Moonjai Education Privacy Policy

Effective Date: August 21, 2025
Last Updated: August 21, 2025

Moonjai Education (“Moonjai,” “we,” “us,” or “our”) values your privacy. This Privacy Policy explains how we collect, use, share, and safeguard information when you use the Moonjai Education mobile application and related services (the “App”).

1) Scope

This Policy applies to information collected:

  • through the App; and

  • through email and other electronic messages between you and us about the App.

This Policy does not apply to information collected by third parties unless expressly stated. By using the App, you agree to this Privacy Policy.

2) Information We Collect

A. Account & Authentication

  • Anonymous by default. Most features are available with Firebase Anonymous Authentication. Some features (e.g., higher AI usage tiers) may require a signed-in account.

  • Email (minimized). If you opt into features that are costly to operate or require higher trust, we collect and retain your email address only to manage fraud/abuse prevention, account integrity, and customer support. We do not display your email in the App and we do not use it for marketing.
    Re-signup cooldown (14 days). If you delete your account, we keep your email on a temporary re-signup cooldown list for 14 days to deter immediate re-registration abuse, then automatically purge it. (Where feasible, we store this in hashed form.)

  • OAuth (Google) / Email-Password. If you sign in with Google or email/password, authentication is provided by Firebase Authentication. We do not store your Google display name. We only retain your email if you opt into features that require it (as above).

B. Pseudonymous Profile

  • Avatar name & picture. You select a preset avatar name (e.g., “Lion,” “Farmer”) and a preset avatar image from our fixed list. These are not unique and are not personal identifiers.

  • Region (Tanzania). You may select your Region solely so the App can default to showing relevant regional mock exams. We do not collect precise location, geofence, or background location. You can change or remove your Region at any time.

C. Content You Submit

  • Private Solving (ephemeral). Photos/documents you submit for AI solving (e.g., from camera or photo library) are processed ephemerally to return results to your device. We do not persist Private Solving content to our databases or storage. When you leave the Private Solving feature (e.g., navigate away or close the App), we discard the content, keeping no copies on our servers. We may generate non-content metadata such as timestamps/counters for rate-limiting and service stability.

  • Global Answers. You may post answers to national or regional exam questions. These are publicly visible to other users but are shown only with your avatar name and image (no email or real name).

  • Public test uploads disabled. We do not allow users to upload tests for public viewing.

D. Device & Diagnostics

Mobile device details (OS, device model/ID), app version, crash logs, and similar diagnostics for security and troubleshooting.

E. Analytics & Measurement

We may use privacy-respecting analytics (e.g., Google Analytics for Firebase) to understand usage (events, session duration, device/OS, engagement). Ads features are disabled. Where available, you can opt out in-App.

F. Payments (if/when enabled)

Purchases may be processed via Google Play Billing or a licensed provider. We do not store full payment card details on our servers.

3) How We Use Information

We process information to:

  • provide and operate the App (authentication, content delivery, ephemeral Private Solving);

  • manage accounts and support (sign-in, security, troubleshooting);

  • personalize content by Region (e.g., default to your region’s mock exams);

  • process payments, if enabled;

  • maintain safety & integrity (fraud/abuse prevention, content moderation, security);

  • analyze & improve the App; and

  • comply with law and enforce our terms.

Legal bases (where applicable) include performance of a contract, legitimate interests (e.g., safety, fraud prevention, analytics), consent where required, and legal obligations.

4) AI Solving (Google Cloud AI services)

When you use Private Solving, your content (e.g., photos, prompts) is sent to our AI processing provider (e.g., Google Cloud Vertex AI / Gemini) to generate results and returned to you. Our configuration does not allow your inputs/outputs to be used to train Google’s models or for human review to improve models. Do not upload sensitive personal data.
Private Solving content is not retained by Moonjai. We may record timestamps and usage counters for rate-limiting and service stability, but we do not retain your Private Solving content.

5) User Content & Visibility

  • A. Private Solving (ephemeral): Private Solving content is not retained once you leave that feature of the App. Non-content metadata (e.g., timestamps/counters) may be generated for rate-limiting and stability.

  • B. Global Answers: Publicly visible in-App and shown only with your avatar name/image. You may edit or delete your own answers. Because Global Answers are not linked to accounts, account deletion does not automatically remove them. If you want a specific post removed, contact us with enough detail to locate it (e.g., exam name, region, question number, a short excerpt, and approximate date/time). If a post includes personal data (especially about a minor), contact us for a privacy takedown.

