MoonLite — Privacy Policy
Last updated: 11 July 2026. This Policy works alongside the Terms of Service.
Data controller (Veri Sorumlusu): LECTOR INTERACTİVE YAZILIM LİMİTED ŞİRKETİ, a limited liability company organized under the laws of the Republic of Türkiye (İstanbul Trade Registry No. 1149071 · MERSİS 0608186947700001), Nisbetiye Mah. Gazi Güçnar Sk. Uygur İş Merkezi No: 4 İç Kapı No: 2, Beşiktaş / İstanbul / Türkiye ("MoonLite", "we", "us"). Privacy / data-protection contact: privacy@lectorinteractive.com · General contact: support@lectorinteractive.com Data Protection Officer / representative: not currently appointed. Effective date: 11 July 2026 · Version: 2026-07-11
This Policy explains what personal data we process, why, on what legal basis, with whom we share it, how long we keep it, and the rights you have. It applies to the MoonLite website, apps, and APIs (the "Service") and works alongside the Terms of Service.
1. Summary (quick reference)
- We are a small, privacy-conscious service. By design, most of your creative content (audio you make, written drafts, skins) is stored locally in your browser first; when you share or publish, it is served from our storage provider. We do not sell or rent your personal data, we do not share it for third-party advertising, and we do not run cross-site tracking.
- Data minimization. We collect only the personal data reasonably necessary to run the Service, keep it and you secure, comply with law, and develop/debug the product. We do not collect data we do not need.
- You are in control. You can download all your data and permanently delete your account at any time from Settings (see Section 9).
- Account = Google sign-in. If you sign in, we receive your Google account identifier, email, name, and profile-picture URL.
- Direct Messages are end-to-end encrypted — we cannot read them; we only see routing metadata.
- Main processors: Cloudflare (hosting, storage, database), Hetzner (realtime relays), and Google (sign-in; and YouTube for embedded video in watch parties). Purchases are handled by Paddle as Merchant of Record — we never see your card details.
- Your rights: access, rectification, erasure, restriction, portability, objection, and to withdraw consent and complain to a supervisory authority (see Section 9). Contact privacy@lectorinteractive.com.
2. Who this applies to and legal frameworks
This Policy is written to comply with, among others, the EU/EEA General Data Protection Regulation (GDPR), the UK GDPR, and the Turkish Personal Data Protection Law No. 6698 (KVKK), and to address other regimes as applicable, including: U.S. state privacy laws (e.g., California's CCPA/CPRA and similar); Brazil (LGPD); Canada (PIPEDA); Korea (PIPA); Japan (APPI); and the data- protection laws of the Gulf / MENA region, such as Saudi Arabia's PDPL, the UAE Personal Data Protection Law, and others in Arab countries. Where a specific law grants you stronger rights, that law controls for you, and we will honor local data-subject rights and requirements for users in those regions.
(Operator note: if you cannot lawfully or practically comply with a given regime — for example, mainland China's PIPL, or a country with data-localization or local-representative requirements you cannot meet — consider geo-restricting that jurisdiction rather than serving it. Some MENA regimes (e.g., Saudi PDPL, UAE) have their own cross-border-transfer and, in some cases, localization/registration rules — confirm with counsel for each market you launch in.)
3. The personal data we process
We process the following categories. "You provide" = you give it to us; "We generate/collect" = created by your use of the Service.
3.1 Account and identity data (if you sign in). From your identity provider (Google OAuth), we receive and store: your Google account identifier (a stable pseudonymous "subject" ID), email address, display name, and profile-picture URL. We generate a MoonLite account ID for you.
3.2 Profile and preferences. Custom username, author pen name, identity display preferences (e.g., whether to show your picture, whether to use an alias/pseudonym), your selected avatar skin reference, accepted terms version and timestamp, and (if you enable cloud settings sync) a settings blob containing your app preferences (playlists, saved arrangements, synth presets, key bindings, theme, cursor options, and skin wardrobe).
3.3 User Content you create or share. Depending on the features you use: in-app-generated audio Stems (stored as content-addressed objects), arrangement projects, written works (article/book text and cover images) and their metadata (title, byline, topic, reaction counts), avatar skins, chat messages (transient), Direct Message encrypted envelopes and routing metadata, reactions and votes, and governance proposals. See the Terms of Service for how content is stored and shared.
