LunarLabsSpace Station

Privacy Policy

Last updated: April 28, 2026

1. Introduction

LunarLabs LLC ("LunarLabs," "we," "us," or "our") operates the website at lunarlabs.dev and the associated client dashboard portal. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that data.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

We collect information in the following categories:

2.1 Information You Provide

  • Commission Requests: Name, email address, company name, project description, and budget range submitted via the /request form.
  • Career Applications: Name, email address, resume/CV, portfolio links, cover letter, and preferred notification channel (Email or Discord) submitted via the careers application form.
  • Account Information: Email address and password when you create an account on the client dashboard.
  • Billing Data: Payment method details processed securely through our payment processor. We do not store full credit card numbers on our servers.
  • Communications: Messages sent through the client portal support ticket system or via email to any @lunarlabs.dev address.

2.2 Information Collected Automatically

  • Log Data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Cookies: Session cookies required for authentication on the client dashboard. We do not use advertising or tracking cookies.
  • Analytics: Aggregated, anonymized usage metrics to improve site performance. No personally identifiable information is included in analytics data.

3. How We Use Your Information

We use the collected information strictly for the following purposes:

  • Reviewing and responding to commission requests
  • Executing contracted software development projects and tracking milestone progress
  • Processing career applications and communicating hiring decisions
  • Issuing invoices and processing payments for fixed-bid milestones
  • Providing access to the client dashboard and support ticket system
  • Sending transactional notifications (milestone updates, invoice receipts, account security alerts)
  • Maintaining the security and integrity of our systems

We do not sell, rent, or trade your personal information to third-party advertisers, data brokers, or marketing platforms.

4. Third-Party Processors

We employ the following sub-processors to deliver our services. Each processor is contractually obligated to handle your data in compliance with applicable data protection laws:

StripePayment processing, invoicing, and identity verification (KYC).
DiscordOptional applicant notifications and team communication. Only used if you select Discord as your preferred notification channel.
Microsoft Entra IDInternal staff authentication and role-based access control. Not used for client accounts.
MongoDB AtlasDatabase hosting with encryption at rest and in transit. Stores account data, project records, and support tickets.
SMTP ProviderTransactional email delivery for account notifications, invoice receipts, and career application updates.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS 1.3.
  • All databases are encrypted at rest using AES-256.
  • Authentication sessions are managed via stateless JSON Web Tokens (JWT) with automatic expiration.
  • Passwords are hashed using bcrypt with per-user salts. Plaintext passwords are never stored.
  • API keys are stored as SHA-256 hashes. The plaintext key is displayed only once at generation.
  • Internal systems enforce role-based access control (RBAC) with SSO requirements for staff.

6. Data Retention

  • Commission data: Retained for the duration of the project plus 2 years for warranty and legal compliance.
  • Career applications: Retained for 12 months from the date of submission unless you request earlier deletion.
  • Account data: Retained for as long as your account is active. You may request account deletion at any time.
  • Server logs: Automatically purged after 90 days.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain types of data processing.

To exercise any of these rights, contact us at privacy@lunarlabs.dev. We will respond within 30 days.

8. Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, contact us immediately and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to active clients and posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

10. Contact

For questions, concerns, or data requests related to this Privacy Policy, contact us at:

LunarLabs LLC

Registered in the State of Montana, United States

Email: privacy@lunarlabs.dev

Website: https://lunarlabs.dev