What happens to your data



1.1 Moonbase SRL (hereinafter alternatively referred to as Moonbase, the Company, we, our or us) is committed to protecting your privacy and personal data. This privacy policy (hereinafter referred to as the Privacy Policy) explains how we collect, store, process, transfer, share and use information collected when you use any of our products and services, including, but not limited to, Graceful Efforts, our web application meant to provide a way for people to collaborate, and related training or support (hereinafter collectively referred to as the Services).

1.2 Before accessing or using our Services, please ensure that you have read and understood our collection, storage, use and disclosure of your personal information as described in this Privacy Policy. By accessing or using the Services, you signify that you agree to be bound by our Terms of Service and this Privacy Policy. If you do not agree to the terms of this Privacy Policy you must discontinue using the Website and the Services.

1.3 Personal Information as used in this Privacy Policy, is information that allows the direct identification of an individual, such as a name or email address, and information that is directly combined with such identifying information. Our primary purpose in collecting Personal Information is to personalize your user experience, maintain, provide and improve our Services, Website and business, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. We may also use third-party service providers, partners (hereinafter referred to as Partners), or affiliates (hereinafter referred to as Affiliates) to help us operate our business - provide, support, maintain, or secure our Services and our Website; or administer activities on our behalf, such as events or marketing campaigns. It may be necessary to provide or allow access to your Personal Information to these third-party service providers, Partners, or Affiliates for those purposes.

1.4 We are based in UE and the information we collect is governed by EU law. The information we collect may be transferred to, used from, and stored in EU or other jurisdictions in which the Company, our Affiliates, or service providers are located; these jurisdictions may not guarantee the same level of protection of personal data as the jurisdictions in which you reside. By using the Services, you acknowledge and agree to any such transfer of information outside of the jurisdiction in which you reside.


We collect two types of data about individuals who use our Services (hereinafter referred to as the Users), namely (i) technical data automatically collected from all visitors to the Website and Users (hereinafter referred to as Passive Data Collection) and (ii) information that you or others voluntarily submit to us (hereinafter referred to as User-Submitted Information).


2.1.A User Activity Information

2.1.2 Passive Data Collection may comprise information such as details of your visits to the Website, including traffic data, geolocation data, logs, number of clicks, and information about your computer and internet connection, specifically your IP address, operating system and browser type.

2.1.B Device Information

2.1.3 We also collect information about the computer, tablet, smartphone or other electronic devices you use to connect to the Services. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers, and applications connected to the Services through the device, your internet service provider or mobile network, your IP address.

2.1.C Cookies and similar technologies

2.1.4 Our Website and Services use cookies and similar tracking technologies to distinguish you from other users of our Service. This helps us enhance and personalize your user experience, to monitor and improve our Website and services, and for other internal purposes.

2.1.5 Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.

2.1.6 Cookies we utilize on the Website may include, without being limited to, session cookies, preference cookies, and security cookies. A session cookie expires when you close your browser. A preference cookie enables us to remember your preferences and various settings used when accessing the Services. Security cookies are used for security purposes. We will use this information to make our Services and the advertising materials related to other services developed by the Company, Partners or Affiliates, or to other features associated with the Services, more relevant to your interests. We may also share this information with third parties for this purpose.

2.1.7 You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block cookies you will not be able to access all or portions of our Services or features associated with our Services.

2.1.8 If you wish not to be tracked, some browsers have incorporated Do Not Track features that can send a signal to the websites you visit to indicate that. Because there is not yet a consensus on how companies should respond to web browser-based or other Do Not Track mechanisms, our systems do not recognize browser "do-not-track" requests yet. If you disable cookies, be aware that some features of our Services may not function.


2.2.1 We collect Personal Information about you when you voluntarily submit information directly to us by filling in forms on our Website or by corresponding with us. This includes information you provide when you register to use our Website, subscribe to the Services or newsletters, participate in any discussion boards, forums or other social media functions on our site or enter a competition, promotion or survey and when you report a problem with our Website, or use some other feature of the Services as available from time to time.

2.2.2 If you choose not to provide personal information, we will not be able to provide the Services to you or respond to your other requests.

2.2.A Contact information and basic personal details

2.2.3 This information comprises data such as your name, phone number, address, location, IP address, e-mail address and where applicable, professional details.

2.2.4 When you're creating an user account, you attach to your profile mandatory personal information like name and email address, and optional personal information like social media profiles or a link to your portfolio. If you choose to make your profile visible to other users, you consent that they may access this personal information. To revoke this permission, simply disable your public profile in your user profile.

2.2.5 When you sign up for a free trial of our Services, we will ask for your name, email address, an username and a password. Without this information will not be able to create an account. We will use this information to identify you as the owner of the account that you have created, every time you sign in.

