Privacy Policy

Privacy at a Glance

Simple version: You give us text prompts. We generate videos. You own the videos. We store them so you can access them. We do not accept file uploads. We do not sell your data.

1. Introduction

At MoonwalkAI ("we," "our," or "us"), we are committed to protecting your privacy and being transparent about how we handle your data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you use our AI video generation platform ("Services").

2. Information We Collect

2.1 Account Information

• Email address, username, and password (hashed — never stored in plain text)
• Profile information and platform preferences
• Subscription tier and credit balance
• Account creation date and login history

2.2 Content Inputs

• Text prompts and creative briefs you submit for video generation
• Style preferences, duration settings, platform targets, and other generation parameters
• Topic and brand configurations you set up
• Script text and narration preferences

No file uploads: MoonwalkAI does not currently accept user-uploaded images, video clips, or audio files. All media in your videos is AI-generated from your text prompts.

2.3 Generated Content

• AI-generated videos, images, voiceovers, and music created at your direction
• Stored securely in your account on Cloudflare R2 cloud storage
• Retained until you delete them or your account is closed

2.4 Connected Social Media Accounts (OAuth)

When you connect TikTok, Instagram, YouTube, or other platforms for direct publishing, we store:

• OAuth access tokens and refresh tokens — encrypted, used only to publish at your direction
• Platform account identifiers needed to display connected accounts
• Publishing history — records of content published through our integration

OAuth commitment: We use your OAuth tokens exclusively to publish content when you explicitly instruct us to. We never publish without your direct action. We never read your followers, messages, or any other account data.

2.5 Usage and Technical Data

• Which features you use and how often — analyzed in aggregate only
• Device type, browser, and operating system
• IP address and approximate location (country/city level)
• Session data, error logs, and performance metrics
• Cookies and similar tracking technologies (see Section 8)

2.6 Payment Information

Payment details are processed entirely by our payment providers (PayPal, Dodo Payments). We receive only:

• Transaction confirmation and subscription status
• Subscription tier and billing period
• We never store raw card numbers, CVV codes, or full payment credentials

3. How We Use Your Information

3.1 To Provide the Services

• Processing your prompts through AI systems to generate videos
• Storing your generated content so you can access and download it
• Publishing content to social platforms at your explicit direction
• Managing your account, subscription, and credit balance
• Processing payments through our payment providers
• Providing customer support

3.2 To Improve the Services

• Analyzing aggregate, anonymized usage patterns to understand feature usage
• Diagnosing and fixing technical issues
• Evaluating and improving AI generation quality

AI training: We do not use your specific prompts or generated videos to train AI models without your explicit opt-in consent.

3.3 To Communicate With You

• Transactional emails — confirmations, receipts, generation completions
• Service announcements — important platform or policy changes
• Marketing emails — only if you opted in, always with unsubscribe option

3.4 For Safety and Legal Compliance

• Content moderation — screening prompts for prohibited content
• Preventing fraud, abuse, and unauthorized access
• Complying with legal obligations including law enforcement requests
• CSAM detection and mandatory reporting as required by law

4. Content Moderation

All text prompts submitted to MoonwalkAI are screened by automated content moderation before processing. This moderation:

• Occurs automatically before any generation begins
• Uses AI classifiers to detect prohibited content requests
• May result in prompt rejection and account investigation for violations
• Creates moderation logs retained for legal compliance purposes

Moderation logs for flagged prompts are retained for a minimum of 12 months. Logs for prompts that pass moderation are retained for 90 days.

CSAM obligation: If our systems detect any attempt to generate Child Sexual Abuse Material, we are legally required to report it to the National Center for Missing and Exploited Children (NCMEC) within 24 hours under 18 U.S.C. § 2258A. This is mandatory and applies without exception.

5. Information Sharing

We do not sell, trade, or rent your personal information. We share data only in these specific circumstances:

5.1 Service Providers

We use third-party service providers to operate our platform, including for file storage, payment processing, AI generation, and infrastructure. These providers process your data only as necessary to perform their services on our behalf and are governed by their own privacy policies.

The categories of providers we use include: cloud storage, payment processors, AI model providers, database and infrastructure services, and analytics tools. Each provider's data handling is subject to their own privacy policy and applicable data protection law. We encourage you to review the privacy policies of any third-party services you interact with directly.

5.2 Social Platforms You Connect

When you instruct us to publish, we share your content with the platform you direct us to publish to. This is entirely at your direction.

5.3 Law Enforcement

We may disclose your information to law enforcement without prior notice when:

• Required by valid court order, subpoena, or warrant
• Required to report illegal content (CSAM) to NCMEC under federal law
• Necessary to prevent imminent physical harm to any person
• Responding to a valid emergency law enforcement request

5.4 Business Transfers

If MoonwalkAI is acquired or merges, your data may transfer as part of that transaction. We will notify you before your data is transferred.

