Privacy Policy

Last updated: July 15, 2026

1. Who we are

GaliLuna ("we", "us") provides a platform where organizations generate, edit, and publish marketing and campaign landing pages with artificial intelligence. This policy explains what personal information we collect, why, and what happens to it.

2. Information we collect

Account data. Your organization's name and contact email, each user's email address and password (stored only as a salted hash), role, and whether they accepted the Terms and Conditions.

Content you upload. Campaign briefs, images, logos, brand settings, and the pages generated from them. Published pages are publicly accessible by design.

Payment data. Payments are processed by Stripe; card numbers never touch our servers. We keep a record of each payment (plan, amount, date, coupon used) for billing history.

Activity data. We keep an audit trail of actions taken in the platform (who did what, when, with which inputs, and from which IP address). It exists to support you, reproduce reported bugs, and protect the service from abuse.

Support conversations. Tickets you open and the replies exchanged with our team.

3. How we use it

To operate the service: generating your pages (your briefs and image references are sent to our AI provider for that purpose), publishing them, enforcing plan limits, processing payments, answering support tickets, sending essential emails (password resets, payment confirmations), and keeping the platform secure. We do not sell personal information, and we do not use your content to advertise to anyone.

4. Who we share it with

Only the processors needed to run the service: our AI provider (Anthropic) receives campaign briefs to generate pages; Stripe processes payments; our email delivery providers send transactional emails; and our hosting provider stores the data. Each receives only what its job requires. If a purchase used a seller's referral code, that seller can see the sale attributed to them (plan and amount), not your content.

5. Cookies

We use a single authentication cookie to keep you signed in. No advertising or cross-site tracking cookies. If your organization attaches a Google Tag Manager container to its published pages, tracking on those public pages is governed by your organization's own policy.

6. Retention and deletion

Account data and content are kept while your organization has an account. When an organization is deleted, its users, campaigns, and published pages are removed; payment records and the audit trail are retained as required for financial and security record-keeping. You can request deletion of your organization at any time through a support ticket.

7. Security

All traffic is encrypted with HTTPS, passwords are stored as salted hashes, every institution's data is isolated at the database-query level, and password reset links are single-use and expire within an hour. No system is perfectly secure; if we learn of a breach affecting your data, we will notify your organization's contact email.

8. Your rights

You can access and correct your account details in the app, and request a copy or the deletion of your personal information through a support ticket. Depending on where you live (e.g. Canada's PIPEDA, the EU's GDPR), you may have additional statutory rights; we honor those requests.

9. Changes

If this policy changes materially, we will announce it in the app before the change takes effect.

10. Contact

Privacy questions: open a support ticket in the app or write to our support email.