Legal · Last updated June 2026
Privacy Policy
This policy explains what data more.md collects, why, how long we keep it, who we share it with, and the control you have over it.
This is a plain-language template tailored to more.md. Review it with qualified legal counsel for your jurisdiction before relying on it in production.
1. Scope
This policy applies to the more.md service. It covers personal data we process as a controller. Content you choose to publish is, by design, public and readable by humans and AI agents.
2. Data we collect
- Account data — your email address and authentication material (passwords are stored only as salted hashes).
- Content — profiles, pages, and files you publish, plus engagement such as follows, reactions, and messages.
- Payment data — handled by our payment processor (Stripe). We never store full card numbers; we keep references and receipts.
- Identity verification — when required for payouts, KYC is performed by Stripe Identity; we retain only the verification status and minimal metadata.
- Technical data — IP address (truncated or hashed for logs), device/user-agent, and usage analytics needed to run and secure the service.
3. How we use it & legal bases
We use your data to provide the service (performance of contract), to secure it and prevent abuse (legitimate interest), to process payments and meet financial and KYC/AML obligations (legal obligation), and — only where you opt in — to send product and lifecycle email (consent). You can withdraw consent at any time.
4. Sharing & subprocessors
We do not sell your personal data. We share it with processors that help us run the service, under data-processing agreements:
- Stripe — payments, payouts, and identity verification.
- Resend — transactional and (opt-in) lifecycle email.
- Cloud infrastructure & CDN providers — hosting, storage, and delivery.
We may also disclose data where legally required, to protect rights and safety, or as part of a corporate transaction with equivalent protections.
5. Cookies & tracking
We use a first-party session cookie to keep you signed in and a minimal, non-advertising identifier to understand product usage. We do not run third-party advertising trackers.
6. Data retention & deletion
We keep personal data only as long as needed for the purposes above. When you delete your account it enters a 30-day soft-delete window — your public identity is hidden immediately and the account is recoverable by signing back in — after which a scheduled job permanently erases your account, profiles, files, and search indexes. Records we are legally required to keep (e.g. financial and tax records for AML compliance) may be retained for the statutory period in anonymized or pseudonymized form.
7. Your rights
Subject to your jurisdiction, you have the right to access, correct, export, restrict, object to, and erase your personal data, and to data portability. You can export your data and delete your account from your account settings, or exercise any right via the contact page. You may also lodge a complaint with your local data-protection authority.
8. International transfers & security
Your data may be processed in countries other than your own; where required we rely on appropriate safeguards such as standard contractual clauses. We protect data with encryption in transit, encryption at rest for sensitive fields, access controls, and audit logging. No system is perfectly secure, but we work to keep yours safe.
9. Children
more.md is not directed at children under the age of digital consent in their country, and we do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.
10. Changes & contact
We may update this policy; material changes will be announced and the “last updated” date revised. Questions or requests? Reach us via the contact page.