Effective July 8, 2026 · Last updated July 8, 2026

Privacy Policy

This Privacy Policy describes how Emouna LLC ("Emouna," "we," "us," or "our") collects, uses, discloses, and protects personal information when you visit our website at emouna.com.mx (the "Site"), apply for or purchase our services, communicate with us, or use any mobile or web application that we publish (each an "App"). It also explains the rights and choices available to you. This Policy serves as our Notice at Collection for California residents and our privacy notice under the data protection laws identified in Section 12.

Plain-English summary (the full policy below controls): We collect what you type into our application form, basic non-identifying analytics, and — for our Apps — only what each App's store listing declares. We use it to respond to you, deliver services, and run our Apps. We never sell personal information, never share it for targeted advertising, use no advertising networks or third-party trackers, and store no payment card numbers. You can get a copy of your data or have it deleted by emailing jack@emouna.com.mx.

1. Who we are and what this Policy covers

Emouna LLC is a United States limited liability company that operates an AI-native product studio: we build custom software for clients ("build weeks"), teach people to build software with AI ("vibe coding training"), provide AI consulting, and publish our own mobile and web applications through platforms such as the Apple App Store and Google Play.

Emouna LLC is the data controller (or "business" under California law) for personal information covered by this Policy. This Policy applies to:

This Policy does not apply to third-party websites, products, or services we do not control, even if we link to them.

2. Information we collect

2.1 Information you provide directly

ContextData collected
Application / intake formFull name; email address; phone number; whether you checked the consent box for calls/texts (and the time of submission); which offering you're interested in ("build it for me" or "teach me to build it"); budget range; timeline; and the free-text description of your project or app idea.
Email & other correspondenceYour address, the contents of the messages, and any attachments you send.
Training enrollmentName, email, billing details handled by our payment provider, session attendance, and work you choose to share during training.
Client engagementsBusiness contact details, project requirements, credentials or content you give us to build your product, and billing records. Client project materials are handled under Section 9 and any signed agreement.
App accounts & content (where an App offers them)Email address or sign-in identifier, display name if you set one, and content you create inside the App (for example, logs, notes, or settings).

2.2 Information collected automatically

2.3 Information from platforms and other sources

3. What we do not collect and do not do

4. How we use information

We use personal information to:

  1. Respond and provide services — review your application, hold your scope call, deliver development, training, and consulting engagements, and manage our client relationships;
  2. Operate our Apps — provide App features you request, maintain your account and content, honor purchases and subscriptions, and restore access across your devices;
  3. Communicate — send transactional messages (such as confirming we received your application, scheduling, invoices, service updates) and, only with your consent, marketing calls or texts (Section 6);
  4. Improve and secure — measure aggregate Site traffic, fix bugs and crashes, prevent spam, fraud, and abuse (including rate-limiting form submissions), and protect our systems and users;
  5. Comply and enforce — meet legal, tax, and accounting obligations; respond to lawful requests; enforce our Terms & Conditions; and establish, exercise, or defend legal claims.

We do not use personal information for purposes incompatible with these without telling you first and, where required, obtaining your consent.

PurposeLegal basis
Responding to your application; delivering services and Apps you request; processing purchasesPerformance of a contract, or steps at your request before entering one (GDPR Art. 6(1)(b))
Marketing calls and texts; optional device permissions (location, sensors, HealthKit); optional communicationsConsent (Art. 6(1)(a)), withdrawable at any time; health data is processed only with your explicit consent (Art. 9(2)(a))
Aggregate analytics; security, anti-abuse and rate limiting; improving our Site, services and Apps; portfolio record-keepingLegitimate interests (Art. 6(1)(f)) — running, protecting, and improving a small business in ways that do not override your rights
Tax, accounting, and other legal obligations; responding to lawful requestsLegal obligation (Art. 6(1)(c))
Establishing, exercising, or defending legal claimsLegitimate interests / legal claims (Art. 6(1)(f), Art. 9(2)(f) where relevant)

6. Calls and text messages (TCPA disclosure)

Our application form includes an optional, unchecked-by-default checkbox. If — and only if — you check it, you consent to receive calls and text messages from Emouna LLC at the number you provided, which may include automated technology, prerecorded messages, and marketing content about our services.

