Privacy Policy
This Privacy Policy describes how Valectric AB ("the Company", "We", "Us", "Our") collects, uses, and discloses information about You when You use the MooseRunner Service, and what privacy rights You have under applicable law.
By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. Use of the MooseRunner Application is also governed by the End-User License Agreement ("EULA") and the Terms of Service; this Privacy Policy supplements both.
Interpretation and Definitions
Interpretation
The words whose initial letters are capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
- Account means a unique account created for You to access our Service or parts of our Service, including the Polar.sh Customer Portal.
- Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority. The Company currently has no Affiliates; this definition is retained for future use.
- Application refers to MooseRunner, the software program provided by the Company.
- Company (referred to as either "the Company", "We", "Us" or "Our" in this Privacy Policy) refers to Valectric AB, Brisgatan 54, 802 74 Gävle, Sweden. For the purposes of the GDPR, the Company is the Data Controller.
- Country refers to: Sweden.
- Data Controller, for the purposes of the GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.
- Device means any device that can access the Service such as a computer, a cell phone or a digital tablet.
- EULA means the End-User License Agreement governing use of the Application, available at https://www.mooserunner.com/eula.
- GDPR refers to the EU General Data Protection Regulation (Regulation (EU) 2016/679).
- Personal Data (or "Personal Information") is any information that relates to an identified or identifiable individual. For the purposes of GDPR, Personal Data means any information relating to You such as a name, an identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. We use "Personal Data" and "Personal Information" interchangeably.
- Service refers to the Website, the MooseRunner Application (as defined in the EULA), and any related online services made available by the Company.
- Service Provider means any natural or legal person who processes data on behalf of the Company. For the purposes of the GDPR, Service Providers are considered Data Processors.
- Terms means the Terms of Service governing the Service, available at https://www.mooserunner.com/terms.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
- Website refers to MooseRunner, accessible from https://www.mooserunner.com/.
- You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, You may be referred to as the Data Subject.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data You Provide
When You purchase a Subscription, sign up for the Free Trial, or contact Us, You provide Us with certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:
- Email address
- Name (collected by Polar.sh at checkout)
- Billing address (collected by Polar.sh at checkout)
The Company does not directly collect payment card numbers; payment is handled by Polar.sh as merchant of record (see "Service Providers" below).
License Validation Data
When You install and use the MooseRunner Application in Unity, the Application periodically transmits the following information to https://www.mooserunner.com/api/license/validate in order to verify that Your Subscription is active:
- Your License Key
- A device-specific hardware identifier ("HWID") derived from local system properties
This data flow is the core licensing and slot-tracking mechanism for the Application. The validation request is forwarded to Polar.sh for verification, and Polar.sh's response is returned to the Application along with a signed token. We retain license-key and HWID information for as long as the associated Subscription remains active in Polar.sh, plus any additional period required for accounting, dispute resolution, or replacement-key issuance.
Usage Data
Usage Data may be collected automatically when You access the Service. Usage Data may include Your Device's Internet Protocol address (e.g. IP address), browser type and version, the pages of our Website that You visit, the time and date of Your visit, the time spent on those pages, and other diagnostic data. These details are primarily logged by Our hosting and infrastructure Service Providers (see below) for security, fraud-prevention, and reliability purposes. We do not currently operate Our own analytics or tracking infrastructure on the Website.
Tracking Technologies and Cookies
The Website does not currently use cookies, web beacons, pixels, or similar tracking technologies. If We introduce non-essential cookies (such as analytics or remarketing cookies) in the future, We will update this Privacy Policy, present a cookie consent banner as required under the EU ePrivacy Directive and Sweden's lag (2022:482) om elektronisk kommunikation, and request Your consent before any such cookies are set on Your Device.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
- To provide and maintain the Service, including to verify license entitlements and monitor the usage of our Service.
- To manage Your Subscription, including processing payments via Polar.sh, issuing receipts, and providing customer support.
- For the performance of a contract, namely the EULA and Terms of Service to which You have agreed.
