Last updated: Jan 5th 2026
This Privacy Policy explains how noMoonlight (“we”, “us”, “our”) collects, uses, stores, and protects personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable U.S. privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).
1. Data Controller (GDPR Article 13(1)(a))
The data controller responsible for processing your personal data is:
noMoonlight
Website: https://nomoonlight.com
Email: privacy@nomoonlight.com
If noMoonlight acts as a data processor on behalf of an employer or organization, that organization remains the data controller for employment-related data.
2. Categories of Personal Data We Process (GDPR Articles 13 & 14)
We may process the following categories of personal data:
a) Identification & Contact Data
- Name
- Email address
- Employer or company affiliation
b) Account & Platform Data
- User account credentials (hashed passwords)
- Contract and exclusivity status metadata
- Employment relationship identifiers
- Notifications related to contract conflicts
c) Technical & Usage Data
- IP address
- Browser type and version
- Device information
- Login timestamps
- Audit logs and security events
d) User-Generated Content
- Comments or messages submitted through the platform
- Uploaded documents or files
3. Purposes of Processing (GDPR Article 13(1)(c))
We process personal data for the following purposes:
- Providing and operating the noMoonlight platform
- Managing user authentication and access control
- Detecting and preventing conflicting or unauthorized employment engagements
- Enforcing exclusivity and contract rules
- Sending service-related notifications
- Ensuring platform security, integrity, and fraud prevention
- Complying with legal and regulatory obligations
4. Legal Bases for Processing (GDPR Article 13(1)(c))
Processing is based on one or more of the following legal grounds:
- Article 6(1)(b) – Performance of a contract
- Article 6(1)(c) – Compliance with a legal obligation
- Article 6(1)(f) – Legitimate interests (security, fraud prevention, auditability)
- Article 6(1)(a) – Consent (where explicitly required, e.g. cookies)
Where legitimate interest is relied upon, it is balanced against your fundamental rights and freedoms.
5. Data Sources (GDPR Article 14)
Personal data may be obtained:
- Directly from you (registration, comments, uploads)
- From your employer or contracting organization (where they provision your account)
- Automatically via platform usage and security monitoring
6. Cookies and Tracking Technologies
We use strictly necessary cookies for:
- Session management
- Authentication
- Security and fraud prevention
Optional cookies (e.g. preference storage) are used only with consent where required by law.
You may control cookies via your browser settings.
7. Data Recipients (GDPR Article 13(1)(e))
We may share personal data with:
- Hosting and cloud infrastructure providers
- Email and notification service providers
- Security, logging, and monitoring vendors
All recipients are bound by contractual confidentiality and data protection obligations.
We do not sell personal data.
8. International Data Transfers (GDPR Article 13(1)(f))
Where personal data is transferred outside the EU/EEA, we ensure appropriate safeguards, including:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions (where applicable)
9. Data Retention (GDPR Article 13(2)(a))
We retain personal data only for as long as necessary:
- Account data: for the duration of the user relationship
- Audit and security logs: as required for compliance and dispute resolution
- Legal records: as required by applicable law
Data is securely deleted or anonymized once retention periods expire.
10. Data Subject Rights (GDPR Articles 15–22)
You have the right to:
- Access your personal data
- Rectify inaccurate or incomplete data
- Erase your personal data (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time (where applicable)
Requests can be submitted to privacy@nomoonlight.com.
You also have the right to lodge a complaint with a supervisory authority.
11. Automated Decision-Making (GDPR Article 22)
noMoonlight may perform automated checks to detect conflicting employment or exclusivity breaches.
These checks do not produce legal effects without human oversight and contractual context.
12. Where Your Data Is Processed
Comments and activity data may be reviewed by automated spam and security systems.
All systems follow industry-standard security practices.
CCPA / CPRA Privacy Notice (California Residents)
This section applies only to California residents.
Categories of Personal Information Collected
- Identifiers (name, email, IP address)
- Internet activity (platform usage, logs)
- Professional or employment-related information
Purposes of Use
- Providing services
- Security and fraud prevention
- Legal and contractual compliance
Your Rights Under CCPA/CPRA
You have the right to:
- Know what personal information we collect
- Access your personal information
- Request deletion of your personal information
- Correct inaccurate personal information
- Opt out of the sale or sharing of personal information
- Not be discriminated against for exercising your rights
We do not sell or share personal information as defined by CCPA/CPRA.
Requests can be made via privacy@nomoonlight.com.
13. Changes to This Policy
We may update this Privacy Policy from time to time.
Changes will be posted on this page with an updated revision date.
14. Contact
For privacy-related inquiries: