← MOATCHECK

Privacy

Last updated: June 14, 2026 · Plain language, no dark patterns.

What we collect

  • What you submit: the URL or business description you scan, and the analysis we generate from it. Scans are stored so your result link keeps working. Don't paste confidential information into a scan.
  • Coarse region:a two-letter country code derived from your request (e.g. "EE"). We never store your IP address.
  • Email (optional): if you add an email to a scan, we store it for exactly one purpose — linking that scan to your dashboard when you sign in with Google. No marketing, no newsletters, never shared.
  • Account (optional): signing in with Google stores your name, email, and avatar from your Google profile, plus a session record (including the browser user-agent string; we never store your IP). Scans you run in a given browser link to your account via a private token, not by email matching.
  • Rate limiting: to prevent abuse we briefly track request counts keyed by a one-way hash of your IP. The raw IP is not stored, and hashes expire within an hour.
  • Payments: handled entirely by Stripe. We never see your card details — we store only the Stripe session reference confirming your purchase. See Stripe's privacy policy.

What we don't do

  • No advertising or analytics trackers. No tracking cookies — which is why there is no cookie banner.
  • No selling, sharing, or renting of your data.
  • Accounts and emails are optional — and we send no newsletters you didn't ask for.

The only cookies we set are strictly necessary: your sign-in session (if you log in) and an admin session for site operators. Stripe sets its own cookies on its checkout pages, governed by their policy.

Processing

Scan inputs are processed by a large language model via Ollama Cloud to produce your verdict and report. Data is stored on Neon (Postgres) and the app runs on Vercel. Legal basis: performance of the service you request (Art. 6(1)(b) GDPR) and our legitimate interest in abuse prevention (Art. 6(1)(f)).

In plain terms: to analyze your idea we have to read it, so it can't be end-to-end encrypted. Your scan text is sent to a third-party model provider (Ollama Cloud) and stored in plain text so your result link and dashboard keep working. Our own tools only ever show aggregate stats — scan counts, common keywords — never your raw input; but the data does exist in the database and is technically reachable by operators and our infrastructure providers. So treat a scan like a sticky note on a desk: perfect for an idea, wrong for secrets, credentials, or anything confidential.

Your rights

Under the GDPR you can request access, correction, or deletion of data tied to your scans, your email, or your account (e.g. a result URL you own). Email privacy@moatcheck.app with the result link and we'll handle it within 30 days. You can also lodge a complaint with your local supervisory authority.