Security & Privacy

Moontuck is a personalized bedtime-story service operated by MCD LLC(1890 1st Capital Drive, PO Box 192, St Charles, MO 63302). Because some of what you share with us is about your child, here’s exactly how we handle it — in plain English.

What we collect

From you, the parent: your email address and password (or, if you use Google sign-in, the basic profile fields Google provides), your bedtime delivery time and timezone, and any messages you send us.

About your child:a first name only (never a last name), an age range (never a birthday), optionally whether their story refers to them as a boy or a girl (it’s a story setting; you can skip it and we’ll just use their name), the story settings you choose (themes, worlds, lessons, things to avoid, and “what happens next” steering), and which chapters have been delivered and opened (chapter emails include a standard delivery/open beacon — it tells us a chapter arrived and was read, nothing more).

Automatically: basic log data (IP address, browser, timestamps) for security and troubleshooting, and a few essential sign-in cookies. No advertising cookies.

What we never collect about your child

No last name. No birthday. No photos, video, or voice recordings. No location, no contacts, no device identifiers we don’t need. Just a first name, an age range, and (optionally) a boy/girl story setting — the minimum required to make the story theirs.

Moontuck is for grown-ups

The app and website are set up and run by a parent or guardian. Children don’t log in, type into the site, or use the service directly — they’re the audience for the stories, not the users. Every story setting and “what happens next” choice is entered by the parent.

How stories are made — and kept safe

Each chapter is written by an AI model, guided by automated safety checks plus human review— a trained member of our team reads chapters and samples of generated stories to keep them kind, calm, and age-appropriate for little ones. We send the AI only what it needs: your child’s first name, age range, story-gender setting (if you set one), story settings, and the earlier chapters in the saga.

We may use anonymized, aggregated, or de-identified conversational data and usage patterns to train, fine-tune, or improve the AI models and algorithms that power the service. This is done to improve content quality, personalization, and safety. Identifying information about your family stays out of training data.

Your library

Past chapters are saved to your account so you can re-read and download them — that’s part of the service. If you cancel, your library stays available for 90 days so you can return without losing it, then we delete it unless you ask us to keep it longer.

Who we share data with

We share only what’s necessary to run the service, and only with vendors bound to protect it:

We do not sell your information, and we do not share it with advertisers or data brokers.

Payments

All payments are processed by Stripe. Moontuck never sees, stores, or has access to your credit card number, CVV, or billing details. Stripe is PCI DSS Level 1 certified — the highest level of payment security.

What we’ll never do

Data deletion

You can delete your account, all child profiles, and your library anytime from your account settings, or email contact@moontuck.com. We process deletion requests within 30 days.

Report a vulnerability

If you discover a security vulnerability in Moontuck, please report it responsibly to security@moontuck.com. Include the affected URL, steps to reproduce, and whether user data may be involved. We take all reports seriously and will respond within 48 hours.

Trust by design

This page is the plain-English summary. For the full details, read our Privacy Policy and Terms of Service.