// Trust & Security Report
Go Moonbeam LLC
Moonbeam - AI long-form writing assistant (web app + Chrome extension)
Certifications held
3
Maturity
Startup
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on gomoonbeam.com“No SOC 2 claim appears anywhere on gomoonbeam.com or its privacy policy. A third-party auto-generated vendor-risk profile (Nudge Security) lists Moonbeam as SOC 2 compliant, but this is not stated or evidenced on the vendor's own domain and is contradicted by the vendor's thin self-published security posture.”
Verify on gomoonbeam.com“No ISO 27001 claim on the vendor's own site. Only a third-party (Nudge Security) profile asserts it; no certificate, auditor, or statement of applicability is published by Moonbeam.”
Verify on gomoonbeam.com“The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: Consent... Legitimate Interests... Legal Obligations... Vital Interests.”
> Show 3 unconfirmed / not-held certifications
source: gomoonbeam.comNo FedRAMP authorization is published on the vendor site, and Moonbeam does not appear on the FedRAMP Marketplace. The third-party profile claim is not credible for a consumer AI writing startup.
source: gomoonbeam.comNo CSA STAR listing or self-assessment is referenced on the vendor's own domain.
source: gomoonbeam.comNo HIPAA, BAA, or PHI handling is mentioned. Privacy policy explicitly states: 'We do not process sensitive personal information.'
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not stated
Data region
unknown
Moonbeam is built on top of GPT-4 / ChatGPT-class models (the marketing site references 'GPT-4 powered Smart Chat' and 'ChatGPT', surfaced through a 'Luna' AI persona; no GPT-3 claim is evidenced). The privacy policy is silent on whether user-generated documents are used to train AI models, and there is no AI/data-use policy on the site. Processing purposes listed are limited to providing/improving/administering the Service, marketing, security/fraud prevention, and legal compliance; 'improve... our Services' is generic and does not confirm or rule out model training. No opt-out toggle for AI training is disclosed.
// Security controls
Stated security measures
Generic only: 'appropriate and reasonable technical and organizational security measures'. Explicit disclaimer that no transmission/storage can be guaranteed 100% secure.
gomoonbeam.comEncryption at rest / in transit
not verified - no specific encryption claim (TLS/AES) published on the vendor site
gomoonbeam.comPayment security
Payment data is handled by Stripe (PCI-DSS Level 1 processor), not stored by Moonbeam: 'All payment data is stored by Stripe.'
gomoonbeam.comBug bounty program
None found (no HackerOne / Bugcrowd / security.txt / responsible disclosure page on the vendor domain)
gomoonbeam.comSub-processors
Stripe (payments) and OpenAI (model inference) are implied; no formal sub-processor list is published
gomoonbeam.comData subject rights
Provided: data subject request form plus CCPA/California rights and minors-under-18 clause referenced
gomoonbeam.com// Products & data scope
data: Collects names, email addresses, contact preferences, user-authored documents/prompts, social-login profile data (if used), plus automatic log/usage/device/location data. Payment via Stripe. Same privacy scope across Free and Pro tiers.
Pro is a paid tier (30-day money-back guarantee) unlocking unlimited generation and the Wizard/custom style features. No separate enterprise data terms published.
data: Shared documents across team members (Google Docs-like). No distinct team/enterprise DPA or admin-security controls documented.
Marketed as a feature, not a separately governed product. No enterprise compliance scope disclosed.
data: Linked from the footer; same privacy policy applies. Browser-level permissions not detailed in the policy.
Extends the writing assistant into the browser.
// What to watch
- Small single-vendor startup (Go Moonbeam LLC); privacy policy last updated August 20, 2022 and not refreshed for current AI/data-use disclosures.
- No trust center, no security page, no security.txt, no published certifications on the vendor's own domain.
- CONFLICTING SIGNAL: a third-party auto-generated profile (Nudge Security) lists SOC2/ISO27001/FedRAMP/CSA STAR/GDPR as held. None are evidenced on the vendor domain and the FedRAMP/CSA claims are not credible for a consumer writing tool. Treated as unverified marketing-aggregator noise, NOT vendor proof.
- No DPA, no sub-processor list, no encryption specifics, no AI-training opt-out disclosed.
- Built on OpenAI (GPT-4); customer content is sent to a third-party LLM provider - downstream data handling depends on OpenAI's API terms, not documented by Moonbeam.
- No terms-of-service URL located during this review.
// At a glance
Pricing model
Freemium - generous Free Plan plus paid Moonbeam Pro subscription with a 30-day 100% money-back guarantee
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Go Moonbeam LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
gomoonbeam.com