MoonLite — Data Processing Overview

A process-by-process inventory of personal-data processing in MoonLite — both an internal record (the seed of a GDPR Art. 30 record of processing activities) and a public transparency document.

Controller: LECTOR INTERACTİVE YAZILIM LİMİTED ŞİRKETİ — privacy@lectorinteractive.com · Version: 2026-07-11 · Date: 11 July 2026

Legend — Basis: legal basis. Contract = GDPR 6(1)(b) / KVKK 5(2)(c) · LI = legitimate interests, 6(1)(f) / KVKK 5(2)(f) · Legal = legal obligation, 6(1)(c) / KVKK 5(2)(a),(ç) · Rights = establishment/exercise/defense of rights, KVKK 5(2)(e) · Consent = 6(1)(a) / KVKK 5(1). Data subjects are users throughout unless noted.


1. Account and identity

Process Data Purpose Basis Retention Recipients / Transfer
Google sign-in Google account ID, email, name, avatar URL Account creation, authentication Contract Account lifetime Google (source); Cloudflare (storage — international)
Session management Session token (hash only), last use Staying signed in; one-session rule Contract, LI 30 days / on logout Cloudflare
Invite/alpha management Invite redemption, alpha/ban status Closed-alpha access control Contract, LI Account lifetime Cloudflare
Username / pen name Chosen names, change timestamps Identity display; abuse prevention (change cooldown) Contract, LI Account lifetime Cloudflare; other users (visible parts)
Terms acceptance Accepted version + timestamp Evidence, compliance Contract, Rights, Legal Account lifetime + legal period Cloudflare

2. Content

Process Data Purpose Basis Retention Recipients / Transfer
Audio creation/sharing In-app-made stems (content-addressed), library manifest Music features, sharing Contract Until you delete Cloudflare R2; nearby users
Written works Text, cover images, title/byline, reaction counts Reading area, publishing Contract Until you delete Cloudflare; all users (if published)
Avatar skins Skin image (content-addressed), reference Showing your avatar to others Contract Until you delete Cloudflare R2; nearby users
Chat (room/party) Message content (transient, not stored server-side), sender Real-time communication Contract Not stored (transient relay) Users in the room/party
Direct Messages End-to-end-encrypted envelope; routing metadata; device public keys Message delivery Contract Envelope: deleted on delivery, max 30 days; keys: account lifetime Cloudflare (encrypted form only)
Metadata stripping Re-encoding of uploaded media (removes EXIF/ID3 etc.) Protecting users from accidental location/identity leakage LI — (a transformation)

3. Real-time gameplay

Process Data Purpose Basis Retention Recipients / Transfer
Presence Avatar position/heading, animation state Rendering the shared world Contract Not stored (15 Hz ephemeral) Nearby users (AoI-limited)
Reactions/emotes/games Reactions, game moves (bowling/golf/chess…), seat states Game features Contract Room-session lifetime Users in the room
Room management (sharding) Room id, room occupancy counts Capacity and matchmaking Contract, LI Ephemeral /stats exposes aggregate counts only (no personal data)

4. Security and abuse prevention

Process Data Purpose Basis Retention Recipients / Transfer
Connection security IP address, connection counts Flood protection, per-IP caps LI Connection lifetime (in memory) Realtime relay host
Rate/usage limits Request counters, storage counters Resource protection, fair use LI Limited period Cloudflare
Moderation Reports, takedown/blocklists, strikes, enforcement records Community safety, legal compliance Rights, LI, Legal Obligation period Cloudflare; authorities where required
Admin audit trail Log of administrator actions Accountability LI, Legal Obligation period Cloudflare

5. Support and diagnostics

Process Data Purpose Basis Retention Recipients / Transfer
Support tickets Ticket text, account id, timestamps Providing support Contract, LI Resolution + reasonable period Cloudflare
Crash reports Stack trace, browser/device info, app-state summary Fixing bugs LI Limited period Cloudflare
Server health metrics Aggregate player/room counts, tick timings, memory Capacity and performance monitoring LI Limited period Contains no personal data

6. Legal processes

Process Data Purpose Basis Retention Recipients / Transfer
Copyright notices (takedown) Notice content, content ids, party contact details Notice-and-takedown, safe-harbor compliance Legal, Rights, LI Obligation period Cloudflare; counterparty where legally required
Legal requests Data specified by valid process Compliance Legal As required Competent authorities
Data-subject requests (GDPR/KVKK) Request content, identity-verification data Fulfilling rights Legal Obligation period

7. On-device processing (never reaches us)

The following happens only on your device; nothing is transmitted to us unless you share it: audio cache and local projects (IndexedDB/localStorage), DM private keys and decrypted message history, drafts, app preferences, autosaves. Details: Cookie & Local-Storage Policy.

8. Processors and international transfers (summary)

Processor Role Location
Cloudflare, Inc. Hosting, Workers, R2, D1, KV, realtime infrastructure Global (international)
Google LLC OAuth sign-in; embedded YouTube player Global (international)
Hetzner Online GmbH Realtime relay servers Germany (EU)
Paddle (Paddle.com Market Ltd / Paddle.com Inc.) Payments — Merchant of Record for all purchases (acts as an independent controller for checkout data) UK / Global (international)

Transfer mechanisms: see Privacy Policy Section 7.

9. What we do NOT do

For transparency: no advertising/marketing processing, no sale of data, no profiling or automated decision-making with legal effects, no third-party analytics, no first-party cookies, no technical ability to read DM content (end-to-end encrypted), no intended processing of special-category data.