7. Cookies, analytics, and "Do Not Track"

The Site sets no cookies of its own and uses no third-party analytics or advertising trackers. Our analytics are first-party and server-side, as described in Section 2.2, and contain no identifiers. Our security provider (Cloudflare) may set strictly necessary security cookies (for example, bot-mitigation cookies) required to protect the Site; these are essential and are not used to profile you.

Because we do not track visitors across websites or over time, there is nothing for a browser "Do Not Track" or Global Privacy Control ("GPC") signal to switch off — but for clarity: we treat all visitors as if those signals were on, and since we do not sell or share personal information, no opt-out action is needed for GPC purposes under California law.

8. Health, fitness, sensor, and HealthKit data

Some of our Apps may — with your explicit permission — access device sensors (such as barometric pressure, motion, GPS, or heart rate through a paired device) or read from and write to Apple HealthKit. For any such data, we commit to the following, consistent with Apple's requirements:

9. AI systems and your data

We are an AI-native studio, so we want to be unambiguous about how AI intersects with your data:

10. How we disclose information

We disclose personal information only as follows:

10.1 Service providers (processors)

Companies that process data on our behalf, under contracts limiting their use of it to providing services to us:

ProviderRoleData involved
Cloudflare, Inc. (USA)Website hosting, security, edge network, and database storageSite traffic; form submissions; analytics records
Zoho CorporationBusiness emailEmail correspondence; application notifications
Apple Inc.App distribution, payments, subscriptionsTransaction data; App diagnostics per your device settings
Google LLCApp distribution and payments (Android)Transaction data; App diagnostics per your device settings
AI model providers (e.g., Anthropic)Processing for engineering work and any disclosed in-App AI featuresOnly the content needed for the feature or engagement; no training on inputs

10.2 Other disclosures

11. Data retention

CategoryRetention period
Application form submissionsUp to 24 months after last contact, unless you become a client (then for the client relationship + records period) or request deletion sooner
TCPA consent records and opt-outsAt least 4 years (statute-of-limitations record-keeping), stored even after deletion requests as a suppression record
Form-abuse IP recordsAutomatically irrelevant after rate-limit windows; purged with routine database maintenance, no later than 12 months
Site analyticsIndefinite — contains no personal identifiers
Email correspondenceDuration of the relationship + up to 7 years for business records
Client engagement and billing records7 years (tax/accounting requirements)
App account dataLife of the account; deleted within 30 days of account deletion, except minimal transaction records we must keep
Health/sensor data stored on-device or in HealthKitControlled by you on your device; we do not hold it

When retention ends, we delete or irreversibly de-identify the data. Backups purge on their own rotation shortly after.

12. Your rights and choices, by region

12.1 Everyone, everywhere

Regardless of where you live, you may email jack@emouna.com.mx to: (a) request a copy of the personal information we hold about you; (b) correct it; (c) delete it; (d) withdraw any consent you gave (including SMS consent); or (e) object to a use of your data. We respond within 30 days, verify requests using the email or phone number we have on file, and never discriminate against you for exercising rights. If we deny a request (for example, data we must legally retain), we will explain why, and you may appeal by replying to our decision.

12.2 European Economic Area, United Kingdom, and Switzerland

You additionally have the rights of access, rectification, erasure, restriction of processing, data portability, and objection (including to legitimate-interest processing), and the right to withdraw consent without affecting prior processing (GDPR Arts. 15–21). You may lodge a complaint with your local supervisory authority (for the UK, the ICO at ico.org.uk). We do not conduct automated decision-making described in GDPR Art. 22.

