Privacy Policy

Last updated: April 18, 2026

1. Introduction

moot (hereinafter "the Service") respects user privacy and is committed to protecting personal information. This policy explains what information the Service collects, how it is used, and how it is protected.

2. Information We Collect

The Service collects the following information.

  • Email address: Used for account registration, authentication, and notification delivery
  • IP address: Recorded for fraud prevention and security purposes. For analytics, IP addresses are irreversibly hashed (SHA-256) and never stored in raw form.
  • Usage logs: Access data recorded for service improvement
  • Anonymous event data: Aggregated behavioral events (page views, moot creation, seat joins, comments, votes, etc.) recorded together with session identifiers, referrer, and country-level geolocation for product analytics
  • Session identifiers: A randomly generated session ID stored in an HttpOnly cookie (moot_sid) to group related events within a single visit
  • Email tracking identifiers: Opaque IDs (eid) embedded in notification email links, used to measure email effectiveness (delivery, click-through, and downstream actions). These IDs do not expose your email address.
  • User content: Comments, moot titles and descriptions, and other content posted by users
  • Feedback: Bug reports, feature requests, and other voluntarily submitted content

3. How We Use Information

  • Account authentication and session management
  • Providing, maintaining, and improving the Service
  • Prevention of fraud and spam
  • Responding to user support inquiries
  • Product analytics such as acquisition sources, activation funnel, retention, session behavior, and country-level distribution (in a non-personally identifiable manner)
  • Measuring the effectiveness of notification emails (delivery, click-through, downstream actions)
  • Automatic translation of user content into other languages

4. Protecting Anonymity

Anonymity is a core value of the Service. Users are assigned temporary names within discussions, and email addresses or other personal information are never displayed to other participants. The operator will not disclose information that could compromise user anonymity, except as required by law.

5. Information Sharing

The Service does not share personal information with third parties except in the following cases.

  • When required by law to disclose information
  • When necessary to protect the life, body, or property of users
  • When the user has given consent

6. Use of Cookies

The Service uses the following first-party cookies. No third-party advertising or tracking cookies are used.

  • Authentication cookie: Maintains your login state (HttpOnly)
  • Session cookie (moot_sid): A randomly generated identifier used to group anonymous analytics events within a single visit. HttpOnly, SameSite=Lax, 30-minute sliding expiration.
  • Locale cookie (NEXT_LOCALE): Remembers your language preference

You can disable cookies through your browser settings, but some features may become unavailable.

7. Analytics and Measurement

To understand how the Service is used and to improve product quality, we collect anonymous event data on a self-hosted basis. No third-party advertising or analytics providers are used.

  • Event data: Page views, signup, login, moot creation, seat joins, comments, votes, follows, email opens/clicks, and similar behavioral events
  • Session grouping: Events are grouped by a first-party session identifier (moot_sid cookie) to measure time-to-action, per-session activity, and funnels
  • Geolocation: Only country-level (2-letter country code) derived from the request; city, precise location, and raw IP addresses are not stored
  • IP hashing: Where an IP-derived identifier is needed for analytics, a SHA-256 hash is stored instead of the raw address
  • Email tracking: Notification emails contain an opaque tracking identifier (eid) so we can measure delivery effectiveness and downstream actions. This identifier does not reveal your email address to third parties.
  • No cross-site tracking: We never share analytics data with advertisers, data brokers, or third-party trackers

8. Data Storage and Security

  • Data is transmitted through encrypted connections (HTTPS)
  • We do not store passwords (we use email-based authentication)
  • Session tokens are managed with HttpOnly cookies to mitigate XSS attack risks
  • Database access is protected through encrypted connections

9. Data Deletion

Users can request account deletion from their profile page. Upon account deletion, your email address and associated account information will be deleted. However, previously posted comments may remain in an anonymized state.

10. Protection of Minors

The Service is not intended for users under the age of 13. If we become aware that a person under 13 has provided personal information, we will promptly delete that information.

11. Policy Changes

This policy may be updated as necessary. Significant changes will be notified within the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Child Safety

moot has a zero-tolerance policy against Child Sexual Abuse and Exploitation (CSAE). For details on our child safety standards, reporting procedures, and dedicated contact, please see our Child Safety Standards.

13. Contact

For privacy-related inquiries, please contact us via the form.