2.2.6 We also use this information to contact you about the products and Services on our Website in which you have expressed interest.

2.2.B Payment information

2.2.7 This information comprises details such as your credit card or other financial information. We will request this information when you upgrade to a paid plan in order to fulfill the billing process.

2.2.C Correspondence and comments

2.2.8 When you send us an email for technical assistance or customer support, with feedback or a complaint, we will record any personal information and other content that you provide in your communication so that we can effectively respond to your communication.

2.2.9 We may also record your Personal Information and content if you comment publicly on our Website, blog or any social media platform.

2.2.D Recruiting and professional details

2.2.10 This category comprises professional details and employment information such as resume or references used to facilitate collaborating together with project owners and other Users while using our Services.

2.2.E User surveys

2.2.11 We may provide you the opportunity to participate in surveys on our Website or through our Services. If you participate, we will request certain Personal Information. The requested information typically includes contact information (such as name and billing address), demographic, and professional information. We will use this information internally to improve our products and Services.

2.2.F Third-party account credentials. Authentication and authorization.

2.2.12 When you provide us with your third party account credentials, to any services (such as Facebook, Gmail or Outlook), you understand that some content and/or information in those accounts will be transmitted into your account with us for authentication purposes and you authorize our Services to act on your behalf.

2.2.G Testimonials

2.2.13 With consent, we may display personal testimonials of satisfied customers on our Website, along with other endorsements. Please read our Terms of Service for further information.

2.2.H Templates and content related to projects

2.2.14 The content that you create, submit, post, or transmit to the non-public areas of the Website such as project information, tasks, work packages, deliverables, stages, teams (hereinafter referred to as the Content) or other information within the project is private. In this Privacy Policy, we distinguish between Content and all other information about you. We have no control over the information contained within Content, including any personal data.

2.2.15 We only access Content as necessary to respond to customer support requests (including, with respect to enterprise users, company administrator requests), comply with the law or legal proceedings or to investigate, prevent, or take action against suspected abuse, fraud, or violation of our policies and terms.


3.1 If you are located in the EU, please note that the legal bases under the EU General Data Protection Regulation (hereinafter referred to as the GDPR) for using the information we collect through your use of the Service as an User are as follows:

3.1.A "Performance of a contract". Where use of your information is necessary to perform our obligations under a contract with you (e.g. to comply with the Terms of Service which you accept by using the Services).

3.1.B "Legitimate interest". Where use of your information is necessary for our legitimate interests or the legitimate interests of others (for example, to provide security for our Services; operate our Services; prevent fraud, analyze use of and improve our Services, and for similar purposes).

3.1.C "Legal obligation". Where use of your information is necessary to comply with a legal obligation.

3.1.D "Consent". Where we have your consent to process data in a certain way.


4.1 We only use your Personal Information to provide you the Services or to communicate with you about the Services or the Website.

4.2 With respect to any documents and Content you may choose to upload, we take the privacy and confidentiality of such documents seriously. If you choose to make a document public, we recommend you redact any and all references to people and addresses, as we can't protect public data and we are not responsible for any violation of privacy law you may be liable for.

4.3 The Company may collect and use Users' Personal Information to be able to:

4.3.A Assist with your development of using our products or services when you request a free trial account.

4.3.B Carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and Services that you request from us. For example, we use your payment information to facilitate payment for use of the Services and perform our contract with you.

4.3.C Provide product and Services updates and alerts to you. For example, we may use your email address to send you updates and news, to send you invoices and contact you on behalf of other Users (such as notifications from projects or other Services activity).

4.3.D Send you newsletters, special offers or promotions, or to otherwise contact you about the Services or information we think may interest you.

4.3.E Personalize Users' experience. For example, we use your device information to enable the Services to be presented to you on your device and also operate, maintain and provide to you the features and functionality of the Services. This processing is necessary for the performance of our contract with you and also for our legitimate interest, namely to tailor the Services to the User and to improve the Services generally.

4.3.F Improve our Services in order to better serve you. For example, we use your professional details to facilitate your collaboration with other Users, if you give us your explicit consent to do so by enabling a Public Profile.

4.3.G Improve customer service. For example, we use your correspondence and comments information in order to address your questions, issues, and concerns and resolve your customer service issues. The processing is necessary for our legitimate interests, namely communicating with you effectively for the purposes of resolving your issues.

4.3.H Protect our Services and our Users.

4.3.I Verify your identity and account when identity verification is required.

4.3.J Process your payments. For example, we use your payment information to facilitate payment for use of the Services and perform our contract with you.

4.3.K Solve bugs and issues.

4.4 We will use all the Personal Information we collect to operate, maintain and provide to you the features and functionality of the Services, to monitor and improve the Services, our Website and business, for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to keep the Website safe and secure and to help us develop new products and services.


