MoonLite — Data Processing Overview
A process-by-process inventory of personal-data processing in MoonLite — both an internal record (the seed of a GDPR Art. 30 record of processing activities) and a public transparency document.
Controller: LECTOR INTERACTİVE YAZILIM LİMİTED ŞİRKETİ — privacy@lectorinteractive.com · Version: 2026-07-11 · Date: 11 July 2026
Legend — Basis: legal basis. Contract = GDPR 6(1)(b) / KVKK 5(2)(c) · LI = legitimate interests, 6(1)(f) / KVKK 5(2)(f) · Legal = legal obligation, 6(1)(c) / KVKK 5(2)(a),(ç) · Rights = establishment/exercise/defense of rights, KVKK 5(2)(e) · Consent = 6(1)(a) / KVKK 5(1). Data subjects are users throughout unless noted.
1. Account and identity
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Google sign-in | Google account ID, email, name, avatar URL | Account creation, authentication | Contract | Account lifetime | Google (source); Cloudflare (storage — international) |
| Session management | Session token (hash only), last use | Staying signed in; one-session rule | Contract, LI | 30 days / on logout | Cloudflare |
| Invite/alpha management | Invite redemption, alpha/ban status | Closed-alpha access control | Contract, LI | Account lifetime | Cloudflare |
| Username / pen name | Chosen names, change timestamps | Identity display; abuse prevention (change cooldown) | Contract, LI | Account lifetime | Cloudflare; other users (visible parts) |
| Terms acceptance | Accepted version + timestamp | Evidence, compliance | Contract, Rights, Legal | Account lifetime + legal period | Cloudflare |
2. Content
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Audio creation/sharing | In-app-made stems (content-addressed), library manifest | Music features, sharing | Contract | Until you delete | Cloudflare R2; nearby users |
| Written works | Text, cover images, title/byline, reaction counts | Reading area, publishing | Contract | Until you delete | Cloudflare; all users (if published) |
| Avatar skins | Skin image (content-addressed), reference | Showing your avatar to others | Contract | Until you delete | Cloudflare R2; nearby users |
| Chat (room/party) | Message content (transient, not stored server-side), sender | Real-time communication | Contract | Not stored (transient relay) | Users in the room/party |
| Direct Messages | End-to-end-encrypted envelope; routing metadata; device public keys | Message delivery | Contract | Envelope: deleted on delivery, max 30 days; keys: account lifetime | Cloudflare (encrypted form only) |
| Metadata stripping | Re-encoding of uploaded media (removes EXIF/ID3 etc.) | Protecting users from accidental location/identity leakage | LI | — (a transformation) | — |
3. Real-time gameplay
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Presence | Avatar position/heading, animation state | Rendering the shared world | Contract | Not stored (15 Hz ephemeral) | Nearby users (AoI-limited) |
| Reactions/emotes/games | Reactions, game moves (bowling/golf/chess…), seat states | Game features | Contract | Room-session lifetime | Users in the room |
| Room management (sharding) | Room id, room occupancy counts | Capacity and matchmaking | Contract, LI | Ephemeral | /stats exposes aggregate counts only (no personal data) |
4. Security and abuse prevention
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Connection security | IP address, connection counts | Flood protection, per-IP caps | LI | Connection lifetime (in memory) | Realtime relay host |
| Rate/usage limits | Request counters, storage counters | Resource protection, fair use | LI | Limited period | Cloudflare |
| Moderation | Reports, takedown/blocklists, strikes, enforcement records | Community safety, legal compliance | Rights, LI, Legal | Obligation period | Cloudflare; authorities where required |
| Admin audit trail | Log of administrator actions | Accountability | LI, Legal | Obligation period | Cloudflare |
5. Support and diagnostics
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Support tickets | Ticket text, account id, timestamps | Providing support | Contract, LI | Resolution + reasonable period | Cloudflare |
| Crash reports | Stack trace, browser/device info, app-state summary | Fixing bugs | LI | Limited period | Cloudflare |
| Server health metrics | Aggregate player/room counts, tick timings, memory | Capacity and performance monitoring | LI | Limited period | Contains no personal data |
6. Legal processes
| Process | Data | Purpose | Basis | Retention | Recipients / Transfer |
|---|---|---|---|---|---|
| Copyright notices (takedown) | Notice content, content ids, party contact details | Notice-and-takedown, safe-harbor compliance | Legal, Rights, LI | Obligation period | Cloudflare; counterparty where legally required |
| Legal requests | Data specified by valid process | Compliance | Legal | As required | Competent authorities |
| Data-subject requests (GDPR/KVKK) | Request content, identity-verification data | Fulfilling rights | Legal | Obligation period | — |
7. On-device processing (never reaches us)
The following happens only on your device; nothing is transmitted to us unless you share it: audio cache and local projects (IndexedDB/localStorage), DM private keys and decrypted message history, drafts, app preferences, autosaves. Details: Cookie & Local-Storage Policy.
8. Processors and international transfers (summary)
| Processor | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, Workers, R2, D1, KV, realtime infrastructure | Global (international) |
| Google LLC | OAuth sign-in; embedded YouTube player | Global (international) |
| Hetzner Online GmbH | Realtime relay servers | Germany (EU) |
| Paddle (Paddle.com Market Ltd / Paddle.com Inc.) | Payments — Merchant of Record for all purchases (acts as an independent controller for checkout data) | UK / Global (international) |
Transfer mechanisms: see Privacy Policy Section 7.
9. What we do NOT do
For transparency: no advertising/marketing processing, no sale of data, no profiling or automated decision-making with legal effects, no third-party analytics, no first-party cookies, no technical ability to read DM content (end-to-end encrypted), no intended processing of special-category data.