- To contact You by email regarding service-related updates, security notices, and material changes to legal documents (such as updates to this Privacy Policy, the Terms of Service, or the EULA).
- To respond to support requests sent to support@mooserunner.com or privacy@mooserunner.com.
- For business transfers, to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.
- To comply with legal obligations and to establish, exercise, or defend legal claims.
Service Providers
The Company relies on the following third-party processors to deliver the Service. Each is identified below together with the Personal Data they receive and the legal basis for any international transfer.
| Service Provider | Role | Personal Data Received | Location | Transfer Safeguards |
|---|---|---|---|---|
| Polar Software Inc. ("Polar.sh") | Merchant of record; subscription billing; license-key issuance; customer portal | Name, email, billing address, payment method (We never see card numbers), License Key, activation HWIDs, order history | United States | Standard Contractual Clauses (SCCs) |
| Vercel Inc. | Hosting for mooserunner.com and the /api/license/validate API |
IP address, request metadata, License Key, HWID (at validation time) | United States | Standard Contractual Clauses (SCCs) |
| Cloudflare, Inc. | DNS and email routing for support@, sales@, and privacy@mooserunner.com | Inbound email content and metadata addressed to those addresses | United States | Standard Contractual Clauses (SCCs) |
| npm, Inc. / GitHub, Inc. | Hosting of the MooseRunner UPM package tarball | IP address, package download metadata | United States | Standard Contractual Clauses (SCCs) |
Each Service Provider is contractually bound to process Personal Data only on Our instructions, to apply appropriate technical and organisational measures, and not to use Your data for their own purposes beyond the scope of the contract. You may request additional information about the safeguards in place (including redacted copies of the relevant contractual protections) by contacting privacy@mooserunner.com.
Email Marketing (placeholder)
We do not currently send marketing newsletters or promotional emails. If We introduce a marketing programme in the future, We will update this Privacy Policy to identify the email-marketing Service Provider We use, request Your explicit consent before adding You to any marketing list, and provide an unsubscribe mechanism in every email.
Sharing of Your Personal Data
We may share Your Personal Data in the following situations:
- With Service Providers as listed above.
- For business transfers in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business.
- With Affiliates — the Company currently has no Affiliates; this provision is retained for future use, and any Affiliate would be required to honour this Privacy Policy.
- With Your consent for any other purpose.
- To comply with legal obligations or in response to valid requests from public authorities.
Retention of Your Personal Data
We retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. Specific retention periods:
- License keys and activation HWIDs — for the lifetime of the active Subscription in Polar.sh, plus a reasonable period for accounting, dispute resolution, and re-issuance of replacement keys.
- Customer billing records — retained by Polar.sh in accordance with their retention policy and Our statutory obligations under Swedish bookkeeping law (Bokföringslagen requires retention of accounting records for at least 7 years).
- Support email — retained in Our support inbox until the matter is resolved and no longer needed for follow-up, typically up to 24 months.
- Vercel access logs — retained in accordance with Vercel's default retention (typically ~30 days).
We may retain Personal Data beyond these periods where legally required (for example, to respond to tax-authority requests), where necessary to establish, exercise or defend legal claims, or in encrypted backups scheduled for routine deletion. When retention periods expire, We securely delete or anonymise Personal Data.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices in Sweden and at the locations of Our Service Providers, which are predominantly based in the United States (Polar.sh, Vercel, Cloudflare, npm/GitHub). This means Your Personal Data is transferred outside the European Economic Area ("EEA") and the United Kingdom ("UK").
Where We transfer Personal Data outside the EEA/UK to a country that has not been recognised by the European Commission as providing an adequate level of protection, We rely on appropriate safeguards including:
- The European Commission's Standard Contractual Clauses ("SCCs") and, where applicable, the UK International Data Transfer Agreement ("IDTA") or the UK Addendum to the SCCs.
- Supplementary measures including encryption in transit and at rest, access controls, data minimisation, and vendor security reviews.
