Privacy Policy

1. Introduction

Bold Moon ("we", "us", or "our") is operated by Changzhou Jingtu International Trade Co., Ltd. (Business Registration Number: 91320411MADH337131), located at Longye Road and Fengwan 3rd Building, Longhutang Street, Xinbei District, Changzhou City, Jiangsu Province.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI infrastructure platform, website, APIs, and related services (collectively, the "Services"). By accessing or using our Services, you agree to this Privacy Policy.

2. Information We Collect

Information You Provide

• Account information: Name, email address, company name, job title, and password when you create an account.
• Payment information: Billing address, credit card or payment method details processed through our secure payment provider.
• Communications: Messages, support tickets, feedback, and other correspondence you send to us.
• Content and models: Machine learning models, datasets, configuration files, and other content you upload to our platform.

Information Collected Automatically

• Usage data: API calls, deployment logs, inference metrics, feature usage patterns, and platform interaction data.
• Device and connection data: IP address, browser type and version, operating system, device identifiers, and referring URLs.
• Cookies and similar technologies: Information collected through cookies, web beacons, and similar tracking technologies (see our Cookie Policy).
• Log data: Server logs including access times, pages viewed, error logs, and diagnostic data.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, maintain, and improve our AI infrastructure platform, process your API requests, and manage your deployments.
• Account management: To create and manage your account, authenticate your identity, and process payments.
• Communication: To send service notifications, security alerts, billing information, and respond to your inquiries.
• Analytics and improvement: To understand usage patterns, optimise platform performance, and develop new features.
• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

4. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual necessity: Processing required to fulfil our contract with you, including providing the Services and managing your account.
• Legitimate interest: Processing for our legitimate business interests, such as improving our Services, preventing fraud, and marketing (where permitted).
• Consent: Processing based on your explicit consent, such as for marketing communications or optional analytics. You may withdraw consent at any time.
• Legal obligation: Processing required to comply with applicable laws and regulations.

5. Information Sharing

We do not sell your personal data. We may share your information in the following circumstances:

• Service providers: With trusted third-party vendors who assist in operating our platform, such as cloud infrastructure providers (AWS, GCP, Azure), payment processors, analytics services, and customer support tools.
• Legal requirements: When required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction.
• With your consent: When you explicitly authorise us to share your information with third parties.
• Aggregated data: We may share anonymised, aggregated data that cannot reasonably identify you.

6. Data Retention

We retain your personal data for as long as necessary to provide our Services and fulfil the purposes described in this policy. Specific retention periods include:

• Account data: Retained for the duration of your account and up to 30 days after deletion request.
• Usage and log data: Retained for up to 24 months for analytics and platform improvement.
• Payment records: Retained for up to 7 years as required by financial regulations.
• Support communications: Retained for up to 3 years after resolution.
• Model artifacts and content: Deleted within 30 days of account closure or upon your request.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Request transfer of your data in a structured, machine-readable format.
• Restriction: Request restriction of processing under certain circumstances.
• Objection: Object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: Withdraw previously given consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• SOC 2 Type II certified infrastructure and processes
• Regular penetration testing and vulnerability assessments
• Role-based access control (RBAC) with principle of least privilege
• Multi-factor authentication for all internal systems
• Continuous monitoring and intrusion detection systems
• Incident response plan with defined escalation procedures

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. International Transfers

Your data may be processed in countries other than your country of residence, including the People's Republic of China, the European Economic Area, and the United States. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by relevant authorities
• Data processing agreements with all sub-processors
• Encryption of data in transit and at rest
• Regular assessments of the legal frameworks in recipient countries

10. Account and Authentication Data

When you create a Bold Moon account, we collect authentication credentials and profile information. We support single sign-on (SSO) via OAuth 2.0 providers (Google, GitHub, Microsoft). When using SSO, we receive your name, email, and profile picture from the identity provider but never your password.

API keys and access tokens are generated and stored in hashed form. We never store plaintext API keys after initial generation.

11. Usage Analytics and Telemetry

Our platform collects telemetry data to ensure reliability and improve performance, including:

• API endpoint usage frequency and response times
• Model deployment and inference metrics (latency, throughput, error rates)
• Resource utilisation (GPU, CPU, memory consumption)
• Platform feature adoption and interaction patterns

Telemetry data is anonymised where possible and is used exclusively for service improvement. You can opt out of non-essential telemetry in your account settings.

12. API Access and Integration Data

When you integrate with our APIs, we process API request metadata (endpoints, timestamps, response codes). We do not inspect the content of your inference payloads unless required for debugging at your explicit request.

Webhook URLs and integration configurations are encrypted at rest. Third-party integrations (Slack, GitHub, etc.) require explicit authorisation and can be revoked at any time from your dashboard.

13. Cloud Storage and Data Processing

Bold Moon operates infrastructure across multiple cloud regions. Your models and data are stored in the region you select during deployment. Available regions include EU (Frankfurt), US (Virginia), and APAC (Singapore).

We maintain data processing agreements with all cloud infrastructure providers. Your model artifacts and training data remain under your control — we act as a data processor on your behalf and do not use your content to train our own models.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will take steps to delete such information promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and/or by posting a prominent notice on our website at least 30 days before the changes take effect.

We encourage you to review this page periodically for the latest information on our privacy practices.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company: Changzhou Jingtu International Trade Co., Ltd.
• Email: [email protected]
• Phone: +31 276987244
• Address: Longye Road and Fengwan 3rd Building, Longhutang Street, Xinbei District, Changzhou City, Jiangsu Province