5.5 With Your Consent

We may share your information for any other purpose with your explicit prior consent.

6. Data Retention

Deletion requests: You may request account deletion at any time. We process deletions within 30 days. We cannot delete data we are legally required to retain.

7. Data Security

• Encryption in transit — all data uses TLS/HTTPS
• Encryption at rest — stored files encrypted on Cloudflare R2
• Access controls — internal access restricted to personnel who need it
• OAuth tokens stored encrypted — used only for their stated purpose
• Password hashing — passwords are never stored in plain text

Honest limitation: No security system is perfect. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

8. Cookies and Tracking

8.1 Essential Cookies

Required for authentication, session management, and platform functionality. Cannot be disabled without breaking the platform.

8.2 Analytics

• Google Analytics 4 — tracks page views and usage events. We use Google Consent Mode v2: GA4 runs in anonymized/cookieless mode by default and switches to full tracking only if you accept analytics cookies.
• Microsoft Clarity — session recordings and heatmaps to understand platform usage (where enabled).

8.3 Preference Cookies

Remember your settings such as theme preferences and cookie consent choices.

8.4 Advertising and Marketing Pixels

We load the following advertising pixels to measure campaign performance and build advertising audiences:

• Facebook/Meta Pixel — sends page view and conversion events (signups, purchases) to Meta for ad attribution and audience building.
• TikTok Pixel — sends page view and conversion events to TikTok for ad attribution and audience building.

These pixels fire for all visitors. Under the California Consumer Privacy Act (CCPA/CPRA), this constitutes "sharing" personal information for cross-context behavioral advertising purposes. See Section 10 for your opt-out rights.

8.5 Your Choices

• Cookie banner — decline analytics cookies via our consent banner to disable GA4 full tracking
• Browser settings — block cookies or use an ad blocker to prevent pixel firing at the browser level
• California opt-out — email [email protected] with subject "Do Not Sell or Share My Personal Information"
• Ad platform opt-outs — opt out directly through Meta Ad Preferences and TikTok Ad Settings

9. Your Rights

• Access — request a copy of data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request account and data deletion (subject to legal retention obligations)
• Portability — request your data in machine-readable format
• Opt-out of marketing — unsubscribe from marketing emails at any time
• Disconnect social accounts — revoke OAuth access at any time in settings

Submit requests to [email protected]. We respond within 30 days.

10. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act:

10.1 Right to Know

You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.

10.2 Right to Delete

You may request deletion of your personal information, subject to legal retention exceptions.

10.3 Right to Correct

You may request correction of inaccurate personal information we hold about you.

10.4 Right to Opt Out of Sharing

We share personal information with Meta (Facebook Pixel) and TikTok (TikTok Pixel) for cross-context behavioral advertising purposes. California residents have the right to opt out of this sharing.

To opt out: Email [email protected] with subject line "Do Not Sell or Share My Personal Information" and we will process your request within 15 business days.

10.5 Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

10.6 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization. Submit CCPA requests to [email protected]. We respond within 45 days.

11. Connected Social Media Accounts

When you connect a social account, we request only the minimum permissions needed:

• TikTok — upload videos on your behalf only
• Instagram / Facebook — publish to your feed and reels only
• YouTube — upload videos to your channel only

We do not access your followers, messages, private content, analytics, or contacts.

Disconnect any social account from your MoonwalkAI settings at any time, or revoke access directly through each platform's security settings. Revoking access immediately prevents future publishing and does not affect content already published.

12. Future Features — User Uploads

MoonwalkAI plans to introduce user upload functionality in future versions. When uploads are introduced:

• This Privacy Policy will be updated before those features launch
• New sections covering uploaded content data collection will be added
• A full copyright removal request system will be implemented
• You will be notified of the policy updates before they take effect

Commitment: We will never introduce upload features without first updating our legal documents and implementing appropriate technical safeguards.

13. International Data Transfers

Your data may be processed in countries other than your own, including the United States where our infrastructure providers operate. We ensure appropriate contractual safeguards are in place for international transfers.

14. EU Users — GDPR

If you are in the European Union or EEA, you have additional rights including restriction of processing, withdrawal of consent, and the right to lodge a complaint with your national data protection authority.

15. Children's Privacy

MoonwalkAI is not intended for anyone under 18. We do not knowingly collect information from minors. If you believe a minor has created an account, contact [email protected] immediately.

16. Changes to This Policy

We will notify you of material changes by posting the updated policy, emailing your registered address, and displaying an in-platform notice. Continued use after the effective date constitutes acceptance. If you disagree with changes, delete your account before the effective date.

17. Contact