You may contact Us at privacy@mooserunner.com to request further information about the safeguards We use for international transfers, including redacted copies of the relevant contractual protections.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
To exercise this right, contact Us at privacy@mooserunner.com, or manage Your Subscription and billing details in the Polar.sh Customer Portal. Please note that We may need to retain certain information when We have a legal obligation or lawful basis to do so (for example, accounting records retained under Swedish law).
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the Company
- Prevent or investigate possible wrongdoing in connection with the Service
- Protect the personal safety of users of the Service or the public
- Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While We strive to use commercially reasonable means to protect Your Personal Data, We cannot guarantee its absolute security. License validation responses are signed using RSA-4096 and verified locally in the MooseRunner Application; license keys are transmitted over HTTPS.
GDPR Privacy
Legal Basis for Processing Personal Data under GDPR
We may process Personal Data under the following conditions:
- Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
- Performance of a contract: Provision of Personal Data is necessary for the performance of the EULA and the Terms of Service.
- Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject (for example, accounting records under Swedish law).
- Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company, including anti-piracy enforcement, fraud prevention, and infrastructure security.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your Rights under the GDPR
The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.
You have the right under this Privacy Policy, and by law if You are within the EU/EEA, to:
- Request access to Your Personal Data, including a copy of the Personal Data We hold about You.
- Request correction of any incomplete or inaccurate information We hold about You.
- Request erasure of Your Personal Data when there is no good reason for Us to continue processing it.
- Request restriction of processing of Your Personal Data in certain circumstances (for example, while We verify accuracy or consider an objection).
- Object to processing of Your Personal Data where We are relying on a legitimate interest as the legal basis, or where We are processing Your Personal Data for direct marketing purposes.
- Request data portability — We will provide Your Personal Data in a structured, commonly used, machine-readable format where the processing is based on consent or contract and is carried out by automated means.
- Withdraw Your consent at any time where We rely on consent as the legal basis. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
Exercising Your GDPR Data Protection Rights
You may exercise Your rights of access, rectification, erasure and objection by contacting Us at privacy@mooserunner.com. Please note that We may ask You to verify Your identity before responding to such requests. We generally respond within one month, and may extend by two further months where necessary in accordance with applicable law.
You have the right to lodge a complaint with a Data Protection Authority about Our collection and use of Your Personal Data. Valectric AB is established in Sweden; Sweden's supervisory authority is the Integritetsskyddsmyndigheten (IMY), contactable at https://www.imy.se/. If You are resident in another EU/EEA Member State, You may also lodge a complaint with the supervisory authority in Your country of residence.
California Consumer Privacy
If You are a resident of California and the California Consumer Privacy Act ("CCPA") or California Privacy Rights Act ("CPRA") applies to You, You have the right to request access to, correction of, and deletion of Your Personal Information, as well as the right to opt out of any "sale" or "sharing" of Personal Information as defined under those laws.
We do not sell or share Personal Information for cross-context behavioral advertising. To exercise Your California rights, contact privacy@mooserunner.com.
Children's Privacy
Our Service does not address anyone under the age of 16. We do not knowingly collect personally identifiable information from anyone under the age of 16. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us at privacy@mooserunner.com. If We become aware that We have collected Personal Data from anyone under the age of 16 without verification of parental consent, We take steps to remove that information from Our systems.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
"Do Not Track" Policy
Our Service does not currently respond to Do Not Track ("DNT") signals because We do not engage in cross-site tracking. If We introduce tracking technologies in the future, We will update this Privacy Policy to describe how Our Service responds to DNT signals.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy at https://www.mooserunner.com/privacy and updating the "Last updated" date at the top of this Privacy Policy. For material changes, We will provide reasonable prior notice (typically at least 30 days), including by email and/or through the in-Editor activation panel.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted at the URL above.
Contact Us
If You have any questions about this Privacy Policy or wish to exercise any of Your data-protection rights, You can contact Us:
- For privacy / data-protection matters: privacy@mooserunner.com
- For general support: support@mooserunner.com
- By post: Valectric AB, Brisgatan 54, 802 74 Gävle, Sweden