Persona — Legal

Privacy Policy.

Effective:

1. Data we collect

  • Account information: name, email, organization, role.
  • Usage telemetry: request metadata, model identifiers, latency, error codes (never message contents unless you opt in to debug logging).
  • Billing information: handled by Stripe; we store only the Stripe customer ID and subscription state.

2. How we use it

  • Operate, secure, and improve the Persona platform.
  • Comply with legal obligations (audit log retention, tax records).
  • Communicate operational notices and (with consent) product updates.

3. Region & residency

  • Workspaces are pinned to a region (US or EU) at signup; cross-region replication is disabled by default.
  • EU workspaces are processed exclusively in EU infrastructure (ADR 0011).

4. Sharing

  • We never sell personal data.
  • Sub-processors (LLM providers, hosting, email) appear on /subprocessors and are bound by data-processing addenda.

5. Your rights

  • Access, correction, deletion, portability, restriction of processing — request via privacy@moonborn.co.
  • EU/UK users may complain to their supervisory authority. California users have CCPA rights including opt-out of sale (we do not sell).

6. Retention

  • Audit logs: ≥ 1 year (immutable, tamper-evident).
  • Account data: until account deletion, then 30-day soft delete window before hard purge.

7. Contact

  • Data Protection Officer: privacy@moonborn.co.