Privacy Policy

Last updated: March 26, 2026

This Privacy Policy explains how North Street Creative, Inc., d/b/a Moonvine (\”we,\” \”us,\” \”our\”) handles information when you use the moonvine.io website (\”the Website\”) and the Moonvine service (\”the Service\”).

What We Collect

Website Visitors

Contact Form

If you use our contact form, we collect your name and email address so we can respond to your message.

Analytics & Cookies

We use the following analytics services to understand how people use our site:

• Google Analytics (GA4) — collects anonymized usage data such as pages visited, time on site, and approximate geographic region derived from IP address. Sets cookies on your browser.
• Google Search Console — shows us how the site appears in Google search results. Does not collect data from your browser directly.
• Microsoft Clarity — records anonymized session replays and heatmaps to help us understand how visitors interact with the site. Sets cookies on your browser. Microsoft may process this data on servers in the United States.

WordPress sets a small number of functional cookies for basic site operation (e.g., session management).

Subscribers (Paid Plans)

If you subscribe to a paid plan, we collect and process additional information to deliver the Service. This section describes what we collect, why, and how it is handled.

Subscription & Payments

Our payment processor Stripe collects your payment card information, billing address, and email. We do not see or store your card number. We receive your email address and subscription status from Stripe so we can manage your account.

Onboarding Information

During setup, you provide:

• Your company name and primary website URL
• Social media profile URLs (LinkedIn, Instagram, YouTube)
• Competitor company names and website URLs (up to 3)

This information is used to configure your reports and is stored in our database.

Connected Data Sources

To generate your intelligence reports, you may connect third-party accounts to the Service via OAuth or by providing access credentials. These may include:

• Google Analytics (GA4) — website traffic and visitor behavior data
• Google Search Console — search performance, keyword rankings, and indexing data
• Microsoft Clarity — heatmaps and session recordings from your website
• YouTube — channel performance and video analytics (via YouTube Data API)

When you connect a data source, we access only the data needed to produce your reports. OAuth tokens and credentials are stored securely and are used solely to retrieve data on your behalf. We do not modify your connected accounts or share access tokens with third parties.

Third-Party Data & Analysis

We use the following third-party services to enrich your reports with competitive and market intelligence:

• SEMrush — SEO rankings, keyword data, and competitive analysis for your domain and competitors
• AI language models — We use AI services (including Anthropic Claude, OpenAI, and Google Gemini) to analyze data, identify patterns, and generate the written analysis in your reports. Data sent to these services is used solely for processing your report and is subject to each provider’s data handling policies. We do not use your data to train AI models.

Transactional Email

We use Resend to send transactional emails (subscription confirmations, receipts, onboarding links, and report delivery). Resend processes your email address on our behalf for this purpose only.

Data Storage

Subscriber data, onboarding information, and report data are stored in Supabase (hosted on AWS infrastructure in the United States). Access is restricted to authenticated service connections and authorized personnel only.

Google API Services — Limited Use Disclosure

The Service’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only access Google user data that is necessary to provide the features you have requested (analytics reports based on your GA4, Search Console, and YouTube data).
• We do not use Google user data for advertising, and we do not sell or transfer it to third parties for purposes unrelated to providing the Service.
• We do not use Google user data to train machine learning or AI models.
• We store Google OAuth tokens securely and use them only to retrieve data on your behalf. Tokens can be revoked at any time by disconnecting the data source in your account settings or by revoking access in your Google Account permissions.

What We Do Not Collect

We do not collect phone numbers, postal addresses, or device fingerprints from website visitors. We do not run advertising, targeted ads, or tracking pixels on the Website. We do not sell or rent your information to anyone.

Who We Share Information With

We share information only with the services described above, and only for the purposes stated:

• Stripe — payment processing
• Resend — transactional email delivery
• Google — analytics (GA4, Search Console) on the Website; data retrieval from connected accounts for subscribers
• Microsoft — analytics (Clarity)
• SEMrush — competitive intelligence data for subscriber reports
• Supabase / AWS — data storage infrastructure
• AI providers (Anthropic, OpenAI, Google) — data analysis and report generation for subscribers

We do not share your information with advertising networks, data brokers, or social media platforms.

Data Retention

Contact form submissions are retained for as long as needed to respond to your inquiry. Subscription and report data are retained for as long as your account is active and as required for billing and legal purposes. When you cancel your subscription, your report data is retained for 90 days and then permanently deleted. Analytics data collected on the Website is retained according to the default retention settings of each analytics provider.

You may request earlier deletion of your data at any time by emailing us.

Data Security

We protect your information using encryption in transit (TLS/HTTPS) and at rest where supported by our infrastructure providers. Access to subscriber data is restricted to authorized personnel and authenticated service connections. OAuth tokens are stored securely and never exposed in logs or client-side code.

Your Rights

You may request access to, correction of, or deletion of your personal information at any time by emailing us at hello@moonvine.io. We will respond to requests within 30 days.

If you are a subscriber, you can:

• Manage your subscription through your account dashboard or Stripe portal
• Disconnect data sources at any time (revoking our access to your connected accounts)
• Request a full export of your data
• Request deletion of your account and all associated data

Changes

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date.

Contact

For questions about this Privacy Policy, email us at hello@moonvine.io.