Last updated: March 14, 2026
1. Information We Collect
1.1 Information You Provide
When you create an account, subscribe to our services, or interact with our platform, we collect:
- Account Information: Email address, first name, last name, username, and password (encrypted)
- Payment Information (Card): Card payments are processed securely through Stripe. We store your Stripe customer ID but never store your full credit card details.
- Payment Information (Crypto): Cryptocurrency payments are processed by NOWPayments. We store your crypto order records (subscription tier, amount, duration, payment status, and access expiry date) but never hold or control cryptocurrency funds.
- Discord Integration: Discord user ID, access tokens, and refresh tokens when you connect your Discord account
- Profile Information: Any additional information you choose to provide in your profile
- Communications: Messages you send through our live chat, contact forms, or support channels
- Coaching Bookings: Session dates, times, notes, and booking details when you schedule coaching sessions
1.2 Automatically Collected Information
When you use our platform, we automatically collect:
- Usage Data: Pages visited, features used, time spent on platform, course and lesson progress
- Device Information: IP address, browser type, operating system, device identifiers
- Log Data: Access times, error logs, security events, login attempts
- Cookies and Tracking: Session cookies, authentication tokens, preference settings
- Video Analytics: Video viewing data, playback statistics, completion rates
1.3 Information from Third Parties
We receive information from:
- Discord: Profile information when you connect your Discord account
- Stripe: Payment status, subscription information, transaction details
- NOWPayments: Cryptocurrency payment status, transaction identifiers, and payment confirmation details
- YouTube: Public channel information for embedded content
2. How We Use Your Information
We use your information for the following purposes:
2.1 Service Provision
- Create and manage your account
- Process subscriptions and payments (via card or cryptocurrency)
- Provide access to courses, lessons, live streams, and downloadable materials
- Provide access to the AI Learning Assistant for eligible membership tiers (Apprentice and VIP)
- Enable live chat functionality and community features
- Manage Discord role assignments based on membership tier
- Schedule and manage coaching sessions
- Track your learning progress and course completion
2.2 Communication
- Send transactional emails (account verification, password resets, payment confirmations)
- Notify you about new courses, lessons, and live streams
- Respond to your inquiries and support requests
- Send important service updates and policy changes
2.3 Platform Improvement
- Analyze usage patterns to improve our services
- Monitor platform performance and troubleshoot technical issues
- Develop new features and educational content
- Conduct research and analytics on user engagement
2.4 Security and Fraud Prevention
- Detect and prevent fraudulent activities
- Monitor for security threats and unauthorized access
- Enforce our Terms of Service and community guidelines
- Rate limit requests to prevent abuse
- Verify user identity through Cloudflare Turnstile
2.5 Legal Compliance
- Comply with legal obligations and regulatory requirements
- Respond to legal requests and prevent illegal activities
- Enforce our rights and protect our users
3. Information Sharing
We do not sell, trade, or rent your personal information to third parties. We share your information only in the following circumstances:
3.1 Service Providers
We share information with trusted third-party service providers who assist us in operating our platform:
- Supabase: Database hosting and authentication services
- Stripe: Card payment processing and subscription management
- NOWPayments: Cryptocurrency payment processing
- Discord: Community integration and role management
- Bunny Stream & Cloudflare Stream: Video hosting and streaming services
- Resend: Email delivery services
- Cloudflare: Security, CDN, and bot protection (Turnstile)
- YouTube: Video content embedding
These providers are contractually obligated to protect your data and use it only for the purposes we specify.
3.2 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users.
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
3.4 With Your Consent
We may share your information with third parties when you explicitly consent to such sharing.
