Privacy Policy

Last updated: March 1, 2026

This policy complies with the EU General Data Protection Regulation (GDPR) and Dutch Privacy Law (AVG).

1. Data Controller

The data controller responsible for your personal data is:

Name: Moons Enterprises

Country: The Netherlands

Email: info@moonsenterprises.com

2. What Data We Collect

Account Data

When you register: email address, encrypted password (managed by Supabase Auth / no plain-text storage).

Usage Data

Number of conversions performed, subscription tier, timestamps of conversions, model filenames (not the model content itself).

Payment Data

Billing data is processed entirely by Stripe. We store only your Stripe Customer ID — no card numbers, CVV, or bank details are stored on our servers.

Uploaded Models

Neural network model files (.pt / .pth) you upload are processed in-memory and deleted immediately after conversion. They are never persisted to disk permanently, shared, or used for any other purpose.

Technical Data

Standard server logs (IP address, browser type, request timestamps) for security and debugging. These logs are retained for a maximum of 30 days.

3. Legal Basis for Processing (GDPR Art. 6)

PurposeLegal Basis
Providing the Moons' SNN-Studio serviceContract performance (Art. 6.1.b)
Processing subscription paymentsContract performance (Art. 6.1.b)
Sending account notificationsContract performance (Art. 6.1.b)
Security & fraud preventionLegitimate interests (Art. 6.1.f)
Legal complianceLegal obligation (Art. 6.1.c)

4. Data Sharing & Third Parties

We share personal data only with the following sub-processors, each contractually bound to GDPR requirements:

Supabase
Database & Authentication
EU (AWS Frankfurt)
Stripe
Payment Processing
EU / US (Privacy Shield)
Vercel
Frontend Hosting (CDN)
EU region
Railway
Backend Hosting
EU region

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

5. Data Retention

Account dataActive account lifetime + 2 years after deletion
Uploaded model filesImmediately deleted after conversion
Conversion metadataAs long as account is active; deleted on account removal
Payment records7 years (Dutch tax law, Wet IB 2001)
Server logsMaximum 30 days

6. Your Rights (GDPR)

As an EU data subject, you have the following rights:

Right of Access

Request a copy of all data we hold about you

Right to Rectification

Correct inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data

Right to Restriction

Limit how we process your data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

To exercise any right, contact us at info@moonsenterprises.com. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

7. Cookies & Session Storage

We use only strictly necessary cookies — specifically, a Supabase session cookie to keep you logged in. We do not use advertising, analytics, or tracking cookies. No consent banner is required for strictly necessary cookies under the Dutch Telecommunicatiewet.

8. Security Measures

We implement appropriate technical and organizational measures including: HTTPS-only connections, JWT-based authentication, Row-Level Security (RLS) in Supabase, encrypted data at rest, and no plain-text password storage. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by GDPR Art. 33–34.

9. Changes to This Policy

We may update this Privacy Policy. For material changes, we will notify you by email or in-app notice at least 14 days before changes take effect. Continued use of the Service constitutes acceptance of the updated policy.

Contact

For privacy-related questions or to exercise your rights:

info@moonsenterprises.com