☾ Leyla Moon Privacy · v1 · 14 May 2026

A short, honest privacy note.

Plain English · No legalese

Leyla Moon is one person and a small private practice. I keep what you give me, use it to write your reading, and don't share it with anyone else. The full version is below.

§ 01 · What I collectThe data that touches the work.

When you submit a reading or a free tool, I collect:

Your email address.
The intake form you fill out — birth date, birth time (if you provide it), place of birth, full name, the question you came with, and any optional partner data.
If you sign in to Ask Leyla, a session cookie that proves you're you. No tracking pixels.
Basic analytics (page views, country) via Google Analytics — aggregated, never linked to your reading.

That's it. I don't ask for phone numbers, addresses, government IDs, or payment details — your card data is handled entirely by Stripe and never touches my servers.

§ 02 · Where it livesThe tools that hold the data.

Supabase — a private database where your reading and intake form are stored. Encrypted at rest. EU & US regions.
Resend — the email service that delivers your reading and the Ask Leyla magic links.
Stripe — payments. They hold your card data, not me.
Google Analytics — aggregated traffic stats only. No personal data.

All four are major US-based providers with their own published privacy policies.

§ 03 · Who sees itThe short list.

Me. That's it. I don't sell your data, share it with marketers, hand it to AI training pipelines, or syndicate it to "partners." If law enforcement asks for it (subpoena, court order), I'll comply — but I will tell you first unless legally prevented.

The raw intake form gets deleted from active storage 90 days after I deliver your reading. The reading itself (your PDF + hosted page) stays as long as you want it.

§ 04 · Your rightsWhat you can ask me to do.

See what I have on you. Email hello@leylamoon.com with the subject "Data request" and I'll send the full export within 30 days.
Delete it. Same address, subject "Delete me." I'll wipe your row in Supabase, revoke any active Ask Leyla session, and confirm in writing.
Correct it. If your reading was composed off bad data (wrong birth date, typo), tell me — I'll re-run it free.
GDPR / CCPA readers have all the standard rights (access, deletion, portability, withdrawal of consent). I treat everyone to the same standard.

§ 05 · CookiesThe two I use.

A session cookie (`leyla_session`) on chat.leylamoon.com so you stay signed in for 7 days. Strictly necessary, can't be disabled.
A Google Analytics cookie on leylamoon.com for traffic counting. Decline via your browser's "Do Not Track" or block GA in your ad blocker — the site works fine without it.

No advertising cookies, no remarketing, no Meta Pixel, no LinkedIn Insight tag. None of that.

§ 06 · ChangesIf something changes.

If I update this policy in a meaningful way, I'll email everyone with an active reading or chat subscription. The version + date is at the top.

§ 07 · ContactThe one address that matters.

Any question, request, complaint — hello@leylamoon.com. A real human (me) reads everything. I usually answer within 24 hours.

☾ Leyla Moon · A Reading Practice

Last updated 14 May 2026 · leylamoon.com