1. Information We Collect

1.1 Account Information

When you create an Account, we collect your email address and any additional profile information you choose to provide. If you sign in using a third-party authentication provider (currently Auth0), we receive the information you authorize that provider to share with us, typically your email address and basic profile information.

1.2 Payment Information

When you subscribe to a paid plan, your payment information (such as credit card number, billing address, and related details) is collected and processed by our third-party payment processor, Stripe, Inc. We do not store your full credit card number or payment credentials on our servers. We receive from Stripe a tokenized reference to your payment method, the last four digits of your card, card brand, expiration date, and billing address for our records and to manage your subscription. Stripe's handling of your payment information is governed by their Privacy Policy, available at stripe.com/privacy.

1.3 User Content and Design Data

We collect and store the content you upload to or create within the Service, including images, text, prompts, brand assets, design files, and AI-generated outputs. This content is stored to provide the Service to you and is processed as described in Section 3.

1.4 Usage Data

We automatically collect information about how you interact with the Service, including your device's IP address, browser type and version, pages visited, time and date of visits, time spent on pages, unique device identifiers, referring URLs, and other diagnostic data. When you access the Service from a mobile device, we may also collect device type, mobile device ID, mobile operating system, and mobile browser type.

1.5 Credit and Subscription Data

We collect and maintain records of your Subscription Plan, billing cycle, Credit allocation, Credit usage, Credit purchases, and transaction history to manage your account and provide the Service.

We process Credit and subscription data solely for billing, fraud prevention, usage tracking, service optimization, and abuse detection purposes. Credit data is not sold or shared outside the Service Providers described in Section 4.

1.6 Cookies and Tracking Technologies

We use cookies and similar tracking technologies (web beacons, pixel tags) to collect information and improve the Service. The types of cookies we use include:

• Essential Cookies: Required for the Service to function, including authentication and security. These cannot be disabled.
• Functionality Cookies: Remember your preferences, login details, and language settings to provide a personalized experience.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve it. These are set by our third-party analytics providers (see Section 4).

You can configure your browser to refuse cookies, though some features of the Service may not function properly without them.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and deliver the features of the Service, including processing your design generation requests, managing your Account, and tracking your Credit usage.
• Billing and Payments: To process subscription payments, manage billing cycles, issue receipts, and handle refund requests.
• Communications: To send you service-related notices (billing confirmations, Credit usage alerts, security updates, policy changes), and, where you have opted in, marketing communications about new features and offerings. You may opt out of marketing communications at any time.
• Improvement and Analytics: To analyze usage patterns, identify trends, diagnose technical issues, and improve the Service's functionality and user experience.
• Security and Fraud Prevention: To detect, prevent, and address technical issues, security threats, and fraudulent or unauthorized use of the Service.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests.
• Fraud Prevention and Abuse Detection: To analyze Account activity, Credit usage patterns, and generation behavior to detect abuse, fraud, pricing exploitation, or attempts to circumvent usage limits.

For users located in the United States, we process your information as necessary to perform our contract with you (providing the Service), to comply with legal obligations, and to pursue legitimate business interests such as improving and securing the Service.

3. AI Data Processing

3.1 How Your Content Is Processed by AI

When you use the Service's AI-powered generation features, your inputs (including prompts and uploaded User Content) are transmitted to our third-party AI Providers for processing. This processing is necessary to generate the design outputs you request. Your content is sent to these providers solely for the purpose of fulfilling your generation requests.

3.2 AI Providers

As of the date of this Privacy Policy, we use the following AI Providers:

• Anthropic (anthropic.com/privacy) — Under Anthropic's API terms, customer data submitted through the API is not used to train their models.
• Anthropic (AWS Bedrock) (aws.amazon.com/privacy) — We use Anthropic models on AWS Bedrock; customer data is not used to train models and is not shared with Anthropic.
• Cerebras (cerebras.ai/privacy-policy) — We use Cerebras inference services under terms that protect customer data from model training.
• Google (Gemini) (policies.google.com/privacy) — We use Google's API services under terms that restrict the use of customer data for model training.
• OpenRouter (openrouter.ai/privacy) — OpenRouter routes requests to various AI models; we use OpenRouter under terms that restrict use of customer data for model training where available.
• Replicate (replicate.com/privacy) — We use Replicate's inference API under terms that govern data handling and model training restrictions.

We may add or change AI Providers over time. We will update this Privacy Policy accordingly and will always select providers whose terms allow us to protect your data from being used for model training where such options are available. AI Providers may retain and process submitted data in accordance with their own privacy policies and applicable law.