3.4 Direct Message data. The content of DMs is end-to-end encrypted and unreadable by us. We store, temporarily, the encrypted envelope for delivery, plus metadata required to route it (sender, recipient device/account, conversation identifier, timestamp), and the public keys of your messaging devices. The corresponding private keys are stored only on your device and never sent to us.
3.5 Social-graph data. Friend relationships, pending friend requests, and block relationships.
3.6 Presence and gameplay data. While connected, real-time data such as your avatar position/heading, reactions, emotes, and in-world game/room state. This is transmitted to other users near you to render the shared world and is generally not persisted server-side beyond what is needed to run the session.
3.7 Technical and log data. Data inherent in providing an internet service, such as IP address, device/browser information, request timestamps, and error/diagnostic logs, processed by our infrastructure providers to deliver, secure, and troubleshoot the Service and to enforce rate/usage limits. We also store usage counters (e.g., storage used per account) and moderation records (e.g., consent records; content identifiers subject to takedown; infringement strikes).
3.8 Data stored locally on your device. We store some data in your browser's localStorage and IndexedDB, including: your session token, a per-browser random identifier, cached audio, your DM private keys and decrypted message history, arrangement/project data, drafts, and preferences. This data stays on your device unless a feature (such as cloud settings sync or publishing) sends specific parts to us.
3.9 Special-category data. MoonLite is not intended for the submission of special-category (sensitive) personal data. Please do not submit such data through User Content. If you choose to do so, you are responsible for it and, to the extent processing occurs, we rely on your explicit consent or another lawful basis.
4. Why we use your data, and our legal bases
The table below sets out our purposes and the GDPR Article 6 legal basis (and the corresponding KVKK Article 5/6 basis) for each. "Contract" = necessary to provide the Service you request; "Legitimate interests" = our or a third party's legitimate interests, balanced against your rights; "Consent" = your consent; "Legal obligation" = compliance with law.
| Purpose | Data used | GDPR basis (KVKK basis) |
|---|---|---|
| Create and operate your account; authenticate you | 3.1, 3.2, 3.7 | Contract (KVKK: necessary for a contract) |
| Provide core features (world, music tools, reading, watch, chat, social, games) | 3.2–3.7 | Contract |
| Deliver and route Direct Messages | 3.4 | Contract; DM content is E2E-encrypted |
| Store and share content you choose to share/publish | 3.3 | Contract (and your action/consent to share) |
| Cloud settings sync (only if you enable it) | 3.2 | Consent / Contract for the feature |
| Keep the Service secure; prevent abuse, fraud, and rate/limit violations; enforce Terms | 3.4–3.7 | Legitimate interests (security, integrity) / Legal obligation |
| Moderate content and handle copyright/legal notices | 3.3, 3.7 | Legal obligation / Legitimate interests |
| Troubleshoot, debug, and improve the Service | 3.6, 3.7 | Legitimate interests |
| Comply with legal requests and obligations | as needed | Legal obligation |
| Communicate with you about the Service (service messages) | 3.1 | Legitimate interests / Contract |
Where we rely on legitimate interests, you may object (Section 9). Where we rely on consent (for example, cloud settings sync, or any future optional analytics/marketing), you may withdraw it at any time without affecting prior processing.
*(KVKK note: for processing that requires it under KVKK, we obtain explicit consent (açık rıza); for other processing we rely on the KVKK Art. 5(2) grounds — e.g., necessity for a contract, our legitimate interests provided your fundamental rights are not harmed, or a legal obligation. Cross-border transfers are addressed in Section 7.)*
5. Cookies and local storage
5.1 MoonLite relies primarily on localStorage and IndexedDB (not third-party advertising cookies) to run the app on your device — for example, to keep you signed in, cache your content, store your DM keys, and remember your settings. These are essential to providing the Service or are set based on your actions.
5.2 We do not use third-party advertising or cross-site tracking cookies. Third-party embeds you interact with (for example, an embedded YouTube player in a watch party) may set their own cookies and process data under their own policies (Section 6). Where required by law, we will present a cookie/consent notice for any non-essential storage.