4. Data Security
We implement comprehensive security measures to protect your personal information:
4.1 Technical Safeguards
- Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL
- Password Security: Passwords are hashed using industry-standard algorithms and never stored in plain text
- Database Security: Row-level security policies in Supabase protect your data
- Access Controls: Strict authentication and authorization mechanisms limit data access
- Session Management: Secure session tokens with nonce validation and expiration
4.2 Operational Safeguards
- Rate Limiting: Protection against brute force attacks and abuse
- Bot Protection: Cloudflare Turnstile prevents automated attacks
- Monitoring: Continuous security monitoring and logging of suspicious activities
- Regular Audits: Periodic security assessments and vulnerability testing
- Incident Response: Procedures in place to respond to security breaches
4.3 Data Breach Notification
In the event of a data breach that affects your personal information, we will notify you and relevant authorities as required by applicable law, including GDPR requirements.
5. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience and analyze platform usage.
5.1 Types of Cookies We Use
- Essential Cookies: Required for authentication, security, and basic platform functionality. These cannot be disabled.
- Functional Cookies: Remember your preferences, settings, and login state
- Analytics Cookies: Help us understand how users interact with our platform
- Security Cookies: CSRF tokens and session validation to protect against attacks
5.2 Third-Party Cookies
Our platform may include embedded content from third parties (YouTube videos, Discord widgets) that may set their own cookies. We do not control these cookies.
5.3 Managing Cookies
You can control cookies through your browser settings. However, disabling essential cookies may prevent you from using certain features of our platform.
6. Your Rights
Under applicable data protection laws, including the General Data Protection Regulation (GDPR) and French data protection law, you have the following rights:
6.1 Access and Portability
- Right to Access: Request a copy of the personal information we hold about you
- Right to Data Portability: Receive your data in a structured, machine-readable format
6.2 Correction and Deletion
- Right to Rectification: Correct inaccurate or incomplete personal information
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal information, subject to legal obligations
6.3 Control and Restriction
- Right to Restriction: Limit how we process your personal information
- Right to Object: Object to processing of your personal information for certain purposes
- Right to Withdraw Consent: Withdraw consent for data processing at any time
6.4 Communication Preferences
- Opt out of marketing communications while still receiving essential service emails
- Manage notification preferences in your account settings
- Unsubscribe from email communications using the link in each email
6.5 Exercising Your Rights
To exercise any of these rights, please contact us using the information provided in Section 7. We will respond to your request within 30 days as required by GDPR.
6.6 Right to Lodge a Complaint
If you believe we have not handled your personal information properly, you have the right to lodge a complaint with the French data protection authority (CNIL - Commission Nationale de l'Informatique et des Libertés) or your local supervisory authority.
7. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
7.1 Retention Periods
- Account Data: Retained while your account is active and for up to 90 days after account deletion
- Payment Records: Retained for 7 years to comply with tax and accounting regulations
- Security Logs: Retained for 12 months for security and fraud prevention
- Chat Messages: Retained indefinitely unless deleted by moderators or upon request
- Course Progress: Retained while your account is active
- Email Verification Tokens: Automatically deleted after use or expiration
7.2 Deletion Process
When you request account deletion, we will:
- Immediately disable your account and revoke access
- Delete or anonymize your personal information within 90 days
- Retain certain information as required by law (e.g., payment records for tax purposes)
- Remove your Discord role assignments
- Cancel active subscriptions
8. International Data Transfers
Our platform is operated from France, but we use service providers that may process data in other countries, including the United States. When we transfer your personal information internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Service providers certified under recognized data protection frameworks
- Adequate data protection measures equivalent to GDPR standards
9. Children's Privacy
Our platform is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you via email or prominent notice on our platform
- Obtain your consent if required by applicable law
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@mooncharts.fr
For GDPR-related inquiries or to exercise your data protection rights, please clearly state "GDPR Request" in your communication.
12. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal information based on the following legal grounds:
- Contractual Necessity: Processing necessary to provide our services and fulfill our contract with you
- Legitimate Interests: Processing necessary for our legitimate business interests (platform improvement, security, fraud prevention)
- Legal Obligation: Processing required to comply with legal and regulatory requirements
- Consent: Processing based on your explicit consent (e.g., marketing communications, Discord integration)
You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
