← mooncatchr

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy describes how Centally, LLC, operator of mooncatchr (“Centally”, “we”, “us”), collects, uses, shares, and protects information about you when you use our Service. It also explains your rights and choices.

1. Information We Collect

We collect only what we need to operate the Service:

  • Email address — to send your magic link and (if you opt in) a receipt.
  • Dream text and follow-up messages — the content you submit so we can interpret it and converse with you.
  • Payment metadata — Stripe session and payment intent IDs, amount, and status. We do not store or process card numbers; Stripe handles that directly.
  • Acceptance record — the timestamp, IP address, and user-agent at the moment you accept the Terms.
  • Usage and technical data — basic logs (request paths, status codes, IP addresses, user agent) for security, debugging, and abuse prevention.

2. How We Use Your Information

  • To deliver and improve the Service;
  • To send transactional email (your magic link, refund notices);
  • To detect and prevent abuse, fraud, and violations of our Terms;
  • To comply with legal obligations.

We do not sell your personal information. We do not use your dream content for advertising. We do not use your User Content to train our own models.

3. Service Providers

We use vetted third-party service providers to deliver the Service. Each provider processes only the limited information necessary for its function, under a data-processing agreement with us. The categories of providers we rely on are:

  • Payment processing. Card details go directly to our payment processor; we only see resulting session and payment identifiers.
  • Email delivery. A transactional email provider sends your private access link and any receipts.
  • Hosting and database. Application hosting, edge delivery, and managed database storage.
  • Bot defense. A challenge provider helps protect the submission form from automated abuse.
  • Background processing. A durable job-execution provider runs the interpretation pipeline.
  • Language-processing providers. Specialized third-party providers process your dream text and follow-up messages under data-processing agreements that prohibit training on your content and limit their retention to a short abuse-monitoring window (typically up to 30 days). Your content is not used by these providers for advertising and is not shared with other parties.

5. Security

  • Encryption in transit. All traffic to and from the Service is over TLS.
  • Encryption at rest. Your dream text and message content are encrypted at the application layer with AES-256-GCM, using a key held only by our servers, before being written to the database. Our database host also encrypts data at rest at the disk level.
  • Access controls. Production data is accessible to a minimal set of authorized personnel for the purpose of operating the Service.
  • Magic links. Stored as SHA-256 hashes, single-use, and expire after 15 minutes.

6. Data Retention & Deletion

We retain your dream content and conversation history for as long as you have an active account, or until you request deletion. When you delete an individual dream from its chat page, it is immediately removed from your account view. The encrypted record is then retained for up to thirty (30) days as a deletion grace window — this lets us investigate any subsequent payment dispute, fraud claim, or support request — after which the prompt, conversation, and associated processing logs are permanently removed from our active database.

If you require immediate permanent deletion before the thirty-day window expires (for example, under your CCPA or GDPR right to erasure), email privacy@mooncatchr.com from the address associated with your account and we will purge the record sooner. We may need to verify your identity before doing so.

Payment records are retained as required by law (typically seven years in the U.S.). Server access logs are retained for up to 90 days. Anonymized operational records (event logs without dream content) may be retained longer for fraud-prevention and analytics.

To request deletion of all your data, email privacy@mooncatchr.com from the address associated with your account.

7. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing.

Self-serve options. From your dream conversation page, you can delete the dream (immediately removes it from your view; the encrypted record is purged from our active database within thirty (30) days) and email yourself a copy of the full reading (one copy per dream). For broader requests — a copy of data spanning multiple dreams, immediate permanent deletion before the thirty-day window, a complete account deletion, or any other data right — email privacy@mooncatchr.com. We may need to verify your identity before responding.

  • California (CCPA/CPRA).You have the right to know what we collect, to delete, to correct, and to opt out of any “sale” or “sharing” of your personal information (we do not sell or share for cross-context advertising).
  • EEA / UK (GDPR). Our legal basis is performance of a contract (to deliver the Service you paid for), consent (for optional uses), and legitimate interests (security and abuse prevention). You have the right to lodge a complaint with your supervisory authority.

8. Cookies

We use a single encrypted session cookie (named dc_session) to keep you signed in to your dream chat. We do not use third-party advertising cookies or trackers.

9. Children

The Service is not intended for, and we do not knowingly collect information from, individuals under 18. If you believe we have inadvertently collected information from a minor, contact us and we will delete it.

10. International Transfers

Our infrastructure is hosted in the United States. If you access the Service from outside the U.S., you understand that your information will be transferred to and processed in the U.S. and other jurisdictions where our service providers operate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the current version. Material changes will be communicated by reasonable means.

12. Contact

For privacy questions or to exercise your rights, email Centally, LLC at privacy@mooncatchr.com.

Terms of UsePrivacy Policy