6. Who we share data with (recipients and processors)
We do not sell your personal data. We share it only as follows:
6.1 Service providers (processors / sub-processors) acting on our instructions under data-processing terms:
| Provider | Role | Data involved |
|---|---|---|
| Cloudflare | Hosting, serverless compute (Workers), object storage (R2), database (D1), key-value storage, and real-time relay infrastructure | Essentially all stored data and content, plus technical/log data (including IP addresses) inherent in serving requests |
| Sign-in (OAuth 2.0 / "Sign in with Google") | Your Google account ID, email, name, profile-picture URL (received by us); Google also processes your sign-in under its own policy | |
| YouTube (Google) | Embedded video player for watch parties | The video is delivered by YouTube directly to your browser; YouTube may process your data (including via cookies and, if you are signed into YouTube, your account) under its own terms and privacy policy |
| Hetzner Online GmbH (Germany, EU) | Hosting the real-time relay servers | Connection IP addresses and small presence/control traffic; no media bytes and no stored account data |
We will maintain and, on request, provide a current list of sub-processors.
6.1a Payments — Paddle (Merchant of Record). Purchases (VIP membership, Supporter) are sold and processed by Paddle (Paddle.com Market Ltd, UK / Paddle.com Inc., US) as Merchant of Record. Paddle acts as an independent controller of the checkout data it collects (name, email, billing country, payment details, tax data) under its own privacy policy (https://www.paddle.com/legal/privacy). We never receive or store your card details. Paddle sends us only what we need to activate your perks: the purchase/subscription status, its dates, and the account identifier we attach to the checkout.
6.2 Other users. Content and information you choose to make visible — your avatar and presence in a room, shared/published content (e.g., published written works and covers), usernames/pen-name bylines, governance proposals and vote tallies, and lobby/party chat — are visible to and may be copied/cached by other users, as described in the Terms.
6.3 Legal and safety. We may disclose data to comply with law, valid legal process, or lawful requests; to enforce our Terms; to detect, prevent, or address fraud, security, or technical issues; or to protect the rights, property, or safety of MoonLite, our users, or the public — including reporting child- safety violations to authorities.
6.4 Business transfers. If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, personal data may be transferred as part of that transaction, subject to this Policy and applicable law.
7. International data transfers
Our providers (Cloudflare, Google, Paddle) operate globally, so your personal data may be processed in countries other than your own, including outside the EEA, the UK, and Türkiye. Where we transfer personal data internationally, we rely on appropriate safeguards required by law, such as the European Commission's Standard Contractual Clauses (SCCs) (and the UK Addendum), adequacy decisions where available, and equivalent mechanisms. For transfers subject to KVKK, we rely on the lawful cross-border-transfer grounds under Turkish law (for example, your explicit consent where required, an adequacy decision, or the KVKK-prescribed safeguards/undertakings). You may request information about the safeguards we use by contacting privacy@lectorinteractive.com.
8. How long we keep data (retention)
We keep personal data only as long as necessary for the purposes above or as required by law, then delete or anonymize it. In particular:
- Account and profile data: for as long as your account exists; deleted (or anonymized) after account deletion, subject to legal retention.
- Session tokens: we store only a hashed session token; sessions expire after 30 days and are deleted on logout.
- Direct Message envelopes: deleted on delivery; undelivered encrypted envelopes are automatically purged after 30 days. DM routing metadata is retained only as needed to operate the messaging feature.
- Published content (written works, shared stems, skins): retained while published/shared; deleting a written work removes its stored text and covers; deleting a stem removes it from your library manifest. Note that content already shared with or cached by other users, and content-addressed object copies, may persist until removed through our processes; usage counters may be retained.
- Moderation and legal records (e.g., consent records, takedown/blocklist entries, strikes): retained as needed to meet legal obligations and to operate our safety and anti-abuse processes.
- Technical/log data: retained for a limited period for security, debugging, and abuse prevention.
- Local data on your device: persists on your device until you clear your browser storage or delete it in-app.
Where a law requires a specific retention period for a record type, that statutory period controls.
