Moely — Privacy Policy
Last updated: June 3, 2026 Effective date: June 3, 2026
This Privacy Policy explains what personal data Moely collects, why we collect it, how we use it, who we share it with, and the rights you have over it. It applies to the Moely service at moely.co and any related subdomains (the "Service").
We keep this short and honest. If anything is unclear, email us at hi@moely.co.
1. Who the data controller is
The data controller for personal data processed through the Service is:
Codeto Prague s.r.o. ID (IČO): 11863226 Chudenická 1059/30, Hostivař, 102 00 Praha Czech Republic Contact: hi@moely.co
We act as the controller for data we collect about Creators (our customers) and about Visitors to Moely-hosted pages.
2. What data we collect
Data you give us directly
- Account data — your name, email address, and Google account identifier (you sign in with Google).
- Profile data — your chosen username, display name, headline, bio, avatar image, accent color, social links, and the layout/template settings you publish on your page.
- Content — the link titles and URLs you add to your page.
- Billing data — your Subscription status and billing history. The payment card itself is handled by our payments provider; we never see or store card numbers.
- Support data — anything you send us by email or through a support form.
Data we collect automatically
- Technical data — IP address, browser type, device type, operating system, referrer URL, and language preference.
- Usage data — pages visited within the Service, actions taken (link clicks, page views), and timestamps.
- Cookies and similar technologies — see Section 8.
Data we collect about Visitors to creator pages
When someone visits a public page at moely.co/username, we record basic technical data (IP address, user agent, referrer, page accessed, timestamp) and aggregate interaction events (page views, link clicks) for security, abuse prevention, and analytics. Our analytics run cookieless and we do not build profiles of Visitors across pages or for advertising.
What we don't collect
- We do not collect sensitive personal data (health, religion, political opinions, biometrics) unless you publish it voluntarily as part of your page content.
- We do not sell personal data to third parties.
- We do not use your data to train machine learning or AI models.
3. Why we process your data and on what legal basis
Under the GDPR, every use of your personal data needs a legal basis. Here's ours:
| What we do | Why | Legal basis (GDPR Art. 6) |
|---|---|---|
| Create and maintain your account | To provide the Service you signed up for | Performance of a contract, Art. 6(1)(b) |
| Display your public page and serve it to Visitors | Same | Performance of a contract, Art. 6(1)(b) |
| Bill you and process your Subscription | Same | Performance of a contract, Art. 6(1)(b); legal obligation (tax/accounting), Art. 6(1)(c) |
| Send service notifications (billing, security, account emails) | To keep you informed about the Service | Performance of a contract, Art. 6(1)(b) |
| Prevent fraud, abuse, and security incidents (including rate-limiting by IP address) | To keep the Service safe for everyone | Legitimate interest, Art. 6(1)(f) |
| Measure how the Service is used (aggregate analytics) | To improve the product | Legitimate interest, Art. 6(1)(f) |
| Send product updates or marketing emails | To tell you about relevant features | Consent, Art. 6(1)(a) — you can opt out anytime |
| Comply with legal obligations (tax records, responding to lawful requests) | Required by law | Legal obligation, Art. 6(1)(c) |
Where we rely on legitimate interests, we have balanced our interest against your rights and freedoms. You have the right to object — see Section 7.
4. Who we share data with
We share data only with the service providers we need to operate Moely, each under a data processing agreement. Rather than name every vendor, we group them by category of recipient:
| Category of recipient | What they do |
|---|---|
| Cloud hosting and infrastructure | Run the Service and serve your pages to Visitors |
| Database and file storage | Store your account, page content, and uploaded images |
| Authentication | Verify your identity and keep you signed in |
| Payments and subscription billing | Process your Subscription and handle card details |
| Product analytics | Measure page views and link clicks (cookieless) |
| Security and abuse prevention | Rate-limiting and fraud/abuse protection |
If you'd like to know the specific provider behind any of these categories, email us and we'll tell you.
