Privacy Policy

Privacy Policy (Moonlight)

Effective from: 1 March, 2025 (initial web launch)

Last updated: 8 July, 2025 (current revision)

Contact: hello@moonlightapp.de

1. Who We Are

This policy explains how Moonlight processes your data in accordance with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) and the German Federal Data Protection Act (BDSG).

2. What Data We Collect

We collect the following personal data:

(Art. 4 GDPR – Definitions)

  • Name, email, phone number, password (encrypted)

  • Profile preferences (support needs, vibe, optional profile photo)

  • Location data (only with consent, see Art. 6(1)(a) GDPR)

  • User-submitted reports or comments

  • Device data (for security and debugging)

3. Why We Collect This Data

(Art. 5(1)(b), Art. 6 GDPR – Lawfulness & Purpose Limitation)

We collect and process data to:

  • Verify your identity (Art. 6(1)(f): legitimate interest)

  • Deliver the platform’s core functions (Art. 6(1)(b): contractual necessity)

  • Connect you with relevant community safety insights

  • Improve features via aggregated, anonymized data

  • With consent, provide location-based support (Art. 6(1)(a))

4. Your Rights

Under Art. 12–23 GDPR and §§ 32–37 BDSG, you have the right to:

  • Access your personal data (Art. 15)

  • Rectify inaccurate data (Art. 16)

  • Erase your data ("right to be forgotten" – Art. 17)

  • Restrict or object to processing (Art. 18–21)

  • Withdraw consent at any time (Art. 7(3))

  • File a complaint with a supervisory authority (Art. 77)

In Berlin, this is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

https://www.datenschutz-berlin.de/

5. Data Storage & Security

(Art. 32 GDPR – Security of Processing)

  • Hosted on GDPR-compliant servers within the EU

  • Access restricted to verified Moonlight staff

  • All sensitive data is encrypted

  • Location data is stored only with opt-in and deleted when no longer needed

6. Data Transfers

(Art. 44–49 GDPR – Transfers to third countries)

We do not transfer personal data outside the EEA unless:

  • An adequacy decision is in place

  • Appropriate safeguards are implemented (e.g. SCCs)

7. Cookies

If we implement cookies, we will comply with Art. 5(3) of the ePrivacy Directive and GDPR:

  • Use only strictly necessary cookies by default

  • Request consent for analytics cookies

  • Allow opt-out at any time

8. Updates

We may update this policy to reflect legal changes or new features. You will be notified via email or in-app message in accordance with Art. 13(3) GDPR.

By registering, you agree to this Privacy Policy in line with Art. 6(1)(b) and (a) GDPR.