How Moonshift collects, uses, and protects your data. Plain-English summary up top; legal specifics below.
Effective 2026-04-23 · Last updated 2026-05-17
This site and service (“Moonshift”, “we”, “us”) is operated by Harjot Singh Rana, based in New Delhi, India. We are the data controller for personal data we collect through https://moonshift.io.
Questions about this policy: [email protected].
When you sign up, we collect your email address, name, and a profile image. You can sign in with Google or GitHub OAuth (scopes: openid email profile for Google, user:email for GitHub sign-in), or with an email + password handled by Better Auth. We store an encrypted session token in a cookie to keep you logged in.
repo, user:email.https://www.googleapis.com/auth/adwords. We read the accounts you can access, create and update campaigns, budgets, ads, and conversion actions in the account you authorize, and read your campaign performance metrics. We only ever touch the Google Ads account you explicitly connect.tweet.write tweet.read users.read offline.access.w_member_social r_liteprofile.Tokens are stored encrypted at rest in our Turso database and used only on your behalf for the operations you authorize.
When you connect Google Ads, Moonshift accesses Google user data (your accessible Google Ads accounts and their campaigns, budgets, ads, conversion actions, and performance metrics) solely to provide and improve the Ads Mode features you request - drafting, launching, managing, and reporting on advertising campaigns in the account you connect. We do not use this data for advertising of our own, do not sell it, and do not transfer it to third parties except as needed to operate these features at your direction or as required by law. Google Ads refresh tokens are encrypted at rest and revocable at any time from your Google Account permissions page or by disconnecting in Moonshift.
Moonshift's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
We store the prompts you send, the generated code, the marketing drafts, the hero images, per-phase LLM traces, cost, token counts, and run status. This data is necessary to run the pipeline, let you resume a failed run, and let you iterate on a project.
Payments are processed by Dodo Payments. We never see or store your card details. We store your Dodo customer ID, subscription status, and ledger of Moon credit transactions.
You can opt out of analytics and tracking cookies via the cookie banner on your first visit or at any time via your browser settings.
Running a prompt through Moonshift sends parts of that prompt — and the generated code — to the LLM providers that power the agents. We currently use OpenAI and Anthropic as subprocessors. Your prompts and generated artifacts are transmitted to them only as needed to execute the pipeline.
We share personal data only with subprocessors that help us run the service, under contracts that bind them to equivalent protections.
We do not sell your personal data, and we do not share it for targeted advertising.
We use one essential cookie ( better-auth.session_token) to keep you logged in. Analytics cookies are optional and loaded only if you accept them via the cookie banner.
Our primary infrastructure (Hostinger VPS) is hosted in India. Our managed database (Turso) and certain analytics subprocessors store data in regional locations outside India, including the United States and the European Union. If you access the service from outside these regions your personal data will be transferred to them. Where an EU-based data exporter is involved, we rely on the EU Standard Contractual Clauses with the relevant subprocessor.
Depending on where you live, you may have rights to: access, correct, delete, restrict or object to processing, and port your personal data. You also have the right to lodge a complaint with your local supervisory authority.
To exercise any of these rights, email [email protected]. We will respond within 30 days.
Moonshift is not intended for children under 13 (or under 16 in jurisdictions that require it). We do not knowingly collect data from children.
We use industry-standard encryption in transit (TLS) and at rest. OAuth tokens and secrets are encrypted at the application layer. Access is limited to the operator under multi-factor authentication. No system is perfectly secure — if we learn of a breach that affects you, we will notify you within 72 hours.
We will post material changes on this page and update the “last updated” date at the top. If a change materially reduces your rights, we will notify you by email.
Harjot Singh Rana
New Delhi, India
Privacy: [email protected]
General: [email protected]