Privacy Policy
Effective Date: February 22, 2026
Last Updated: February 22, 2026
Good Samaritan Software, LLC (“Company,” “we,” “us,” or “our”), a Florida limited liability company, operates the moder8r.app website and content moderation API service (collectively, the “Service”). This Privacy Policy describes how we collect, use, disclose, and protect your information when you access or use the Service.
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, do not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords.
1.2 Payment Information
Payment processing is handled entirely by Stripe, Inc. We do not collect, store, or have access to your full credit card number, bank account details, or other payment credentials. We receive from Stripe a customer identifier, subscription status, and billing period dates. See Stripe's Privacy Policy for details on how Stripe handles your payment data.
1.3 API Usage Data
We collect the following data related to your use of the API:
- API keys: We store a SHA-256 cryptographic hash of each API key. The full key is displayed once at creation and is never stored by us.
- Usage metrics: Aggregate request counts (monthly and daily), flagged content counts, and timestamps of API key usage.
- Request logs: For each API request, we log the API key used (by hash), the moderation result summary, response latency, and whether content was flagged. Request logs are automatically deleted after seven (7) days.
1.4 Content Submitted for Moderation
When you submit text or other content to our moderation API, we transmit that content to our upstream AI providers (currently OpenAI) for analysis. We do not permanently store the content you submit for moderation. Content is processed in real time and is not retained after the moderation response is returned, except as reflected in aggregated, non-identifiable usage metrics and short-term request logs as described above.
1.5 Automatically Collected Information
When you visit our website, our hosting provider (Vercel) may automatically collect standard web server logs including IP address, browser type, referring URL, pages visited, and timestamps. This data is used for security, performance monitoring, and abuse prevention.
2. How We Use Your Information
We use collected information to:
- Provide, operate, and maintain the Service
- Authenticate your identity and manage your account
- Process payments and manage subscriptions
- Enforce rate limits, quotas, and usage policies
- Monitor for abuse, fraud, and security threats
- Display usage analytics in your dashboard
- Send transactional emails (account verification, password resets, billing notifications)
- Respond to support requests
- Comply with legal obligations
We do not use the content you submit for moderation to train AI models, build datasets, or for any purpose other than providing the moderation result to you.
3. Third-Party Service Providers
We share information with the following categories of service providers, solely to the extent necessary to operate the Service:
| Category | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing | Email, subscription and billing data |
| AI service providers | Content moderation analysis | Text content submitted for moderation (processed in real time, not stored by us) |
| Cloud infrastructure providers | Authentication, database, hosting, rate limiting | Email, hashed password, account data, usage metrics, standard web request data |
| Email delivery providers | Transactional email | Recipient email address, email content |
Each provider is bound by its own privacy policy and data processing terms. We do not sell, rent, or trade your personal information to any third party. Specific provider names are available upon request by contacting support@moder8r.app.
4. Data Retention
- Account data: Retained for the lifetime of your account. Upon account deletion, we will delete your personal data within thirty (30) days, except as required by law.
- Request logs: Automatically deleted after seven (7) days.
- Usage metrics: Retained for the lifetime of your account for billing and analytics purposes.
- Payment records: Retained as required by applicable tax and financial regulations.
- Webhook event records: Automatically deleted after seven (7) days.
5. Data Security
We implement industry-standard security measures to protect your information, including:
- Encryption in transit (TLS/HTTPS) for all communications
- Encryption at rest for database storage
- Row-Level Security (RLS) policies ensuring users can only access their own data
- SHA-256 hashing of API keys (full keys are never stored)
- Bcrypt hashing of passwords (handled by Supabase Auth)
- Webhook signature verification for payment events
While we strive to use commercially acceptable means to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Your Rights and Choices
6.1 All Users
You may:
- Access and update your account information at any time via the dashboard
- Delete your API keys at any time
- Request deletion of your account by contacting support@moder8r.app
- Cancel your subscription at any time via the billing dashboard
6.2 European Economic Area (EEA) Residents
If you are located in the EEA, you have additional rights under the General Data Protection Regulation (GDPR), including:
- Right of access to your personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
To exercise these rights, contact us at support@moder8r.app. We will respond within thirty (30) days. Our legal basis for processing is contractual necessity (to provide the Service) and legitimate interest (security and abuse prevention).
6.3 California Residents
Under the California Consumer Privacy Act (CCPA), California residents have the right to:
- Know what personal information we collect and how it is used
- Request deletion of personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising privacy rights
To exercise these rights, contact us at support@moder8r.app.
7. Children's Privacy
The Service is not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a person under 18, we will promptly delete that information. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@moder8r.app.
8. International Data Transfers
Your information may be transferred to, and processed in, countries other than the country in which you reside. Our service providers operate in the United States and other jurisdictions. By using the Service, you consent to the transfer of information to the United States and other countries that may not have equivalent data protection laws to those in your jurisdiction.
9. Cookies and Tracking
We use essential cookies for authentication session management. We do not use advertising cookies, tracking pixels, or third-party analytics services that track individual users across websites.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised “Last Updated” date. For significant changes, we may also send an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
Good Samaritan Software, LLC
Email: support@moder8r.app