5.1 We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your Personal Information to send you promotional information about third parties which we think you may find interesting if we will have your permission to do so.

5.2 We may share your Personal Information with any member of our group, which includes our subsidiaries. We will not share your personal information with any third parties except as described in this privacy policy or in connection with the Service. We may share your information with selected third parties, including:

5.2.1 Business partners, vendors, suppliers, and subcontractors who perform services on our behalf (these companies are authorized to use your Personal Information only as necessary to provide these services to us);

5.2.2 Payment processors for the purpose of fulfilling relevant payment transactions;

5.2.3 Third-party service providers to provide website and application development, hosting;

5.2.4 Data storage partners and partners who provide virtual infrastructure;

5.3 In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet law enforcement requirements. This includes exchanging information with other companies and organizations for the purposes of fraud protection.

5.4 Users acknowledge and agree that they can create Content, which may contain information about themselves or other Users, and grant permission to others to see, share, edit, copy and download that Content. Some of the collaboration features of the Services display some or all of your profile information to other Users when you share or interact with specific Content. Similarly, when Users join a project, your name and contact information will be displayed in a list for other project members so they can find and interact with you. Our Website includes publicly accessible blogs or community forums. Any information you provide in these areas may be read, collected and used by others who access them. This includes information posted on our public social media accounts. To request removal of your personal information from our blog or community forum, contact us at build_email_privacy.

5.5 If you choose to comment, post or share your content in a social part of our products or services, you understand that any information that you submit is not confidential and will be available to the public at large and potentially accessible through third-party search engines. Moonbase is not responsible for the personal information you elect to disclose publicly and is not liable for any malicious use of such information by others.

5.6 Additionally, we may disclose Personal Information where we, in good faith, deem it appropriate or necessary to prevent violation of the terms of service or our other agreements; take precautions against liability; protect the rights, property, or safety of our Services, our Affiliates, any individual, or the general public; maintain and protect the security and integrity of our Services or infrastructure; protect ourselves and our Services from fraudulent, abusive, or unlawful uses; investigate and defend ourselves against third-party claims or allegations; or assist government enforcement agencies.


6.1 The Website contains links to other sites that are not owned or controlled by the Company. Please be aware that this Privacy Policy applies only to information collected by the Company, and we are not responsible for the privacy policies and practices of such other sites. We encourage you to be aware when you leave the Website and to read the privacy policies of each and every website.


7.1 From time to time we may contact you with relevant information about the Services. Most messages will be sent electronically. For some messages, we may use Personal Information we collect about you to help us determine the most relevant information to share with you.

7.2 If you do not want to receive such messages from us, you will be able to disable e-mail notifications in your profile page.


8.1 The security of your information is important to us, including, but not limited to, the Personal Information collected via the Website. We have implemented security measures to protect against the loss, unauthorized access, misuse, alteration, and destruction of Personal Information under our control. Although we make good faith efforts to maintain the security of such Personal Information, no method of transmission over the Internet or method of electronic storage, is 100% secure and we cannot guarantee that it will remain free from unauthorized access, use, disclosure, or alteration. Further, while we work hard to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent unauthorized persons, organizations or software agents from illegally accessing or obtaining this information.

8.2 We use industry leading measures, including site-wide TLS encryption to protect the Personal Information, Content, the project information, and personal information that is stored in our database or sent using the Website.

8.3 Your password is not stored in clear text, so you will be unable to recover it. Instead, you will only be able to generate a new one should you forget your current password.

8.4 All data is backed up daily and stored in multiple locations.


9.1 We maintain the ISO 27001:2013 certification.

9.2 While no transmission of information via the internet is completely secure, we take reasonable measures to protect your Personal Information. We cannot guarantee the security of your personal information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

9.3 You hereby acknowledge that the Company is not responsible for any intercepted information sent via the internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.

9.4 If a security systems breach occurs, we may post a notice on our homepage or elsewhere on the Website and may send email to you at the email address you have provided to us.

9.5 If a security breach occurs or you find a security issue while using the Services and want to report it to us, please send an email to build_email_security.

9.6 As part of securing personal data stored on our servers, we restrict access to Personal Information residing on those servers to the Company's employees, contractors, and agents who need to know that information in order to operate, develop, or improve the Services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations. For example, we use third party subprocessors, such as cloud computing providers and customer support software, to provide our Services. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed.

9.7 If we learn of a security breach, we may attempt to notify you electronically so that you can take appropriate protective steps. By using the Services or the Website or by providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services.

9.8 The Company cannot be liable for service interruptions, intrusions, errors, loss of data, or any other interference with the use of the Services as a result of security related incidents.

