SecureLunaSecureLuna

Privacy Policy

Effective date: 2026-05-09

1. Information We Collect

We collect only the information necessary to operate the service:

  • Account information: email, name, phone, company name (you provide these at signup).
  • Asset metadata: server label, host/IP, SSH user, port, environment tag — what you enter when registering an asset.
  • Configuration check results: per-rule pass/fail outcomes, system metrics (CPU/RAM/disk/network averages) collected from servers you registered.
  • Usage data: login timestamps, IP address at login, audit logs of actions taken in the dashboard (for security & debugging).
  • Payment information: handled by Polar (Merchant of Record). We do not store or process card numbers — Polar provides us only with subscription status and metadata.

2. SSH Credentials & How They Are Used

  • You install a public SSH key generated by SecureLuna onto your own server. We store the corresponding private key encrypted with AES-256-GCM using a KMS-managed envelope key.
  • The key is used only to connect to servers you have explicitly registered and only to run read-only commands defined by published checklists.
  • We never use the key to access systems you have not registered, modify your system, execute exploit code, or transfer files off your server.
  • You may revoke access at any time by removing the public key from your server.

3. How We Store Data

  • Data is stored in PostgreSQL on infrastructure we operate.
  • Configuration check results are retained for 30 days by default.
  • Audit logs are retained for 1 year for security investigation purposes.
  • SSH credentials are encrypted at rest (AES-256-GCM, KMS-wrapped data key).
  • Backups (if you opt-in to the Backup add-on) are uploaded to a cloud storage provider you connect via OAuth tokens you provide. We do not store backup contents on our servers.

4. How We Share Data

We do not sell or rent your data. We share data only with the following service providers strictly to operate SecureLuna:

  • Polar — payment processing (subscription metadata, your billing email).
  • Cloud storage provider — only if you enable the Backup add-on, with the OAuth scope you grant on the provider you choose.
  • Email delivery provider — to send daily reports to your inbox.
  • Legal compliance — we may disclose data if required by law or valid legal process (court order, subpoena).

5. Your Rights

  • You may request access to, correction of, or deletion of your personal data.
  • You may export your data (assets, results, reports) from the dashboard.
  • You may delete your account at any time. Deletion is permanent within 30 days.
  • For requests, contact wndudgns2001@gmail.com.

6. Cookies

We use a small number of cookies strictly for service operation (authentication session, language preference). We do not use third-party advertising or behavioral tracking cookies.

7. International Transfers

SecureLuna is operated from the Republic of Korea. By using the service from outside Korea, you consent to the transfer of your information to Korea for processing. We apply the same protection regardless of where the data originates.

8. Compliance

  • Korea: Personal Information Protection Act (PIPA) Article 29 — technical & managerial safeguards.
  • EU: GDPR-aligned data minimization & user rights (we will respond to data requests within 30 days).

9. Changes to This Policy

Material changes will be communicated via email at least 14 days before taking effect.

10. Contact

Data Protection contact: wndudgns2001@gmail.com.

한국어 요약

본 정책은 영문 원본을 기준으로 하며, 아래 한국어 요약은 편의상 제공되는 참고 번역입니다.

  • 회원가입 시 이메일·이름·연락처·회사명 수집. 자산 등록 시 호스트/SSH 사용자/포트 등 메타데이터.
  • 점검 결과 및 시스템 메트릭(CPU/RAM/디스크/네트워크) 수집. 30일 보존.
  • SSH 개인키는 AES-256-GCM + KMS 봉투키로 암호화 저장. 읽기 전용 명령만 실행.
  • 등록하지 않은 시스템엔 접근하지 않으며, 고객 서버를 변경하지 않습니다.
  • 결제는 Polar (Merchant of Record) 가 처리. 카드 정보는 SecureLuna 가 저장하지 않습니다.
  • 백업 부가서비스 사용 시 데이터는 고객이 연결한 외부 클라우드 저장소에 직접 업로드.
  • 개인정보보호법 제29조 안전성 확보 조치 준수, GDPR 사용자 권리 준용.
  • 문의: wndudgns2001@gmail.com