Privacy Policy

MISSION STATEMENT: RESEARCH & ANECDOTAL PROGRESS

‍

Moonai is more than an application; it is a collaborative research ecosystem.

• The Anecdotal Data Project: You acknowledge that the primary goal of Moonai is to advance the understanding of women’s health through the collection of "Anecdotal Data"—real-world user experiences that fall outside the rigid constraints of clinical trials.
• Progressive Discovery: By using Moonai, you contribute to a "Living Database." This data is used to identify trends, refine sound frequencies (4DSOUND, MONOM), and provide support for reproductive health conditions that are traditionally under-researched.
• Collective Growth: You understand that your individual input is a "fragment of a larger puzzle" used to build better wellness support systems for everyone.

You explicitly acknowledge and agree that contributing to this Living Database is a core purpose of the Services and that your data (once properly anonymized) may be used to advance scientific understanding in 2026 and beyond.

‍

IMPORTANT: MOONAI IS NOT A MEDICAL DEVICE

‍

Moonai SL is a provider of well-being curation and informational support. We are not a healthcare provider, and we do not provide "Medical Advice," "Clinical Diagnosis," or "Treatment Plans."

• No Medical Claims: Any mention of "relief," "improvement," or "prediction" in the App refers to self-reported user comfort and subjective wellness, not a clinical biological cure.
• The 2026 Boundary: In accordance with the 2026 FDA, EU MDR, and low-risk wellness tool guidelines, Moonai explicitly disclaims any responsibility for medical outcomes. You agree that the App is a lifestyle tool and that you will always consult a licensed doctor for medical conditions.
• Non-Intervention: Moonai does not track, alert, or monitor you for the purpose of managing a disease. We provide "trends" and "environmental soundscapes," not "clinical data."

‍

CONTROVERSIAL CONTENT & EDUCATIONAL DISCLOSURE

‍

Moonai may curate content regarding "cutting-edge" or "controversial" health topics, including but not limited to psychedelic research (e.g., psilocybin micro-dosing), alternative therapies, and advanced sexual education.

• Educational Intent: Any mention of controversial substances or practices is for educational, historical, and research-driven discussion only.
• No Promotion of Illegal Acts: Moonai does not encourage the use of illegal substances. We report on the progress of research and user anecdotes regarding these topics.
• The "Human Error" Clause: You acknowledge that health research moves faster than policy. Our curation is performed by humans and AI; therefore, content may contain errors, outdated info, or "experimental" ideas. Moonai SL is not liable for any actions you take based on these educational materials.
• Sexuality & Empowerment: Information regarding sexual health is provided to empower you with knowledge. It is not clinical sex therapy.

DATA LICENSING & THE ANONYMIZATION GOLD STANDARD

‍

To sustain our research mission and keep our services accessible in 2026, Moonai engages in the licensing of data.

• The Licensing Protocol: Moonai may grant licenses to third-party research institutions, universities, or commercial partners to access our datasets.
• Irreversible Anonymization (The "Gatekeeper"): Before any data is licensed, it undergoes a 2026-compliant Irreversible Anonymization Process. This removes all "PII" (Personally Identifiable Information) including names, emails, precise locations, and device IDs.
• The "Linkability" Guarantee: We apply mathematical noise (Differential Privacy) to ensure that even a sophisticated attacker cannot "re-identify" you by crossing our data with other public databases.
• Anonymized Data = Non-Personal Data: Once data is truly anonymized, it is no longer "Personal Data" under the GDPR. You grant Moonai a perpetual, global, irrevocable, royalty-free license to use this anonymized data for research and monetization.

ADVERTISING & THE FREE SERVICE MODEL

‍

Moonai uses a "Hybrid Monetization" model.

• In-App Advertisements: We display ads to support our research. We may use your device's technical identifiers (non-health data) to ensure ads are relevant.
• Third-Party Liability: We do not control the products or services advertised. A link to a third party is not an endorsement.
• Opt-Out: You may opt-out of "Targeted Advertising" in your device settings, but you will still see "Contextual Ads."
• Membership models for additional services

‍

AI TRANSPARENCY (EU AI ACT 2026 COMPLIANCE)

‍

Moonai uses AI Agents to curate your experience.

• AI Literacy: We disclose when a soundscape or insight is "AI-Generated" or "AI-Assisted."
• Human-in-the-Loop: While our AI learns from your anecdotal data, significant research conclusions are reviewed by our human team.
• Bias Acknowledgment: AI can inherit biases. We monitor our models for gender or ethnic bias, but we do not guarantee that AI outputs will be 100% objective.