9.9 In the unlikely event that we believe that the security of your Personal Information may have been compromised, we will notify you via email within 72 hours and provide the currently available information on the security concern.


10.1 Your Personal Information is stored digitally in the European Union, leveraging the world leading GDPR legal framework to protect your personal information.


11.1 We will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.

11.2 To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your personal information and the applicable legal requirements.

11.3 We will retain your data for a period of 180 days following the termination of your account. During the storage period you will be able to retrieve your data in JSON format.

11.4 Upon the end of the Storage Period all your data will be permanently deleted from Website's servers, unless we have to comply with legal obligations, to resolve disputes, to enforce our agreements, to support business operations or to continue to develop and improve our Services.

11.5 User's information regarding invoices and payment details will be retained according to the law.


12.1 If you want to delete your data, you have to cancel your account. Upon termination, all the User access to the Service will be disabled and all of the User's Personal Information will be stored in the Website's database for a period of 180 days following the termination of the User's account. During the storage period the User shall be able to retrieve the data in JSON format. Upon the end of the storage period all the User's Data will be permanently deleted from the Website's servers. Once deleted, this information cannot be recovered. After such 180-day period, the Company has no obligation to maintain or provide any of the Personal Information and may thereafter, unless legally prohibited, delete all of the User's Personal Information in our systems or otherwise in our possession or under our control.

12.2 If an User was invited to other User's projects then their specific contribution in other projects will remain, but their Personal Information will be deleted.


13.1 Subject to the exceptions provided by chapter 3 of GDPR i.e. Rights of the data subject, you have the following rights in respect of your Personal Information that we hold:

13.1.1 "Right of access and portability". The right to obtain access to your Personal Information along with certain information, and to receive that Personal Information in a commonly used format and to have it ported to another data controller, according with article 15 and 20 GDPR.

13.1.2 "Right to rectification". The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete, according with article 16 GDPR.

13.1.3 "Right to erasure i.e. the right to be forgotten". The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or processed, according to article 17 GDPR.

13.1.4 "Right to restriction of processing". The right to obtain the restriction of the processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that Personal Information, according to article 18 GDPR.

13.1.5 "Right to object". The right to object, on grounds relating to your particular situation, to the processing of your Personal Information, and to object to the processing of your Personal Information for direct marketing purposes, to the extent it is related to such direct marketing, according to article 21 GDPR.

13.1.6 "Automated individual decision-making, including profiling". You have the right not to be subject to a decision based solely on automated processing, including profiling, according with article 22 GDPR.

13.1.7 "Right to non-discrimination". The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.

13.1.8 "Complain". You have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available here. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.

13.1.9 "Right to withdrawal of consent". You have the right to withdraw your consent in respect of any processing of Personal Information which is based upon a consent which you have previously provided. This will not affect the lawfulness of our processing before the withdrawal. Should you intend to withdraw your consent in respect of any processing of Personal Information, the only way to do so is by deleting your account.

13.2 You may exercise many of these rights by signing in and directly updating your account information. You may also exercise your rights by contacting us through our services' ticketing systems or by emailing us to build_email_privacy.


14.1 Our Services are intended for individuals over 18 years old. We do not knowingly collect any personal data from children under the age of 18. If you believe that a child under 18 years has provided personal information to us, please write to build_email_privacy with the details so that we can take the appropriate steps in accordance with our legal obligations and this Privacy Policy.


15.1 The Company has the discretion to update this Privacy Policy at any time. We will make the revised Policy accessible through the Services, so you should review the Policy periodically.

15.2 If we make significant changes to the Privacy Policy that affect your rights, we will notify you by sending an email to the last email address you provided to us.

15.3 Please note that at all times you are responsible for updating your Personal Information to provide us with your most current email address. In the event that the last email you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice.

15.4 If you think that the updated Privacy Policy affects your rights with respect to your use of our products or services, you may delete your user account. Your continued use after the effective date of changes to the Privacy Policy is considered to be your agreement to the modified Privacy Policy.


16.1 If we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. Subject to clause 7.2, the fact that we may send notices to you will not stop you from being able to opt out of certain types of contact e.g. disable e-mail notifications.

16.2 We will never send electronic messages (email, SMS text, etc.) to you requesting Personal Information such as passwords, credit card numbers, birth dates, or other personal information. Please do not act on or respond to such requests, but instead notify us at build_email_security.


17.1 Regardless of your location, any questions, comments, and requests regarding this Privacy Policy are welcome and should be addressed to our Data Protection Officer at build_email_privacy. Communication can also be addressed to Moonbase SRL, located at Strada Grigore Ionescu, nr 63, Camera 1, Bucharest, Romania.

17.2 If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us at build_email_privacy.

v2/2021, last updated 2021-01-01 00:00:00 UTC