9. Your rights
Depending on where you live, you have the following rights regarding your personal data. Under the GDPR/ UK GDPR you have the rights to: access your data (Art. 15), rectify inaccurate data (Art. 16), erase data ("right to be forgotten", Art. 17), restrict processing (Art. 18), data portability (Art. 20), object to processing based on legitimate interests or to direct marketing (Art. 21), and not to be subject to solely automated decisions with legal or similarly significant effects (Art. 22). You may also withdraw consent at any time (without affecting prior processing) and lodge a complaint with a supervisory authority.
Under the KVKK (Art. 11), you have the rights to: learn whether your data is processed; request information about processing; learn the purpose and whether data is used accordingly; know the third parties to whom data is transferred (domestically or abroad); request correction of incomplete/inaccurate data; request erasure or destruction; request that corrections/erasures be notified to third parties; object to results arising from automated analysis; and claim compensation for damages arising from unlawful processing. You may also apply to the Turkish Data Protection Authority (Kişisel Verileri Koruma Kurumu).
Self-service export and deletion. When signed in, you can exercise the most important rights yourself, immediately, from Settings:
- ⬇ My data downloads a machine-readable (JSON) copy of your data — your account/profile, your library manifest, your written works (including their text), reactions, friends/requests/blocks, governance proposals and votes, consent and moderation records, and your messaging device public keys, together with your local settings and projects. (For your security, the download excludes your live session token, your device-only end-to-end DM private keys, and cached audio bytes — these remain on your device by design; your Direct Message contents are end-to-end encrypted and never leave your devices in readable form.)
- 🗑 Delete account permanently erases your account and all associated server-side data (D1 records and your stored media objects) and clears your local browser data. This cannot be undone.
Other requests. For any right not covered by the self-service tools, contact privacy@lectorinteractive.com. We will verify your identity and respond within the period required by law (generally one month under the GDPR, extendable where permitted; and within the KVKK-prescribed period, generally 30 days). We provide these rights free of charge except where the law permits a reasonable fee for manifestly unfounded or excessive requests. We may retain limited data where the law requires or permits (for example, records needed to meet a legal obligation), and content already shared with or cached by other users, or content-addressed media copies, may persist until removed through our processes.
10. Security
We take reasonable technical and organizational measures to protect personal data, including: storing only a hashed form of session tokens (never the raw token) and delivering tokens via the URL fragment to reduce leakage; end-to-end encryption of Direct Messages using modern hybrid (post-quantum) cryptography, with private keys never leaving your device; stripping embedded metadata from uploaded media (for example, re-encoding audio and images so EXIF/GPS/ID3-type metadata cannot survive); server-side authority over content ownership and identity (so client-supplied identity cannot be spoofed); and rate limits and storage caps to reduce abuse. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. Data stored locally on your device is protected by your device and browser; keep your device secure.
11. Children's privacy
The Service is not directed to children below the applicable minimum age (see the Terms of Service, Section 3). We do not knowingly collect personal data from such children. If you believe a child has provided us personal data, contact privacy@lectorinteractive.com and we will take appropriate action, including deletion.
12. Automated decision-making and profiling
We do not use your personal data for solely automated decision-making that produces legal or similarly significant effects on you, and we do not build advertising profiles about you. Automated processing is limited to operational functions such as security, anti-abuse rate limiting, content-addressing/dedup, and delivering the features you use.
13. Third-party links and services
The Service links to and integrates third-party services (e.g., Google sign-in, YouTube embeds). We are not responsible for their privacy practices. Review their policies before using them.
14. Changes to this Policy
We may update this Policy from time to time. We will post the updated Policy with a new effective date and version and, for material changes, take reasonable steps to notify you and, where required, obtain your consent.
15. Contact and supervisory authorities
Data controller / privacy contact: LECTOR INTERACTİVE YAZILIM LİMİTED ŞİRKETİ, Nisbetiye Mah. Gazi Güçnar Sk. Uygur İş Merkezi No: 4 İç Kapı No: 2, Beşiktaş / İstanbul / Türkiye — privacy@lectorinteractive.com. DPO / representative: not currently appointed.
- EU/EEA: you may complain to your local Data Protection Authority.
- United Kingdom: the Information Commissioner's Office (ICO).
- Türkiye: the Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu / KVKK).
[If you are a data controller established in Türkiye, register with VERBİS where required.]
*See also the Terms of Service.*