‍

2. INTRODUCTION

‍

This Privacy Policy & Terms of Service explains how Moonai SL (“Moonai” or “we” or “us”) collects, stores, uses, transfers and shares Personal Data from our users (“you”) in connection with the Moonai mobile application (the “App”)*, and the Moonai’s website including any products and services related to it (the "Website") (all collectively, the “Services”).

*Please note the App may be listed under a different name such as “Moonai”, “Moonai app” or "Moonai period pain relief app", “Moonai women's reproductive health stress and pain relief app”.

We reserve the right to and may change this Privacy Policy from time to time. If we make any material changes, we will notify you by email (sent to the email address provided when you register), through the App, or by presenting you with a new version of this Privacy Policy. If permitted by applicable law (including 2026 GDPR and EU AI Act requirements), your continued use of the Services after the effective date of an updated version of the Privacy Policy will indicate your acceptance of the Privacy Policy as modified. In some cases, you will be given a choice about whether to explicitly accept changes. If you do not accept the terms, please do not use the Services. Please check the Privacy Policy posted on our Website and in the App for the latest updates on our data privacy practices.

By creating an account and continued use of the Services, you confirm you have read all pages of the full digital policy and agree to its terms regarding research, non-medical status, data anonymization, AI transparency, and all liability limitations set out below.

‍

‍

3. PERSONAL DATA WE COLLECT FROM YOU

‍

We collect Personal Data about you in a variety of ways. Sometimes we collect Personal Data automatically when you interact with the Services, and sometimes we collect the Personal Data directly from you. At times, we may receive Personal Data about you from other sources and third parties.

8.1 Personal Data you provide to us directly

General Information

When you sign up to use the Services, we may collect Personal Data about you such as:

• Name;
• Email address;
• Year of birth;
• Password or passcode;
• Place of residence and associated location information including time zone and language;
• In many cases, we may be able to infer your gender by your use of the Services.

Health and Well-being

When you sign up to use the Services, you may choose to provide Personal Data about your health and well-being such as:

• Menstrual cycle dates;
• Details of your menstrual cycle such as pain intensity;
• Various symptoms related to your menstrual cycle and health;
• Other information about your health (including sexual activities), physical and mental well-being, and related activities, including personal life.

8.2 Personal Data we collect automatically

When you access or use the Services, we may automatically collect the following information:

8.2.1 Device Information

• Device model;
• Information about the operating system and its version;
• Unique device identifiers (e.g. IDFA);
• Enabled device accessibility features (e.g. display features, hearing features, physical and motor features);
• Mobile operator and network information;
• Device storage information;
• Version of your device system.

8.2.2 Location Information

• IP address;
• Time zone;
• Information about your mobile service provider.

8.2.3 Data about your use of the Services

• Frequency of use;
• Areas and features of the Services that you access, visit or use;
• Engagement with particular features.

To collect this and other information, we may use cookies and other tracking technologies. See more in our separate Cookie Policy.

Data from external sources

We may receive Personal Data about you from third parties. For example, we may obtain information from third parties to enhance or supplement existing user information, including to customize and personalize your experience and for statistical purposes and analytics.

‍

‍

4. HOW WE USE YOUR PERSONAL DATA

‍

We will not collect and use your Personal Data without letting you know. Depending on which features of the Services you use, we will process your Personal Data based on one or more of the following legal bases:

• Your consent (for example, on the registration screen when you give us permission to process your Personal Data);
• To fulfill our contractual obligations to you in order to provide the Services to you;
• Legitimate interest (our interests in providing the Services, our commercial interests, including protecting the security and integrity of the Services, and wider societal benefits from women’s health research);
• Legal obligation (to comply with applicable laws and regulations).