We may also disclose data where required by law — for example, in response to a valid court order or regulatory request — and when necessary to protect our rights or the safety of our users.
If Moely is ever acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
5. International data transfers
Several of our providers are based in the United States and may process data there. When data is transferred outside the European Economic Area, we rely on one or more of the following safeguards under Chapter V of the GDPR:
- Standard Contractual Clauses approved by the European Commission;
- Adequacy decisions, where the European Commission has recognized the destination country as providing adequate protection (including, currently, the EU–US Data Privacy Framework for certified US recipients);
- Your explicit consent, where applicable.
You can request a copy of the relevant safeguard by emailing us.
6. How long we keep data
We keep personal data only as long as we need it:
| Data | Retention |
|---|---|
| Active account data | While your account is active |
| Account data after deletion | Up to 30 days in live systems, then deleted; up to 90 days in backups |
| Billing and tax records | 10 years (Czech accounting and tax law requirements) |
| Support emails | 3 years after the ticket closes |
| Server logs (IP, request metadata) | 30–90 days |
| Aggregate analytics (no identifiers) | Indefinitely |
When retention ends, we delete or anonymize the data.
7. Your rights under GDPR
You have the following rights with respect to your personal data:
- Access — ask for a copy of the personal data we hold about you (Art. 15).
- Rectification — ask us to correct data that's wrong or incomplete (Art. 16).
- Erasure — ask us to delete your data, subject to our legal retention obligations (Art. 17).
- Restriction — ask us to stop processing your data in certain circumstances (Art. 18).
- Portability — get a copy of the data you gave us in a structured, machine-readable format, or have us send it to another controller (Art. 20).
- Objection — object to processing based on legitimate interests or for direct marketing (Art. 21).
- Withdraw consent — where we rely on consent, you can withdraw it at any time; this doesn't affect processing before withdrawal (Art. 7(3)).
- Not to be subject to automated decision-making — we don't make decisions about you by purely automated means that have legal or similarly significant effects (Art. 22).
To exercise any of these rights, email hi@moely.co. We will respond within 30 days (extendable to 90 days for complex requests, with notice).
Lodging a complaint
If you believe we are handling your data unlawfully, you have the right to lodge a complaint with a supervisory authority. The authority for the Czech Republic is:
Úřad pro ochranu osobních údajů (ÚOOÚ) Pplk. Sochora 27, 170 00 Prague 7, Czech Republic uoou.gov.cz
You can also complain to the supervisory authority in the EU Member State where you live or work.
8. Cookies and similar technologies
We use a minimal set of cookies:
- Strictly necessary cookies — for authentication, session management, and security (set when you sign in). These are required to use the Service and don't require consent under the ePrivacy Directive.
- Analytics — our product analytics run in a cookieless mode and do not set identifying cookies, so no consent banner is required.
We do not use advertising cookies, cross-site trackers, or third-party tracking pixels.
You can clear or block cookies in your browser settings. If you block strictly necessary cookies, parts of the Service will stop working.
9. Security
We take reasonable technical and organizational measures to protect your data, including:
- encryption in transit (TLS) and at rest;
- access controls and audit logs on our infrastructure;
- regular backups;
- vendor due diligence on every processor we use.
No system is perfectly secure. If we ever experience a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the supervisory authority as required by Art. 33–34 GDPR.
10. Children
Moely is not intended for children under 18, and we do not knowingly collect personal data from them. If you are a parent or guardian and believe your child has created an account, contact us and we will delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time. If a change is material, we will notify you by email or in-product notice at least 30 days before it takes effect. Non-material changes take effect on the date shown at the top of this document.
We will keep an archive of previous versions and link to them below when we publish an update:
- [No previous versions yet.]
12. Contact
For any privacy question, request, or complaint:
Codeto Prague s.r.o. Chudenická 1059/30, Hostivař, 102 00 Praha hi@moely.co
We aim to reply within 7 business days, and always within the 30-day GDPR deadline.