Moon Minutes ("we," "our," or "the app") is a personal lunar journaling application. We are committed to protecting your privacy and being transparent about how your data is handled. This policy describes what information we collect, how we use it, and your rights regarding your data.
1. Information We Collect
Account Information
- Email address — used for account identification and password reset functionality.
- Password — stored only as a bcrypt hash; your plaintext password is never stored or logged.
Journal Data
- Journal entries — text content you write in your daily lunar journal, including titles, body text, mood ratings, and tags.
- Moon sign preferences — your selected sun sign and moon sign for personalized lunar interpretations.
Location Data
- Geographic coordinates — latitude and longitude used to calculate accurate moonrise, moonset, and moon position data for your location.
- City name — resolved from coordinates for display purposes.
- Timezone — determined from your coordinates to provide accurate local times.
2. How Your Data Is Stored
Database
All user data is stored in a PostgreSQL database. Access to the database is restricted to the application server.
Password Security
Passwords are hashed using bcrypt with a secure salt before storage. We never store, log, or have access to your plaintext password.
Optional Entry Encryption
Moon Minutes offers optional AES-GCM encryption for individual journal entries. When enabled:
- Encryption and decryption happen entirely on your device (client-side).
- Your encryption key is derived from a password you choose and is never transmitted to our servers.
- Encrypted entries are stored as ciphertext in the database; we cannot read them.
- If you lose your encryption password, encrypted entries cannot be recovered.
3. Third-Party Services
We use the following third-party services to provide app functionality:
MailerSend
Used to send password reset emails. When you request a password reset, your email address is shared with MailerSend to deliver the reset link. MailerSend's privacy policy applies to their handling of this data.
OpenStreetMap Nominatim
Used for reverse geocoding — converting your geographic coordinates into a human-readable city name. Your coordinates are sent to the Nominatim API as part of this lookup. No account information is shared.
TimeAPI.io
Used for timezone resolution — determining your local timezone from your geographic coordinates. Only coordinate data is sent to this service.
We do not sell, rent, or share your personal information with any other third parties for marketing or advertising purposes.
4. How We Use Your Data
- To provide and operate the Moon Minutes journaling experience.
- To calculate accurate lunar data (moonrise, moonset, moon phase, moon sign) based on your location.
- To deliver personalized lunar interpretations based on your sign preferences.
- To enable password reset via email when requested.
- To maintain and improve the application.
5. Your Rights
You have the following rights regarding your personal data:
- Access — You can view all your journal entries, account information, and preferences within the app at any time.
- Export — You can export your journal entries and personal data from the app.
- Deletion — You can request deletion of your account and all associated data. Upon deletion, all your journal entries, preferences, and account information will be permanently removed from our database.
- Correction — You can update your email, password, sign preferences, and location at any time through the app settings.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- All personal data, journal entries, and preferences are permanently deleted from our database.
- Deletion is irreversible and cannot be undone.
- Backups containing your data may persist for up to 30 days before being purged.
7. Data Security
We take reasonable measures to protect your data, including:
- HTTPS encryption for all data in transit.
- Bcrypt password hashing with secure salts.
- Optional client-side AES-GCM encryption for journal entries.
- Restricted database access limited to the application server.
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Children's Privacy
Moon Minutes is not intended for use by children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can remove it.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the app after changes constitutes acceptance of the revised policy.
10. Contact
If you have questions about this privacy policy or wish to exercise your data rights, please reach out through the app or contact us at the email provided in your account settings.
← Back to Moon Minutes