Moonmap Privacy Policy

Company: Astronaut Party Inc., 2426 Greenwich St., San Francisco, CA 94123 · Contact: data@astronautparty.com
Effective Date: November 24, 2025 · Last Updated: May 1, 2026

1. Introduction

Moonmap operates a SaaS platform that combines analytics from Meta, Google Ads, Microsoft Advertising, Northbeam, Shopify, and first-party attribution tracking to optimize marketing performance.

2. Information We Collect

2.1 Account Information

Email, name, and authentication credentials for account creation; basic profile data for OAuth authentication with Meta, Google, and Microsoft.

2.2 Meta Business Data

Access includes ads performance metrics, Pages data, Business Manager info, and campaign data via permissions: ads_read, ads_management, business_management, catalog_management, pages_read_engagement, pages_manage_ads, pages_show_list.

2.3 Google Ads Data

Campaign performance, Shopping data, and spend/conversion metrics accessed via https://www.googleapis.com/auth/adwords scope.

2.4 Microsoft Advertising Data

Campaign, keyword, and performance metrics accessed via https://ads.microsoft.com/msads.manage and offline_access scopes.

2.5 Northbeam Data

Attribution analytics and cross-channel performance metrics accessed through Northbeam's Data Export API.

2.6 Shopify Data

Order data, product catalogs, inventory costs, and purchase history accessed via read_orders, read_products, and read_inventory permissions. Real-time data received via webhooks for orders, refunds, and GDPR requests.

2.7 Attribution Tracking Data

The Shopify Web Pixel collects page views, product views, UTM parameters, ad click IDs (fbclid, gclid, msclkid — only with marketing consent), a first-party identifier cookie (2-year expiry), and one-way hashed customer emails. A tiered consent model applies: Essential only, Analytics, or Marketing tiers.

2.8 Google Drive Data

File metadata and content for files you explicitly select via Google's file picker, accessed using https://www.googleapis.com/auth/drive.file scope (per-file access only).

2.9 Usage and Analytics Data

Service usage via PostHog, log data (IP, browser, device), cookies, and live chat interactions via Crisp.

2.10 Data Sync Frequency

Meta, Google, Microsoft, Northbeam, and Shopify APIs sync hourly, daily, and on-demand; Shopify orders sync in real-time via webhooks.

3. How We Use Your Information

We use data to:

We do not:

4. Data Sharing and Disclosure

4.1 Sub-processors

Data processing partners (bound by data processing agreements and Standard Contractual Clauses where applicable):

4.2 Legal Requirements

Data may be disclosed if required by law, court order, or to protect rights and safety.

4.3 Business Transfers

Data may transfer in mergers, acquisitions, or asset sales with notice.

5. Platform Compliance

5.1–5.4 Meta, Google Ads, Microsoft Advertising

Each platform's data is used exclusively for your analytics and campaign optimization, never for user profiling or transfer to data brokers. Data is visible only to you and authorized account users.

5.5–5.6 Google Drive

Files are accessed only via explicit selection; we do not modify, delete, or share your files. Content is imported to our platform storage; access credentials are deleted upon disconnection.

5.7–5.8 Microsoft Advertising

Data used exclusively for analytics and reporting; not shared with third parties except for service delivery.

5.9–5.10 Northbeam

Attribution analysis only; data visible to you and authorized users.

5.11–5.12 Shopify

Order data used for attribution and insights; customer emails processed via one-way hashing (plaintext never stored). GDPR webhooks trigger immediate deletion. Data retained while account is active; deleted upon disconnection or GDPR customer deletion requests.

5.13–5.14 Moonmap Attribution

First-party conversion attribution only; click IDs collected only with marketing consent (Tier 2). Consent withdrawal immediately clears click IDs. Plaintext emails never stored; first-party cookies used for session tracking. Data deleted immediately upon account deletion or GDPR requests, with customers added to a blocklist.

6. Data Retention and Deletion

6.1 Active Accounts

Data retained while account is active.

6.2 Account Deletion

Delete anytime via user interface. Upon deletion, all data (Meta, Google, Microsoft, Northbeam, Shopify, attribution) is immediately removed; only legal-compliance records retained.

6.3 Deletion Requests

Request via in-app deletion feature or data@astronautparty.com. Processed immediately.

7. Your Privacy Rights

7.1 European Users (GDPR)

Right to access, rectification, erasure, restriction, portability, objection, and consent withdrawal. Self-serve data download available: Settings → Privacy → Download my data (JSON summary + per-section CSVs). Logged-in users withdraw consent via Cookie Preferences (footer) or Settings → Privacy. Other requests: email data@astronautparty.com (30-day response).

7.2 California Users (CCPA)

Right to know, delete, opt-out of sale (we do not sell data), and non-discrimination. Submit requests via data@astronautparty.com or in-app account deletion.

8. Cookies and Tracking Technologies

8.1 On Moonmap Platform (moonmap.ai)

Essential cookies (no consent required): Session authentication (Supabase), workspace selection, UI preferences, unsaved-changes tracking.

Non-essential cookies (consent required): PostHog analytics, Crisp live chat, Meta Pixel (early-access landing page).

Consent banner on first visit. Fully functional with Essential Only. Browser DNT/GPC signals automatically trigger Essential Only mode (recorded in audit log). Change anytime via Cookie Preferences (footer) or Settings → Privacy. Withdrawing consent deletes corresponding third-party data.

8.2 On Client Shopify Stores

First-party attribution pixel runs on client stores, subject to consent tiers in Section 2.7. End-shoppers manage consent via the store's banner.

9. Data Security

Technical and organizational measures include:

No transmission method is 100% secure; absolute security cannot be guaranteed.

10. Children's Privacy

Service not directed to individuals under 13. We do not knowingly collect information from children. Report inadvertent collection immediately.

11. International Data Transfers

Data may be transferred to and processed in countries other than your residence, including the United States (primary infrastructure: Supabase, Vercel).

For EEA, UK, or Swiss transfers to non-adequate countries, we use Standard Contractual Clauses (Module 2, controller-to-processor) approved by the European Commission. Sub-processors have SCCs or equivalent protections. Supplementary measures include encryption in transit/at rest, access controls, and audit logging.

12. Changes to This Privacy Policy

Updates posted on website with “Last Updated” date change. Material changes communicated via email to registered users. Continued use constitutes acceptance.

13. Contact Us

Astronaut Party Inc.
2426 Greenwich St.
San Francisco, CA 94123
data@astronautparty.com

EU/UK users may contact local data protection authorities.

Consent: Using the service acknowledges you have read and agree to this Privacy Policy.

© 2026 Astronaut Party Inc. All rights reserved.

Moonmap
PrivacyTerms© 2026 Astronaut Party Inc.