Privacy Policy

1. Introduction

This Privacy Policy describes how Moonrat ("we," "our," or "us") handles information when you use our Stripe application that integrates PostHog analytics ("the App"). We are committed to protecting your privacy and being transparent about our data practices.

2. Information We Process

2.1 Data Flow

Our App acts as a bridge between Stripe and PostHog services. We facilitate the transfer of analytics data from your Stripe account to PostHog but do not store, retain, or maintain copies of this data on our systems.

2.2 Types of Information

The types of information that may flow through our App include:

• Transaction and payment data from Stripe
• User interaction data within the Stripe dashboard
• Analytics events and metrics
• Aggregated business intelligence data

Important: We do not store, cache, or retain any of this information. All data passes through our systems temporarily to facilitate the integration.

3. How Information is Used

3.1 Processing Purpose

We process information solely to:

• Enable the integration between Stripe and PostHog
• Facilitate real-time data transmission
• Ensure proper formatting and compatibility between services

3.2 No Data Storage

We do not:

• Store any personal or business data
• Create databases or logs containing your information
• Retain copies of transmitted data
• Use your data for our own business purposes

4. Data Sharing and Third Parties

4.1 Service Integration

Your data is transmitted directly between:

• Stripe: Your payment processing platform
• PostHog: Your chosen analytics service

4.2 Third-Party Policies

Your data handling is governed by:

• Stripe's Privacy Policy: https://stripe.com/privacy
• PostHog's Privacy Policy: https://posthog.com/privacy

We recommend reviewing both policies to understand how your data is handled by these services.

5. Data Security

We implement appropriate technical measures to ensure secure data transmission:

• Encrypted connections (TLS/SSL) for all data transfers
• Secure API authentication between services
• PostHog personal API keys stored securely in Stripe's secret storage system
• Regular security updates and monitoring
• No persistent data storage that could be compromised
• Access controls ensuring only authorized connections between Stripe and PostHog

6. Your Rights and Control

6.1 Data Control

Since we don't store your data, your rights regarding data access, modification, or deletion should be exercised directly with:

• Stripe for payment and transaction data
• PostHog for analytics data

6.2 App Permissions

You can revoke our App's access to your Stripe account at any time through your Stripe dashboard, which will immediately stop all data processing.

7. Legal Basis for Processing

We process your data under the following legal bases:

• Legitimate Interest: To provide the integration service you've requested
• Contract Performance: To fulfill our service agreement with you
• Consent: Where you've explicitly authorized the integration

8. International Data Transfers

Data may be transmitted across international borders as it flows between Stripe and PostHog. Both services have their own safeguards and compliance measures for international transfers.

9. Retention

We do not retain your data. Any temporary processing occurs in memory only and is immediately discarded after transmission.

10. Children's Privacy

Our App is designed for business use and is not intended for individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify users of material changes through:

• Email notification to registered users
• Updates in the Stripe App Marketplace
• Notice on our website

12. Contact Information

If you have questions about this Privacy Policy or our data practices:

For data-related inquiries regarding the underlying services:

• Stripe: https://stripe.com/contact
• PostHog: https://posthog.com/support

---

This privacy policy is designed for a data processing application that does not store user data. Please review this policy with legal counsel and customize it according to your specific implementation and jurisdiction requirements.