moonlight
Run a report →

Privacy Notice

Effective: 2026-05-02

1. What we collect

When you use moonlight we collect:

  • The portfolio screenshot you upload.
  • The holdings list parsed from that screenshot, after you confirm it on screen.
  • An email address, used only to deliver the Report you paid for and any service-critical notices about that order.
  • Payment metadata (transaction id, amount, timestamp), handled by our payment processor; we do not see card numbers.
  • Standard request metadata (IP address, user agent), retained briefly for fraud and abuse prevention.

We do not collect Social Security numbers, brokerage credentials, or any direct financial-account information. We do not connect to your brokerage. The only thing we see is the contents of the screenshot you choose to upload.

2. How we use it

The screenshot and the parsed holdings are used solely to compute and deliver the Report you requested. They are not used to build models, train machine-learning systems, or seed any other product output. The same Report is generated by a deterministic algorithm regardless of who uploaded the input.

The email address is used for the single purpose of delivering the Report and, where applicable, refund or service notices about that specific order. We do not send marketing email and we do not enroll you in any list.

Payment metadata is retained as required by tax and dispute-handling regulations. Request metadata is retained only as long as needed for security review.

3. How long we keep it

  • Original screenshot: deleted within 24 hours of confirmation.
  • Parsed holdings (associated with the order): up to 30 days, so you can re-download the Report if needed; deleted automatically thereafter.
  • Order metadata: up to 13 months for tax and dispute records.
  • Anonymized analytics about Service usage (page views, error rates): retained on a rolling 90-day basis.

4. Who we share it with

We use third-party services to operate the Service. Where those services touch user data, we limit the sharing to what is necessary:

  • A payment processor handles transactions; we never see card numbers.
  • A vision-model provider parses your screenshot in a transient server-side call; the screenshot is not persisted by them under contract.
  • An email delivery service transmits your Report to the address you provided.

We do not sell your data. We do not share with advertisers, data brokers, or analytics aggregators. We do not use your portfolio composition for any purpose other than rendering your Report.

5. Your rights

You can request deletion of any data associated with your order at any time by emailing the contact address below. We will honor the request within thirty days, except where retention is required by tax law, dispute resolution, or applicable regulation.

If you reside in a jurisdiction that grants additional data-subject rights (California, Virginia, Colorado, etc.), those rights apply to your data; the exercise process is the same.

6. Security

Uploads are transmitted over TLS. Stored data is encrypted at rest. Access to user data within our systems is limited to operations strictly necessary for service delivery and is logged.

7. Contact

Privacy inquiries: privacy at moonlight (placeholder pending domain registration).