OwnMoat

Privacy Policy

Last updated: TODO — set when drafted text is pasted in.

1. Introduction

TODO: paste drafted introduction here. Should identify OwnMoat as the data controller, name the operating entity, and state the effective date.

2. Data we collect

TODO: enumerate every category of data OwnMoat collects. Must explicitly list each Google API Services scope requested (e.g. Google Search Console — read-only, Google Analytics 4 — read-only) with a one-line purpose for each. Google reviewers cross-check this list against the OAuth consent screen scopes.

3. How we use it

TODO: paste drafted "how we use" section. Should map each data category from Section 2 to specific user-facing features that require it.

4. Google API Services — Limited Use

OwnMoat's use of information received from Google APIs adheres to the Google API Services User Data Policy , including the Limited Use requirements. Specifically:

5. Data retention

TODO: paste drafted retention text. For each data category from Section 2, state how long OwnMoat retains it and the deletion trigger (customer offboarding, retention window, request).

6. Third-party subprocessors

TODO: paste drafted subprocessor list. At minimum: Cloudflare (edge + Pages), Railway (application hosting), Anthropic (LLM inference), OpenAI (LLM inference), Supabase (auth), Google (LLM inference via Gemini if used). One-line purpose per entry.

7. Your rights

TODO: paste drafted rights section — access, correction, deletion, portability, withdrawal of consent, right to complain to a supervisory authority. Include the process by which a user exercises each right.

8. Security

TODO: paste drafted security section — encryption in transit and at rest, access control, incident response, breach notification timeline.

9. Contact

Privacy questions or requests: hello@ownmoat.com.