Privacy Policy

1. Overview

Moonlight Agency Ltd ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it.

This policy applies to all clients, prospective clients, and visitors who interact with our website, client dashboard, or Chrome extension.

2. Information We Collect

We collect the following categories of personal data:

• Contact information — name, email address, Telegram username provided via our contact form or during onboarding.
• Account credentials — email and password used to access the client dashboard. Passwords are stored in encrypted form and never transmitted in plain text.
• Session tokens — authentication tokens stored locally in your browser to maintain your logged-in session.
• Financial data — balance top-up history, ad spend per cabinet, and transaction records associated with your account.
• Usage data — actions performed within the dashboard (logins, data refreshes) stored in activity logs for operational purposes.

3. How We Use Your Information

• To provide and maintain our advertising management services.
• To authenticate you and secure access to your account.
• To display your balance, spend data, and transaction history in the client dashboard and Chrome extension.
• To send notifications about your account balance when it falls below defined thresholds.
• To respond to enquiries submitted via our contact form.
• To comply with legal and regulatory obligations.

4. Data Storage and Security

Your data is stored on secure servers provided by Supabase (supabase.com), operating within the European Union. We implement industry-standard security measures including encrypted connections (HTTPS), role-based access controls, and row-level security policies on all database tables.

Session data and cached dashboard information is stored locally in your browser using Chrome's built-in storage API and is not transmitted to any third party.

5. Data Retention

We retain your personal data for as long as your account remains active or as required to fulfil our contractual obligations. Upon account termination, personal data is deleted within 90 days, unless retention is required by applicable law.

6. Your Rights (GDPR)

As a data subject under UK GDPR and EU GDPR, you have the following rights:

• Right of access — you may request a copy of the personal data we hold about you.
• Right to rectification — you may request correction of inaccurate data.
• Right to erasure — you may request deletion of your personal data, subject to legal retention requirements.
• Right to restriction — you may request that we restrict processing of your data.
• Right to portability — you may request your data in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interests.

To exercise any of these rights, please contact us at info@moonlight-agency.co.

7. Cookies

Our website does not use tracking cookies or advertising cookies. We use only essential session-related storage to maintain functionality. No third-party analytics or advertising scripts are loaded on our website.

8. Third-Party Services

We use the following third-party services in the provision of our platform:

• Supabase — database and authentication infrastructure (supabase.com)
• Vercel — website and dashboard hosting (vercel.com)
• Google Fonts — typography (fonts.googleapis.com)

Each of these providers maintains their own privacy policies and GDPR-compliant data processing agreements.

9. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page indicates when the policy was last revised. Continued use of our services following any changes constitutes acceptance of the updated policy.

10. Contact

For any questions or requests regarding this Privacy Policy, please contact us:

• Email: info@moonlight-agency.co
• Company: Moonlight Agency Ltd, Office 18208, 182-184 High Street North, East Ham, London E6 2JA, United Kingdom