Privacy Policy

We collect only what we need to run the Service. This falls into four buckets:

(a) Information you provide. Your name (or chosen display name), username, email address, password (stored hashed), profile photo, bio, mood, interests, and anything you write or upload — posts, comments, poll responses, support-matching notes, images, audio, and video.

(b) Authentication data. When you sign in via Google or another OAuth provider, we receive your email and basic profile information from that provider. We never receive your password from them.

(c) Usage data. We log the pages you visit, the actions you take (likes, votes, joins), approximate device type, browser, language, and timestamps. Server logs may briefly include your IP address for abuse prevention.

(d) Cookies and similar technologies. Strictly necessary cookies for sign-in sessions, plus limited analytics cookies (see §7).

We do not buy personal data from data brokers, and we do not run advertising networks.

• Create and secure your account, authenticate sessions, and recover access.
• Display your profile and content to the audiences you choose (public, circle members, or yourself).
• Operate community features: circles, posts, comments, polls, support waves, events, and resource pages.
• Match opt-in users in the peer-support board based on the needs and offers you publish.
• Send transactional messages (password resets, security alerts, important Service notices).
• Detect, investigate, and prevent fraud, abuse, harassment, and violations of our Terms.
• Comply with legal obligations and respond to lawful requests.
• Improve the Service through aggregated, de-identified analytics.

We will not use your private posts or DMs to train third-party advertising models.

If you are in the European Economic Area or the United Kingdom, we process your personal data under one or more of the following legal bases:

• Contract — to provide the Service you signed up for.
• Consent — for optional features such as the peer-support matching board, sensitive content disclosures, and non-essential cookies. You may withdraw consent at any time.
• Legitimate interests — to keep the Service safe, prevent abuse, and improve product quality, balanced against your rights.
• Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

We share personal information only in these limited circumstances:

• With other members — anything you post into a public circle or share with circle members is visible to that audience. Your name, username, and photo appear on non-anonymous posts and comments.
• Service providers (sub-processors) — vetted vendors that host our infrastructure, send transactional email, process payments, and run analytics. They are contractually limited to what we instruct.
• Legal & safety — when required by law, to enforce our Terms, to protect the rights, property, or safety of CloudLune, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or asset sale, subject to standard confidentiality safeguards and notice where required.

We do not sell your personal information, and we do not "share" it for cross-context behavioral advertising as defined by the California Consumer Privacy Act.

You can mark posts and comments as anonymous. When you do:

• Other members cannot see your name, username, or photo next to that post or comment.
• Your author ID is removed from public API reads at the database level — not just hidden in the UI.
• We still retain an internal link between your account and the content, so we can enforce our Terms (for example, removing abusive content) and respond to lawful requests. Anonymity is privacy from other members, not from us.

CloudLune hosts conversations about mental health, parenting, careers, relationships, and other personal topics. You decide what to share. Please be mindful that:

• Anything you publish to a public circle is visible to anyone signed in.
• Notes you publish on the peer-support matching board are visible to other signed-in members until you hide your listing.
• We are not a healthcare provider. Content on CloudLune is not medical, legal, or financial advice. In an emergency, contact local emergency services.

We use a small number of cookies and local-storage entries:

• Strictly necessary — sign-in sessions, CSRF protection, and persisting your theme preference.
• Analytics — privacy-respecting aggregate analytics to understand which pages and features are used. No cross-site tracking.

You can clear cookies in your browser at any time. Doing so will sign you out.

We keep personal information only as long as we need it to provide the Service and meet legal obligations:

• Account data — for as long as your account is active.
• Posts and comments — until you or a moderator delete them, or until you delete your account.
• Server logs — typically 30–90 days, longer if needed for security investigations.
• Backups — encrypted backups roll over within 35 days.

When you delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where we are legally required to retain it.

We protect your information with industry-standard safeguards: TLS in transit, encryption at rest, row-level access controls, hashed passwords, short-lived signed URLs for private media, restricted service-role access, and regular security reviews. No system is perfectly secure, so please use a strong, unique password and enable any additional protections we offer.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct information that is inaccurate or incomplete.
• Delete your account and associated personal data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent for processing based on consent.
• Lodge a complaint with your local data-protection authority.

To exercise any of these rights, contact us using the details in §15. We will respond within the timeframe required by applicable law (typically 30 days).

CloudLune is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, please contact us and we will delete it.

CloudLune is operated using global cloud infrastructure, which means your information may be processed in countries other than your own. Where we transfer personal data out of the EEA or UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

Posts may include links or embeds from services like YouTube, Spotify, or Vimeo. Those services have their own privacy policies. We are not responsible for their practices.

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or in-app notice before the changes take effect. Continued use of the Service after the effective date constitutes acceptance.

Questions, requests, or concerns? Reach our privacy team at privacy@cloudlune.com. We aim to reply within five business days.