Privacy Policy

Last updated: April 2026 · Effective immediately

1. Who We Are

Moon Marketing is a digital marketing agency. Our client portal allows clients to view campaign performance, approve creative assets, communicate with their account manager, and manage invoices. Our registered contact email is cm.fileshares@gmail.com.

2. Information We Collect

We collect only what is necessary to provide our services:

• Account information — name, email address, and company name provided when your account is created
• Usage data — pages visited, actions taken within the portal (e.g. approving a creative, booking a call)
• Messages — communications sent between you and your account manager through the portal chat
• Files — creative assets uploaded to Google Drive on your behalf for review and approval
• Performance data — campaign metrics (ROAS, CTR, ad spend) entered by your account manager
• Appointment data — call bookings made through the portal

We do not collect payment card details, government identifiers, or sensitive personal information.

3. How We Use Google Services

Our portal uses the Google Drive API to store and share creative files (videos, images, PDFs) with clients. Specifically:

• Admin users authenticate with Google to upload files to a designated Drive folder
• Files are made accessible via shared links for client preview
• We request only the drive.file scope, which limits access to files created by our app — we cannot read or modify any other files in your Google Drive
• Google access tokens are used only during the upload session and are not stored permanently

Our use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

4. Data Storage

All portal data (accounts, messages, files, invoices, appointments) is stored securely using Supabase, which provides encrypted storage on servers located in the EU/US. Row-level security policies ensure each client can only access their own data. Files are stored in Google Drive.

5. How We Share Your Data

We do not sell, rent, or trade your personal data. We share data only with:

• Supabase — our database and authentication provider
• Google LLC — for Drive file storage via the Google Drive API
• Your account manager — who can view your portal data to provide services

We may disclose data if required by law or to protect our legal rights.

6. Data Retention

We retain your data for as long as your client account is active. If you request account deletion, we will remove your personal data from our systems within 30 days, except where retention is required by law.

7. Your Rights

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Withdraw consent for processing at any time
• Lodge a complaint with a data protection authority

To exercise any of these rights, contact us at cm.fileshares@gmail.com.

8. Cookies and Local Storage

Our portal uses browser local storage to remember your login preference (e.g. "Remember me") and session tokens issued by Supabase for authentication. We do not use third-party tracking cookies or advertising cookies.

9. Security

We implement industry-standard security measures including HTTPS encryption, database row-level security, and authenticated access controls. No system is completely secure, but we take reasonable steps to protect your data.

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify active clients of material changes by email or in-portal notification. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact Us

For any privacy-related questions or requests:

• Email: cm.fileshares@gmail.com
• Website: moon-marketing.net