Below we describe the purposes for which we process your Personal Data and our lawful bases, including examples:

• Purpose: to support the existing functions of the App, including customization of content and materials you see when you use the App → Legal basis: consent. Example: we make automated decisions using your input data to recommend you a sound and visual to help you reduce your pain or feel more productive or relaxed, analyze your data to provide you new features and services, and provide certain suggested articles or materials (e.g., learn articles) to read.
• Purpose: customization of product and service offerings and making recommendations to you, including third-party products and offerings → Legal basis: consent. Example: we may offer you a discount for Moonai Premium.
• Purpose: to provide and deliver the products and services you request, process transactions and send you related information, including confirmations and reminders → Legal basis: contract. Example: using your device data we may send you a reminder, e.g., via push notifications, to log your period or symptoms. You can disable this anytime in your device settings or from within the App using the consent toggle screens.
• Purpose: for billing (invoicing), account management and other administrative purposes → Legal basis: contract.
• Purpose: to respond to your comments, questions and requests and to provide customer service → Legal basis: legitimate interest.
• Purpose: to send you technical notices, updates, security alerts and support and administrative messages → Legal basis: legitimate interest.
• Purpose: to integrate data between the Website and App in connection with onboarding users → Legal basis: legitimate interest.
• Purpose: to monitor and analyze trends, usage and activities in connection with our App → Legal basis: consent.
• Purpose: solely with respect to information that you agree to share, for Moonai promotional purposes → Legal basis: consent.

Principles of processing

Data minimization and purpose limitation. We will not process Personal Data in a way that is incompatible with the purposes for which it has been collected. No sale of Personal Data. We will not sell or rent your Personal Data.

‍

5. THIRD-PARTY PROCESSORS

‍

We engage other companies (“processors”) to process your Personal Data on our behalf. We remain responsible for their actions and enter into formal data processing agreements.

Current list of main processors (April 2026):

• Infrastructure and security: AWS (Amazon Web Services, Inc.) – All Personal Data – Storage of all Personal Data when you use the App.
• Email communications: SendGrid (Twilio SendGrid, Inc., USA) – Email address – to reach you with our newsletters, surveys and notifications.
• Payments: Apple (Apple, Inc.) – Payment and banking information, Personal identifiers – To collect and process payments for subscription to the App.
• Payments: Google (Google LLC, USA) – Payment and banking information, Personal identifiers – To collect and process payments for subscription to the App.
• Payments: Stripe (Stripe, Inc., USA) (not applicable after August 2023 where restricted by platform rules) – Payment and banking information, Personal identifiers – To collect and process payments for subscription to the App.
• Payments: PayPal (Europe) S.à r.l. et Cie, S.C.A. – Payment and banking information, Personal identifiers – To collect and process payments for subscription to the App.
• User onboarding and data integration: AppsFlyer (AppsFlyer, Inc.) – Device model, language, operating system and technical identifiers (with consent for marketing) – to integrate data between the Website and App and (with consent) for promotional purposes.
• User support, onboarding and data integration: Intercom (Intercom, Inc.) – Device-related data – to integrate data between the Website and App in connection with customer support.

Aggregated information

We may aggregate, anonymize or de-identify your Personal Data so that it cannot reasonably be used to identify you. Such data is no longer Personal Data and may be shared for research or statistical purposes (legitimate interest).

Special circumstances

We may share Personal Data in response to legal processes, to protect security, with your consent, or in a business transition (merger, acquisition, etc.).

‍

‍

6. YOUR PRIVACY RIGHTS & DATA SOVEREIGNTY

‍

You have the following rights (subject to applicable law):

• Correction of your Personal Data
• Restriction of Processing
• Access to your Personal Data (including in portable .json form)
• Erasure of your Personal Data (“right to be forgotten”)
• Right to object to the processing of your Personal Data
• Right to withdraw consent

Contact us at contact@moonai.app or dpo@moonai.app to exercise your rights. We will address your request within 30 days (up to 90 days in complex cases). We may refuse manifestly unfounded or excessive requests and require identity verification.

‍

‍

‍

You have the following rights (subject to applicable law):

7. RETENTION OF YOUR PERSONAL DATA

‍

• We retain your Personal Data as long as needed to provide the Services.
  • Active accounts: kept as long as the account is active.
  • Dormant accounts: After 3 years of total inactivity, your account is automatically deleted, and your data is either destroyed or permanently anonymized for research.
  • Legal retention: We may retain metadata related to transactions or legal disputes for up to 10 years as required by Spanish law.
  • Upon deactivation or erasure request: data is generally deleted and not recoverable.
  12.1 Statutory Archive & Legal Defense: Notwithstanding any request for erasure, Moonai SL reserves the right to retain specific Personal Data and transaction metadata for a period of up to ten (10) years following the deactivation of an account or the final interaction with the Services. This retention is strictly limited to fulfilling legal obligations under Spanish tax and commercial laws, and for the establishment, exercise, or defense of legal claims.12.2 Technical Integrity & Forensic Records: During this 10-year period, such data will be "restricted" or "frozen" in a secure archive, isolated from daily processing and AI training. You acknowledge that this retention is a security necessity to protect Moonai SL against fraudulent claims, state-sponsored audits, or historical liability disputes.12.3 Irreversible Transformation: After the mandatory 10-year legal period, any remaining data will be subject to our Irreversible Anonymization Gold Standard, effectively removing it from the scope of Personal Data regulations and integrating it into our perpetual research database.

