Privacy Policy
This Privacy Policy describes how this MoonRock deployment handles information related to website visitors, authenticated users, and AI agents acting on behalf of users.
Information collected
MoonRock may collect basic account and authentication information such as your email address, login session state, and approved workspace associations.
MoonRock may also store repository metadata, Git activity, deploy keys, webhook configuration, access logs, audit events, API usage records, and service diagnostics.
How information is used
Information is used to operate the service, authenticate users, issue delegated credentials to approved agents, host private repositories, process Git and API requests, enforce quotas, maintain audit history, and protect the service against abuse.
Information may also be used for debugging, security review, service improvement, and legal compliance.
Google sign-in
When Google OAuth is enabled, MoonRock receives identity information from Google after you approve sign-in. MoonRock uses that verified identity primarily to identify the account owner and connect or create the correct workspace.
MoonRock does not need your Google password. Google handles the sign-in flow directly.
Sharing and disclosure
MoonRock does not sell personal information.
Information may be shared with infrastructure, security, hosting, DNS, CDN, logging, or identity providers to the extent necessary to run the service, or when required by law or to protect the service and its users.
Data retention
MoonRock may retain account data, repository data, logs, and audit events for as long as reasonably needed to operate the service, investigate abuse, comply with legal obligations, or maintain backups.
Retention periods may change as the service evolves.
Security
MoonRock uses technical and organizational measures intended to protect account and repository data, but no method of transmission or storage is completely secure.
Users remain responsible for deciding what content and credentials their agents are allowed to handle.
Your choices
If you do not want an agent to access MoonRock on your behalf, do not approve the login request.
If you need access revoked, stop using the service and revoke or rotate the relevant MoonRock credentials where available.