confirm deletion
- Or email [email protected]
What gets deleted:
- Account credentials
- Personal information
- Usage data and logs
- Preferences and settings
What’s retained:
- Payment records (legal requirement: 7 years)
- Anonymized analytics (if applicable)
- Data necessary for legal compliance
5.2 Download My Data
Quick steps:
- Email [email protected] with subject “Data Access Request”
- We’ll verify your identity
- You’ll receive a download link (valid for 7 days)
- Download your data in JSON/CSV format
Typical turnaround: 7-14 days
5.3 Stop Using My Data
Quick steps:
- Delete your account (see above)
- Or object to specific processing (email [email protected])
Note: We only use your data to provide the Services. If you don’t want us to use your data, you’ll need to stop using the Services and delete your account.
5.4 Unsubscribe from Emails
Marketing emails: We don’t send marketing emails unless you explicitly opt in
Transactional emails: Click “unsubscribe” in the footer (but you’ll still receive essential notifications like security alerts and billing notices)
All emails: Delete your account
6. Data We Cannot Delete
Some data must be retained for legal or security reasons:
6.1 Legal Obligations
- Payment records: Retained for 7 years (tax, accounting, anti-money laundering laws)
- Legal disputes: Data related to ongoing legal matters
- Fraud prevention: Anonymized fraud detection markers
6.2 Legitimate Interests
- Security logs: For investigating security incidents
- Abuse prevention: To prevent banned users from creating new accounts
- Compliance: Data required for regulatory compliance
6.3 Anonymized Data
Once data is truly anonymized (cannot be linked back to you), it’s no longer personal data under most privacy laws. We may retain:
- Aggregated statistics
- Anonymized usage patterns
- De-identified analytics
This data cannot be deleted because it cannot be connected to you.
7. Third-Party Data
7.1 OAuth Providers
If you signed in with GitHub, GitLab, Bitbucket, etc., they have their own data about you. We cannot delete data held by third parties.
To request deletion from OAuth providers:
- GitHub: https://github.com/settings/applications
- GitLab: https://gitlab.com/-/profile/applications
- Bitbucket: https://bitbucket.org/account/settings/app-authorizations/
7.2 Payment Processors
Stripe, PayPal, and other payment processors retain their own records. We cannot delete their data.
To request deletion from payment processors:
- Stripe: Contact Stripe support
- PayPal: Contact PayPal support
8. Complaints and Appeals
8.1 Not Satisfied with Our Response?
If you’re not satisfied with how we handled your request:
- Contact us again: [email protected] - explain your concerns
- Escalate internally: [email protected]
- File a complaint: With your data protection authority (GDPR) or attorney general (CCPA)
8.2 GDPR Complaints
EU/EEA Residents:
- File a complaint with your local supervisory authority
- Find your authority: https://edpb.europa.eu/about-edpb/board/members_en
UK Residents:
- Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/
8.3 CCPA Complaints
California Residents:
- California Attorney General’s Office: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company
- California Privacy Protection Agency (CPPA): https://cppa.ca.gov/
9. Frequently Asked Questions
Can I request someone else’s data?
No, we can only provide data to the account holder or their legal representative (with proper documentation).
How long does it take?
Most requests are processed within 14-30 days. Complex requests may take up to 90 days.
Can I request data multiple times?
Yes, but excessive requests may incur a reasonable fee.
What if I forgot my account email?
Contact [email protected] with any identifying information you remember.
Can I get data from before I deleted my account?
No, once data is deleted, it cannot be recovered.
Do you charge for data requests?
No, unless the request is excessive or repetitive.
10. Contact Information
Privacy Rights Requests: [email protected]
Data Protection Officer (GDPR): [email protected]
Security Concerns: [email protected]
General Legal: [email protected]
Support: [email protected]
We respect your privacy rights and will process all requests fairly and promptly.
Last Updated: January 11, 2025