← Back to Dashboard

Privacy Policy

Effective Date: March 23, 2026

Coral Moon Media Ltd, a Canadian company ("we," "our," or "us"), operates the Libra business planning dashboard at app.heylibra.ai. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. We are committed to complying with the General Data Protection Regulation (GDPR) (EU) 2016/679, the UK GDPR, the California Consumer Privacy Act (CCPA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password (encrypted). If you purchase a subscription, payment processing is handled by our third-party payment provider — we do not store your credit card details.

Dashboard Data: Information you enter into the Libra dashboard, including business goals, financial data, tasks, launch plans, and astrological chart data. This data is stored securely to provide you with our planning features.

Calendar Data (Imported): If you choose to import your Google Calendar, Apple Calendar, or Outlook events, we access event titles, dates, and times through the Google Calendar API (OAuth 2.0) or .ics file import. Calendar events may contain client or contact names. This data is cached locally in your browser and is not stored on our servers.

Income & Financial Tracking: Revenue entries, client or project names associated with income records, and financial goals you enter into the income tracker.

Birth Chart Data (Optional): If you opt in to astrological planning features, you may provide your birth date, time, and location. This data is used solely for astrological calculations within the dashboard.

Usage Data: We may collect basic usage information such as login timestamps and feature usage to improve our service.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Libra dashboard and its features
• Sync your data across sessions so your work is preserved
• Process your subscription and manage your account
• Send you service-related communications (password resets, important updates)
• Improve and develop new features

3. Data Storage & Security

Your data is stored using Supabase, a secure cloud database platform with enterprise-grade security. All data is encrypted in transit (TLS/SSL) and at rest. Access to your data is protected by Row Level Security — only you can access your own data through your authenticated account.

We also store certain data locally in your browser (localStorage) to enable offline functionality and faster load times. This data remains on your device and is synced with our servers when you are connected.

4. Cookies & Tracking

Dashboard (app.heylibra.ai): The Libra dashboard does not use tracking cookies or advertising trackers. We use browser localStorage to maintain your session and store your preferences. We do use Sentry, a third-party error-monitoring service, to automatically capture technical errors and operational diagnostics so we can identify and fix bugs quickly. Sentry does not record video of your screen, and we have intentionally disabled session replay. The data Sentry collects is limited to error stack traces, technical event metadata, your user ID, and your email address — it is used only for debugging.

Marketing Website (heylibra.ai): Our marketing website may use cookies from third-party advertising platforms, including Meta (Facebook) Pixel and Google Ads, to measure the effectiveness of our advertising campaigns. These cookies are only set with your consent via our cookie consent banner. You can withdraw consent at any time by clearing your browser cookies or using our cookie settings.

5. Third-Party Services

We use the following third-party services:

• Supabase: Database and authentication services
• Vercel: Website hosting
• Sentry: Error monitoring and operational diagnostics — to identify and fix technical issues
• Meta (Facebook) Pixel: Advertising measurement on our marketing site (with consent)
• Google Ads: Advertising measurement on our marketing site (with consent)

These providers have their own privacy policies governing how they handle data.

6. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

• With service providers necessary to operate Libra (as listed above)
• If required by law or legal process
• To protect our rights, privacy, safety, or property

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Withdraw consent for marketing cookies at any time
• Export your data

To exercise any of these rights — including a full deletion of your account and all associated data — please email us at the address below with the subject line "Data Request" and specify which right you wish to exercise. We will process your request within 30 days.

8. Data Retention

We retain your data for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days, except where we are required to retain it by law.

9. Children's Privacy

Libra is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. We do not sell your personal information to third parties. You have the right to request access to, deletion of, and information about the categories of personal data we collect. To exercise these rights, contact us at the email below.

11. Canadian Privacy Law (PIPEDA)

As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate, and we obtain meaningful consent where required. You may contact our Privacy Officer at the email below for any privacy-related inquiries.

12. European Economic Area & UK (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with enhanced data protection rights. Our legal bases for processing your data are:

• Contract performance (Art. 6(1)(b)): Account data, business planning data, and income tracking — necessary to provide the Libra service
• Explicit consent (Art. 6(1)(a)): Calendar imports, birth chart data, and marketing cookies — you choose to provide this data and may withdraw consent at any time
• Legitimate interest (Art. 6(1)(f)): Usage analytics and technical data — to maintain and improve the service

Your GDPR Rights: In addition to the rights listed in Section 7, EU/UK residents have the right to:

• Data portability (Art. 20): Receive your data in a structured, machine-readable format
• Restriction of processing (Art. 18): Request we limit how we process your data
• Object to processing (Art. 21): Object to processing based on legitimate interest
• Lodge a complaint: File a complaint with your local Data Protection Authority (a list of EU DPAs is available at edpb.europa.eu)

We will respond to all rights requests within 30 days. There is no fee for exercising your rights unless requests are manifestly unfounded or excessive.

13. International Data Transfers

Your data may be transferred to and processed in the United States and Canada through our use of Supabase and other cloud services. For transfers of personal data from the EEA/UK, we rely on:

• EU-US Data Privacy Framework (DPF): Our cloud providers are certified under the EU-US Data Privacy Framework where applicable
• Standard Contractual Clauses (SCCs): Where the DPF does not apply, we use European Commission-approved Standard Contractual Clauses to ensure adequate protection

We regularly assess the legal framework in destination countries to ensure your data receives an equivalent level of protection as required by GDPR.

14. Third-Party Personal Data You May Process

When using Libra, you may import or enter personal data belonging to third parties, such as client names in Google Calendar events or the income tracker. As the user, you are the data controller for any such third-party data. You are responsible for ensuring you have a lawful basis to process this information. We recommend informing your clients that you use a business planning tool that may store their names, and including appropriate disclosures in your own privacy policy or client agreements. Libra does not share, analyse, or use third-party personal data for any purpose other than displaying it to you within your own dashboard.

15. Governing Law

This Privacy Policy is governed by the laws of the Province of Alberta and the federal laws of Canada applicable therein, without regard to conflict of law principles.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice in the Libra dashboard and/or sending an email to your registered address at least 30 days before changes take effect. The effective date at the top indicates when this policy was last updated.