3.3 Our Commitments

• No training without consent: We do not use your User Content or Generated Content to train proprietary AI models without your consent. Where our AI Providers offer opt-out mechanisms for model training on customer-submitted data, we exercise those options where available.
• Opt-out where available: Where our AI Providers offer the option to opt out of model training on customer data, we exercise that option.
• Minimum necessary data: We transmit only the data necessary to fulfill your generation request to AI Providers.

4. Third-Party Service Providers

We share information with the following categories of third-party service providers to operate and improve the Service:

4.1 Authentication

• Auth0 (Okta) — Manages user authentication and identity. Receives your email address and authentication credentials. Privacy policy: auth0.com/privacy.

4.2 Analytics

• Google Analytics — Collects Usage Data to help us understand traffic patterns and user behavior. We use anonymized IP addresses where available. Privacy policy: policies.google.com/privacy.
• Mixpanel — Collects event-based analytics data to help us understand feature usage and user journeys. Privacy policy: mixpanel.com/legal/privacy-policy.

4.3 Payment Processing

• Stripe — Processes all subscription payments and manages billing. Receives your payment details directly. Privacy policy: stripe.com/privacy.

4.4 Infrastructure

• Google Cloud Platform — Hosts the Service and stores your data. Data is stored in the United States. Privacy policy: cloud.google.com/terms/cloud-privacy-notice.

We require all third-party service providers to handle your data in accordance with applicable data protection laws and to use your data only for the purposes we specify.

5. Data Sharing and Disclosure

Beyond the service providers described in Section 4, we may share your information in the following circumstances:

• Legal Requirements: When required by law, regulation, legal process, or governmental request.
• Protection of Rights: To protect the rights, property, or safety of the Company, our users, or the public.
• Business Transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy. We will provide notice before your data becomes subject to a different privacy policy.
• With Your Consent: For any other purpose with your explicit consent.

We do not sell your personal information to third parties. We do not share your User Content or Generated Content with other users unless you choose to share it through the Service's sharing features.

6. Data Retention

6.1 Account Data

We retain your Account information and associated data for as long as your Account is active. If you cancel your subscription but keep your Account, we retain your data according to the terms of your Account status.

6.2 User Content

Your User Content and Generated Content are retained for as long as your Account is active or until you delete them through the Service. See Section 7.4 for deletion details.

6.3 Payment Records

We retain billing and transaction records for a minimum of seven (7) years as required for tax and accounting compliance, even after Account deletion.

6.4 Usage Data

Aggregated and anonymized Usage Data may be retained indefinitely for analytics and service improvement purposes. Identifiable Usage Data is retained for up to twenty-four (24) months, after which it is anonymized or deleted.

6.5 Backups

Deleted data may persist in encrypted system backups for up to ninety (90) days before being permanently removed.

7. Your Rights and Choices

7.1 Access and Correction

You may access and update your personal information through your Account settings at any time. You may also contact us at hello@moonchild.ai to request access to or correction of your data.

7.2 Data Export

You may request an export of your User Content and Account data by contacting us at hello@moonchild.ai. We will provide your data in a commonly used, machine-readable format within thirty (30) days of your request.

7.3 Marketing Opt-Out

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or updating your communication preferences in your Account settings. Opting out of marketing does not affect service-related communications (billing, security, policy updates).

7.4 Account Deletion and Data Erasure

You may delete your Account through the Service or by contacting us. Upon standard Account deletion:

• Your profile and access credentials are removed
• Your designs are no longer associated with an active Account
• Your email is removed from marketing lists

If you request permanent data erasure, we will delete all personal data, User Content, and Generated Content from our active systems within thirty (30) days of your request, except where retention is required by law (see Section 6.3). To request full erasure, email hello@moonchild.ai with the subject line "Data Erasure Request."

7.5 California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact us at hello@moonchild.ai.

7.6 European Residents

If you are located in the European Economic Area (EEA), you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, data portability, and restriction of processing. Our legal basis for processing your data includes performance of our contract with you (providing the Service), your consent (where applicable), and our legitimate interests (analytics, security, service improvement). To exercise your rights, contact us at hello@moonchild.ai.

8. Security

We implement commercially reasonable technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your data. If we become aware of a security breach affecting your personal data, we will notify you in accordance with applicable law.

9. Children's Privacy

The Service is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at hello@moonchild.ai, and we will take steps to delete that information.

10. International Data Transfers

Your information is processed and stored in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. We take steps to ensure that your data receives an adequate level of protection in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a prominent notice within the Service at least thirty (30) days before the changes take effect. We will update the "Last Updated" date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us:

Devign, Inc.
2822 Somerset Dr., Los Angeles, CA 90016
Email: hello@moonchild.ai