Privacy Policy
Last updated: March 24, 2026
Moonira Agency (“Moonira”, “we”, “us”) operates the website moonira.com. This policy explains what personal data we collect, why we collect it, how we use it, and what rights you have.
1. What we collect
a) Analytics (Plausible)
We use Plausible Analytics, a privacy-friendly analytics tool. It does not use cookies, does not track individuals, and is fully GDPR compliant. All data is aggregated and anonymous. We use it to understand overall site traffic and page performance.
b) Form submissions
When you fill out a qualification form or assessment form, we collect the information you provide: name, email address, company website, team size, and any message you write. This data is used solely to respond to your inquiry, assess fit, and provide our services.
c) Cal.com booking data
When you book a discovery call through our Cal.com integration, we receive your name, email, and scheduling details via a webhook. This data is stored alongside your form submission to connect your inquiry to the booked meeting.
d) Engagement tracking
We collect anonymous engagement signals to understand how visitors interact with our site. This includes:
- Scroll depth (how far you scroll on a page)
- Time spent on page
- Which sections of a page you view
- CTA button clicks
- Form submission events
This data is tied to a random session identifier stored in your browser's sessionStorage (not a cookie). The session ID is generated fresh each visit and cannot be used to identify you personally unless you submit a form during that session.
e) UTM parameters
If you arrive via a marketing link, we capture campaign parameters (source, medium, campaign, term, content) to understand which outreach efforts are effective. These are stored in your browser's sessionStorage and sent with your form submission. Personal information (email, name) is stripped from the URL immediately after capture.
f) Visitor and session identifiers
We generate random visitor and session IDs stored in your browser's sessionStorage. These are used to connect page views and engagement events within a single visit. They expire when you close the browser tab and are not persistent across visits unless you submit a form.
2. Legal basis for processing (GDPR Art. 6)
- Consent (Art. 6(1)(a)): When you voluntarily submit a form or book a call, you consent to us processing that data to respond to your inquiry.
- Legitimate interest (Art. 6(1)(f)): Anonymous analytics and engagement tracking serve our legitimate interest in understanding site performance and improving user experience. This processing uses no cookies and no personally identifiable information unless you choose to submit a form.
- Contract (Art. 6(1)(b)): If you engage us for services, we process data necessary to fulfill our contractual obligations.
3. What we do not do
- We do not sell your data to third parties.
- We do not use advertising cookies or retargeting pixels.
- We do not share your information with data brokers.
- We do not use any third-party cookies. Our site is entirely cookie-free.
4. Sub-processors and data sharing
We use the following services to operate moonira.com. Each processes data on our behalf and under our instruction:
| Service | Purpose | Data location |
|---|---|---|
| Vercel | Website hosting and edge delivery | Global (edge network) |
| Supabase | Database for form submissions and engagement data | United States |
| Cal.com | Meeting scheduling | EU / United States |
| Plausible Analytics | Anonymous, aggregate website analytics | European Union |
| Sanity | Content management system | United States |
5. International data transfers
Some of our sub-processors are located in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) adopted by the European Commission, or the service provider's participation in recognized data protection frameworks.
6. How we store and retain your data
Form submissions and associated attribution data are stored in Supabase (PostgreSQL), hosted in the United States. Data is retained for the duration of our business relationship and for up to 24 months afterward for follow-up and record-keeping purposes. After this period, data is deleted or anonymized.
Anonymous engagement data (scroll depth, time on page) is retained for up to 12 months for analytical purposes.
7. Your rights
Under the GDPR and applicable data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data (“right to be forgotten”).
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Portability: Request your data in a structured, machine-readable format.
- Object: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at privacy@moonira.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
8. Data protection measures
We implement appropriate technical and organizational measures to protect your data, including encrypted connections (TLS/HTTPS), access controls, rate limiting on all endpoints, and input validation. Sensitive credentials are stored as encrypted environment variables and are never exposed to the client.
9. Data Processing Agreement
If you require a Data Processing Agreement (DPA) for your organization, contact us at privacy@moonira.com and we will provide one.
10. Changes to this policy
We may update this policy from time to time. Material changes will be noted with a revised “last updated” date at the top of this page. Continued use of the site after changes constitutes acceptance.
11. Contact
For privacy-related questions, reach out to privacy@moonira.com.