  • C. Licenses: For Global Answers, you grant Moonjai a non-exclusive, worldwide license to host, reproduce, display, and distribute the content within the App and related services. This license ends when you delete the content, except for retained moderation logs and backups (see Section 8).

6) Safety, Abuse, and Banned Accounts

We protect the service using server-side rate limits/quotas, Firebase App Check (e.g., Play Integrity), and pseudonymous identifiers (Firebase UID and Firebase Installation ID). Where higher-risk abuse threatens costly AI features, we may:

  • limit access by UID/FID/App Check signals;

  • require a verified sign-in and use the associated email solely to manage bans and prevent recidivism; and

  • retain hashed identifiers for a limited period.

Re-signup cooldown (14 days). Following account deletion, we retain email only on a 14-day suppression list to deter rapid re-signups and abuse of costly AI features. This email is used solely for fraud/abuse prevention and is deleted automatically at the end of the period.

Abuse-prevention list (confirmed bad actors). For confirmed abuse, we may retain email only beyond 14 days to protect users and service integrity. Entries are kept only as long as necessary with periodic review and are never used for marketing.

7) How We Share Information

We do not sell or rent personal information. We share only with:

  • Service providers (e.g., Firebase Authentication, Cloud Firestore, Cloud Storage, Cloud Run, Crashlytics, Analytics; Google Play Billing if enabled; Google Cloud AI services for AI processing) under confidentiality/data-processing terms;

  • Payment partners (if used) for transactions and fraud prevention; and

  • Compliance & safety recipients when required by law, subpoena, or to protect rights, safety, and integrity.

We may share aggregated or de-identified information that does not identify you.

8) Data Retention

  • Email (if collected):

    • Active account: retained while your account is active or needed for support/fraud prevention.

    • After deletion (re-signup cooldown): email is kept for 14 days solely to prevent immediate re-registration abuse, then automatically purged.

    • Abuse-prevention list: for confirmed abuse, email may be retained only as long as necessary, subject to periodic review and minimization.

  • Private Solving: no retention of content by Moonjai; content is processed ephemerally and discarded when you leave the Private Solving feature. We may retain non-content metadata (timestamps/counters) briefly for rate-limiting, security, and reliability.

  • Global Answers: persist until you delete them. Because posts are not linked to accounts, account deletion does not automatically remove them. Upon a sufficiently detailed request we will make reasonable efforts to locate and remove specified post(s). Moderation logs and de-identified aggregates may be retained to protect service integrity.

  • Logs & Backups: security logs/diagnostics/backups are kept for limited periods necessary for integrity and recovery; data under legal hold is retained as required.

9) Data Storage & International Transfers

Primary processing and storage occur in asia-south1 (Mumbai) on Google Cloud. Data may be transferred to other jurisdictions where our providers operate. We implement appropriate contractual safeguards and minimize cross-border transfers to what is necessary to provide the App.

10) Your Rights & Choices

Depending on your jurisdiction, you may have rights to access, correct, delete, object to, or restrict certain processing, and to withdraw consent where applicable.

In-App controls: manage permissions (camera/photos), clear Private Solving items from your current session, edit/delete Global Answers, or close your account.
Delete Account URL: https://www.moonjai.com/delete-data
If you cannot access the App, use the Delete Account URL or contact us at info@moonjai.com.

11) Children & Students

We do not knowingly collect personal information from children under 13 without parental consent. Because many users are minors, we:

  • avoid collecting/displaying real names or precise location;

  • use pseudonymous avatars by default; and

  • may require a parent/guardian’s involvement where required by law.

12) Security

We use administrative, technical, and physical safeguards including encryption in transit and at rest, access controls, monitoring, and Firebase App Check to block non-genuine clients. No system is 100% secure; contact us if you suspect unauthorized access.

13) Permissions We Request

  • Camera & Photos/Media/Files: for Private Solving uploads.

  • Network: to connect to our services and AI processing.

  • Notifications (optional): to notify you about account or content updates.

14) Changes to This Policy

We may update this Policy. If we make significant changes, we will update the “Last Updated” date and, where appropriate, provide in-App notice. Continued use after changes means you accept the updated Policy.

15) Contact & Data Controller

Data Controller: Moonjai Education LLC
Email: info (at) moonjai.com

For privacy requests (access/correction/deletion or questions about transfers and safeguards), contact us at the email above.