‍

You have the following rights (subject to applicable law):

8. DATA SECURITY

‍

We implement technical and organizational measures (post-quantum encryption, zero-knowledge architecture, pseudonymization, tokenization, vulnerability scanning, penetration testing, privacy-by-design, and regular data protection impact assessments) to protect Personal Data, especially special categories such as health data.

Important 2026 Acknowledgment: Despite our best-in-class efforts, no digital system is immune to state-sponsored attacks or zero-day exploits. By using Moonai, you acknowledge this inherent risk. In the event of a breach, our liability is strictly limited to notifying you within 72 hours (per GDPR Art. 33), providing a clear report, and reasonable mitigation steps. We are not liable for emotional distress or reputational damage if standard protocols were followed.

DATA SECURITY – BEST EFFORTS AND OPERATIONAL LIMITATIONS

Moonai SL takes reasonable and appropriate technical and organizational measures to protect your Personal Data against loss, theft, misuse, unauthorized access, disclosure, alteration, or destruction, in line with industry standards and applicable law.

Best Efforts Commitment

Due to current operational and resource constraints, Moonai SL undertakes to exercise its best efforts and all reasonable efforts to maintain the security of the Services, to respond to data subject requests, and to fulfill its obligations under this Privacy Policy and applicable data protection laws.

By accessing or using the Services, you expressly acknowledge and agree that:

• Moonai SL’s obligations regarding data security, maintenance, support, and response times are performed on a best efforts basis and constitute obligations of means, not obligations of result.
• No digital system can be guaranteed to be completely secure, and Moonai SL cannot guarantee absolute security or uninterrupted availability of the Services.
• In the event of a personal data breach, Moonai SL’s liability shall be strictly limited to notifying affected users within the timeframes required by law (including 72 hours under GDPR Article 33 where applicable) and taking reasonable steps to mitigate the consequences.

This clause does not limit or exclude any rights you may have under applicable mandatory data protection laws (such as the GDPR or EU AI Act). We remain committed to continuously improving our security measures as resources and circumstances allow.

‍

‍

9. INTERNATIONAL PERSONAL DATA TRANSFERS & STORAGE

‍

Moonai is based in Spain. Personal Data may be transferred to and processed in the U.S. and other countries. For transfers outside the EU/EEA/UK we implement Standard Contractual Clauses or rely on adequacy decisions. Contact us for further information.

‍

‍

‍

10. CHILDREN’S PRIVACY

‍

MThe Services are not intended for children. You must be at least 13 (16 for EEA/UK). We do not knowingly collect data from children below these ages and will immediately delete any such account and data.

‍

‍

11. COMMUNICATION WITH YOU

We may contact you via email, push notifications or in-app messages about products, services, offers, promotions, rewards, and events. You can opt-out of marketing emails and push notifications. Service-related communications cannot be opted out of.

‍

‍

‍

12. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MOONAI SL SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO:

• Medical outcomes or complications
• Reliance on "Anecdotal Trends"
• Any health induced issue caused by the app, its content or related
• Emotional distress from "Controversial" educational content
• Data loss due to user negligence (e.g., sharing your password)
• The actions of third-party advertisers

The Services are provided “as is” and “as available” without any warranties.

‍

‍

‍

13. GOVERNING LAW & CONTACT

This Policy is governed by the laws of Spain. Disputes are subject to the exclusive jurisdiction of the courts of Barcelona, Spain (subject to mandatory consumer protections).

Data Protection Officer: dpo@moonai.app

General contact: contact@moonai.app

Registered address: Moonai SL, Carrer de les Guilleries 6, 2-2, 08012 Barcelona, Spain.

You may also contact your local data protection authority.

Final Acknowledgment

By using Moonai you confirm you have read, understood, and agree to every provision in this document, including all research, non-medical, controversial content, data licensing, AI, security, and liability clauses. This policy is designed to be fully protective of Moonai SL while remaining transparent and compliant in 2026.