// Trust & Security Report

    Go Moonbeam LLC logo

    Go Moonbeam LLC

    Moonbeam - AI long-form writing assistant (web app + Chrome extension)

    Certifications held

    3

    Maturity

    Startup

    Trains on your data

    Unknown

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2
    HELD

    No SOC 2 claim appears anywhere on gomoonbeam.com or its privacy policy. A third-party auto-generated vendor-risk profile (Nudge Security) lists Moonbeam as SOC 2 compliant, but this is not stated or evidenced on the vendor's own domain and is contradicted by the vendor's thin self-published security posture.

    Verify on gomoonbeam.com
    ISO 27001
    HELD

    No ISO 27001 claim on the vendor's own site. Only a third-party (Nudge Security) profile asserts it; no certificate, auditor, or statement of applicability is published by Moonbeam.

    Verify on gomoonbeam.com
    GDPR (regulatory compliance, not a certification)
    HELD

    The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: Consent... Legitimate Interests... Legal Obligations... Vital Interests.

    Verify on gomoonbeam.com
    > Show 3 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    No FedRAMP authorization is published on the vendor site, and Moonbeam does not appear on the FedRAMP Marketplace. The third-party profile claim is not credible for a consumer AI writing startup.

    source: gomoonbeam.com
    CSA STAR
    NOT CONFIRMED

    No CSA STAR listing or self-assessment is referenced on the vendor's own domain.

    source: gomoonbeam.com
    HIPAA
    NOT CONFIRMED

    No HIPAA, BAA, or PHI handling is mentioned. Privacy policy explicitly states: 'We do not process sensitive personal information.'

    source: gomoonbeam.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    unknown

    Moonbeam is built on top of GPT-4 / ChatGPT-class models (the marketing site references 'GPT-4 powered Smart Chat' and 'ChatGPT', surfaced through a 'Luna' AI persona; no GPT-3 claim is evidenced). The privacy policy is silent on whether user-generated documents are used to train AI models, and there is no AI/data-use policy on the site. Processing purposes listed are limited to providing/improving/administering the Service, marketing, security/fraud prevention, and legal compliance; 'improve... our Services' is generic and does not confirm or rule out model training. No opt-out toggle for AI training is disclosed.

    // Security controls

    Stated security measures

    Generic only: 'appropriate and reasonable technical and organizational security measures'. Explicit disclaimer that no transmission/storage can be guaranteed 100% secure.

    gomoonbeam.com

    Encryption at rest / in transit

    not verified - no specific encryption claim (TLS/AES) published on the vendor site

    gomoonbeam.com

    Payment security

    Payment data is handled by Stripe (PCI-DSS Level 1 processor), not stored by Moonbeam: 'All payment data is stored by Stripe.'

    gomoonbeam.com

    Bug bounty program

    None found (no HackerOne / Bugcrowd / security.txt / responsible disclosure page on the vendor domain)

    gomoonbeam.com

    Penetration testing

    not verified - no statement of third-party pentesting published

    gomoonbeam.com

    Sub-processors

    Stripe (payments) and OpenAI (model inference) are implied; no formal sub-processor list is published

    gomoonbeam.com

    Data subject rights

    Provided: data subject request form plus CCPA/California rights and minors-under-18 clause referenced

    gomoonbeam.com

    // Products & data scope

    Moonbeam (Free + Pro web app)AI long-form writing assistant

    data: Collects names, email addresses, contact preferences, user-authored documents/prompts, social-login profile data (if used), plus automatic log/usage/device/location data. Payment via Stripe. Same privacy scope across Free and Pro tiers.

    Pro is a paid tier (30-day money-back guarantee) unlocking unlimited generation and the Wizard/custom style features. No separate enterprise data terms published.

    Moonbeam Collaboration / Team modeTeam document collaboration

    data: Shared documents across team members (Google Docs-like). No distinct team/enterprise DPA or admin-security controls documented.

    Marketed as a feature, not a separately governed product. No enterprise compliance scope disclosed.

    Moonbeam Chrome ExtensionBrowser extension

    data: Linked from the footer; same privacy policy applies. Browser-level permissions not detailed in the policy.

    Extends the writing assistant into the browser.

    // What to watch

    • Small single-vendor startup (Go Moonbeam LLC); privacy policy last updated August 20, 2022 and not refreshed for current AI/data-use disclosures.
    • No trust center, no security page, no security.txt, no published certifications on the vendor's own domain.
    • CONFLICTING SIGNAL: a third-party auto-generated profile (Nudge Security) lists SOC2/ISO27001/FedRAMP/CSA STAR/GDPR as held. None are evidenced on the vendor domain and the FedRAMP/CSA claims are not credible for a consumer writing tool. Treated as unverified marketing-aggregator noise, NOT vendor proof.
    • No DPA, no sub-processor list, no encryption specifics, no AI-training opt-out disclosed.
    • Built on OpenAI (GPT-4); customer content is sent to a third-party LLM provider - downstream data handling depends on OpenAI's API terms, not documented by Moonbeam.
    • No terms-of-service URL located during this review.

    // At a glance

    Pricing model

    Freemium - generous Free Plan plus paid Moonbeam Pro subscription with a 30-day 100% money-back guarantee

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Go Moonbeam LLC's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    gomoonbeam.com

    > Browse all vendor trust reports