12.3 California (CCPA/CPRA)

California residents have the rights to know/access, delete, correct, and port personal information; to opt out of sale or sharing (we do neither); to limit use of sensitive personal information (we use none beyond what is necessary to provide requested services); and to non-discrimination. In the preceding 12 months we collected these categories of personal information: identifiers (name, email, phone, form IP); customer records (billing information for services); commercial information (services considered or purchased); internet activity (non-identifying page-view analytics); geolocation (country-level only from the Site; precise location only in Apps that request it); sensory/health data (only in Apps you authorize, held on-device where possible); and inferences (none beyond evaluating your application). Sources, purposes, and recipients are as described in Sections 2, 4, and 10. You may use an authorized agent with written permission; we will verify the request as described above. Requests under California Civil Code §1798.83 ("Shine the Light"): we disclose no personal information to third parties for their direct marketing.

12.4 Other U.S. states

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others) have equivalent rights of access, correction, deletion, portability, and opt-out of targeted advertising, sale, or profiling — none of which we engage in. Exercise any of these via Section 12.1, including the appeal process described there.

12.5 Mexico (LFPDPPP)

Because our Site operates at a .com.mx domain, we also honor the ARCO rights under Mexico's Ley Federal de Protección de Datos Personales en Posesión de los Particulares: Acceso (access), Rectificación (correction), Cancelación (cancellation/deletion), and Oposición (objection), plus revocation of consent. Send ARCO requests to jack@emouna.com.mx with your name, a means to verify your identity, and a description of the data concerned; we respond within the statutory period. You may also contact Mexico's data protection authority (INAI) if unsatisfied.

12.6 Nevada

Nevada residents may opt out of the sale of covered information; we do not sell covered information, but you may still register the request via Section 12.1.

13. App accounts, permissions, and deletion

14. Children's privacy

The Site, our services, and our Apps are intended for general audiences and are not directed to children under 13 (or the higher minimum age in your jurisdiction, such as 16 in parts of the EEA). We do not knowingly collect personal information from children. If we learn we have collected personal information from a child without verifiable parental consent, we will delete it promptly. If you believe a child has provided us personal information, contact jack@emouna.com.mx. Apps that may appeal to mixed audiences will use age screens or platform age ratings as appropriate; none of our Apps serve behavioral advertising to anyone, children included.

15. Security

We protect personal information with technical and organizational measures appropriate to its sensitivity, including: TLS encryption for all data in transit to the Site and Apps; encryption at rest with our infrastructure providers; access to personal data limited to personnel who need it, protected by strong authentication (including hardware-backed or multi-factor credentials); separation between our public Site and data stores; server-side input validation and rate limiting on public endpoints; and prompt application of security updates. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law, without undue delay.

16. International data transfers

We are based in the United States and our providers process data primarily in the United States and other countries where they operate. These countries may have data-protection laws different from your own. Where we transfer personal information from the EEA, UK, or Switzerland, we rely on safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), our providers' participation in the EU–U.S. Data Privacy Framework where applicable, and supplementary technical measures like encryption. You may request more information about the safeguards applied to your data via Section 19.

The Site and our Apps may link to third-party websites or rely on third-party services (for example, Apple's subscription management screens, carrier messaging, or a client's own product). Their privacy practices are their own; this Policy does not cover them, and we encourage you to read their policies.

18. Changes to this Policy

We may update this Policy as our services, Apps, or the law evolve. The "Last updated" date above always reflects the current version. For material changes, we will provide reasonable prominent notice — such as a notice on the Site, an in-App notice, or an email where we have one for you — before the change takes effect, and where required by law we will seek renewed consent. Archived prior versions are available on request.

19. How to contact us

Emouna LLC — Privacy Email: jack@emouna.com.mx (subject line "Privacy Request" gets fastest handling)
Website: emouna.com.mx
We respond to privacy inquiries and rights requests within 30 days. If you are in the EEA/UK and believe we have not resolved your concern, you may contact your supervisory authority; in Mexico, INAI; in California, the California Privacy Protection Agency.