GDPR and MoonEngage


What is GDPR?

The General Data Protection Regulation (GDPR) is a law enforced by the European Union (EU) to protect the personal data of individuals. This section outlines how MoonEngage handles user data in compliance with GDPR requirements.

Definition of Personal Data

Personal data includes any information relating to an identified or identifiable individual, such as name, email address, IP address, or location. Ownership of this data remains solely with the individual, and it cannot be used without clear consent.

Developer Responsibilities

Developers are responsible for ensuring that personal data stored on servers and databases is protected. We:

  • Encrypt user data where possible.
  • Avoid logging user activities.
  • Request credentials only for temporary maintenance, encouraging admins to update credentials afterward.

Admin Responsibilities

Application administrators have full access to personal data and are responsible for:

  • Informing users about how data will be used or shared.
  • Preventing unauthorized access or data extraction.
  • Ensuring secure handling of user data.

User Responsibilities

Users are encouraged to:

  • Read all policies before submitting personal data.
  • Use strong, unique passwords.
  • Monitor account activity and update credentials if suspicious behavior is observed.

Our GDPR Actions

  • Collect minimal data, only what’s necessary.
  • Use HTTPS for secure connections.
  • Destroy sessions and cookies upon logout.
  • Avoid tracking users for commercial purposes.
  • Notify users of logs capturing IP or location data.
  • Clearly state data-sharing practices and breach protocols.
  • Offer complete data deletion upon account cancellation.

Supported GDPR Features

  • Full Data Deletion: All account-related data is permanently erased upon request.
  • Data Encryption: Sensitive data is encrypted in our database.
  • Cookie and Session Control: Users can choose to disable cookies and sessions.
  • No Activity Tracking: We do not record user activities for commercial use.
  • Email Notifications: Users receive alerts on account changes or policy updates.
  • Policy Updates: Users are informed of updates and can take necessary action.
  • HTTPS Enforcement: All communications are secured using HTTPS.
  • No Unauthorized Data Collection: There are no backdoors or hidden methods for data capture.
  • Data Breach Policy: While we implement security best practices, ultimate responsibility for data breaches lies with the application and server admins.

Bulk Messaging & GDPR Compliance

Sending bulk messages via MoonEngage to Facebook leads is GDPR compliant, as all users have opted in by initiating a Messenger conversation. An unsubscribe option is provided with every message to allow easy opt-out.