Last updated: 17 April 2026

Privacy Policy

MoatMind ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our innovation intelligence platform.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

We collect the following categories of personal data:

• Account information: Email address and name provided at signup.
• Authentication data: Information from your Google account when you sign in via Google OAuth (including your Google email, name, and profile picture).
• Usage analytics: Pages accessed, features used, and timestamps, collected to improve our service.
• Moatken purchase history: Records of your Moatken token purchases and redemptions.
• Communication preferences: Any preferences you set within your account.

2. How We Use Your Information

We use your personal data for the following purposes:

• To create and manage your account and provide access to MoatMind features.
• To deliver intelligence briefs, updates, and notifications relevant to your subscription.
• To process Moatken purchases and maintain transaction records.
• To analyse usage patterns and improve the platform's performance and features.
• To communicate with you about your account, security notices, and service-related updates.
• To comply with our legal obligations.

3. Legal Basis for Processing

We process your personal data under the following legal bases under UK GDPR:

• Contract performance: Processing necessary to provide our services to you.
• Legitimate interests: Analytics, service improvement, and fraud prevention, where our interests are not overridden by your rights.
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable law.

4. Third-Party Services

We use the following third-party services, each acting as a data controller for their own processing:

• Google OAuth: Used for sign-in. Google processes authentication data under its own Privacy Policy. Google Privacy Policy.
• Stripe: Handles all payment processing. Stripe processes card data directly — MoatMind never stores your card number, CVV, or full card details. Stripe Privacy Policy.
• AI Providers (OpenAI): Used for intelligence brief generation. Your prompts may be processed by OpenAI in accordance with their privacy practices. OpenAI Privacy Policy.

5. Cookies

We use session cookies for authentication and to maintain your login state. These cookies are essential for the platform to function correctly and are not used for tracking or advertising purposes.

We do not use advertising cookies or third-party tracking cookies.

6. Data Retention

We retain your personal data for as long as your account is active and for a period of 3 years thereafter, or as required to comply with legal obligations, resolve disputes, or enforce our agreements. Account deletion requests are honoured within 30 days.

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate personal data.
• Right to erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to object: Object to processing based on legitimate interests.
• Rights related to automated decision-making: Request human intervention in automated decisions that affect you.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse, including encryption of sensitive data in transit and at rest.

9. International Transfers

If we transfer personal data outside the UK/European Economic Area, we ensure adequate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Children's Data

MoatMind is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice on the platform prior to the change becoming effective. The "Last updated" date at the top of this page reflects the date of the most recent revision.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us: