AI Systems Disclosure

Effective date: May 16, 2026 · Last updated: May 16, 2026 · Version: 1.1

What this document is. Project Lunar provides AI-assisted marketing and operational services. This page discloses, for prospective and current clients, how AI is used in our work, what safeguards are in place, which third-party providers handle data, and what rights you have over information you share with us. It complements (and does not replace) our Privacy Policy and Terms of Service.

1. Who We Are

Project Lunar is operated by Xander Gamelo, located in Alberta, Canada (“we”, “us”, “our”). Project Lunar provides AI-powered marketing, creative, consulting, and analytics services to small and mid-market businesses, primarily in North America.

Contact for privacy or AI-disclosure inquiries: xander@lunar-project.com · lunar-project.com

2. What “AI-Assisted” Means at Project Lunar

Project Lunar uses large language models (LLMs) and supporting AI tooling as part of its service delivery. Concretely:

AI assistants help draft marketing copy, brand strategy documents, creative briefs, research summaries, analytics commentary, and code.
AI agents (autonomous, task-oriented processes) perform scheduled operational work such as content scheduling, campaign monitoring, lead enrichment, and reporting.
AI tools assist with visual asset generation, voice synthesis, transcription, and translation where appropriate to the engagement.

We treat AI as a force-multiplier for human strategists and operators. Every client-facing deliverable is reviewed by a human at Project Lunar before it is delivered, published, or sent on a client’s behalf. Where an AI agent acts autonomously (for example, on a recurring schedule), the agent operates within written rules, scoped credentials, and a logged decision trail.

3. System Architecture — High-Level

Our production environment is built on two trust zones connected by an encrypted private mesh network:

Operator devices. Workstations used by Project Lunar personnel to plan, review, and approve work. These hold source-of-truth client files, identity tokens, and operator credentials.
Production servers. Cloud-hosted compute that runs autonomous agents and scheduled tasks 24×7. Production servers do not hold operator credentials; they hold scoped service credentials issued for each integration.
Encrypted private mesh. All traffic between operator devices and production servers traverses an authenticated, end-to-end-encrypted overlay network. Production servers have no public-internet listening port for operational access.

Within this architecture, autonomous agents operate as separate identities from the human operator. Agent identities are constrained at the operating-system level — even where an agent holds administrative-level access for the work it performs, file-system rules deny it access to operator credentials, identity tokens, and unrelated personal data.

Specific hostnames, IP addresses, vendor account identifiers, and credential-storage paths are not disclosed on this public page. Where required for vendor due diligence, we provide an architecture data sheet under NDA.

4. Data Handling Principles

Project Lunar applies the following principles to all client data:

Data minimization. We collect only the information necessary to deliver the engagement.
Purpose limitation. Information you share with us is used only for the agreed engagement. We do not repurpose your data for unrelated training, marketing, or commercial use.
No reuse for model training. Where the AI providers we use offer a no-training option, we elect it. We do not knowingly contribute client data to public training corpora.
Encryption in transit and at rest. All client data transits over TLS/encrypted channels and is stored on encrypted volumes.
Credential separation. Operator credentials and client credentials are kept in separate, access-controlled stores. Agents receive least-privilege scoped tokens, not your master credentials.
Auditability. Every agent action against an external service (sending an email, posting to social, placing an ad) is logged with timestamp, requesting identity, and result.

5. Subprocessors and Third-Party AI Providers

Project Lunar relies on the following categories of third-party services. Each operates under its own terms and privacy commitments; we engage them as subprocessors as defined under PIPEDA / Alberta PIPA and (where applicable) the EU GDPR.

5.1 Large Language Model Providers

Provider	Purpose	Privacy Reference
Anthropic (Claude API)	General reasoning, content generation, agentic workflows	anthropic.com/privacy
OpenAI	Alternate language model backend, research summarisation	openai.com/privacy
Google (Gemini, Vertex AI)	Long-context analysis, creative generation	cloud.google.com/privacy
OpenRouter	Multi-provider routing layer	openrouter.ai/privacy

5.2 Cloud Infrastructure

Provider	Purpose	Privacy Reference
Amazon Web Services	Compute, storage, identity, transactional email, outbound voice (Amazon Connect)	aws.amazon.com/privacy
Microsoft 365 / OneDrive	Document storage, identity, collaboration	microsoft.com/privacy
Google Workspace / Drive	Document storage, collaboration	google.com/policies/privacy
Tailscale	Private mesh network between operator devices and production servers	tailscale.com/privacy
Vercel	Application hosting and edge delivery for client web applications	vercel.com/legal/privacy-policy

5.3 Marketing & Operations Platforms

Provider	Purpose	Privacy Reference
Meta (Facebook / Instagram Business)	Paid advertising, page management	facebook.com/privacy/policy
Intuit Mailchimp	Email marketing and audience management (engagement-specific; used where a client engagement requires it)	intuit.com/privacy
Twilio	SMS messaging, transactional voice	twilio.com/legal/privacy
Vapi.ai	Voice AI orchestration for outbound communications (where engaged)	vapi.ai/legal
ElevenLabs	AI voice synthesis (Tier 2 voice-agent engagements)	elevenlabs.io/privacy
Deepgram	Speech-to-text transcription (Tier 2 voice-agent engagements)	deepgram.com/privacy
HubSpot / GoHighLevel	CRM and marketing automation (per-client)	respective provider
Google Analytics 4, Search Console	Performance analytics	google.com/policies/privacy

5.4 Authentication and Security

Provider	Purpose	Privacy Reference
Clerk	User authentication for Project Lunar applications	clerk.com/privacy
Cloudflare	DNS, edge caching, application protection	cloudflare.com/privacypolicy
Stripe	Subscription billing and payment processing for Project Lunar applications	stripe.com/privacy

This list is non-exhaustive. Engagement-specific subprocessors (for example, a client-mandated CRM or ad platform) are documented in the client Master Services Agreement.

6. Security Architecture — What We Do

6.1 Network Boundary

Production servers have no inbound public-internet listening service for operational access. All operator and agent traffic enters through an encrypted private mesh network with per-device authentication.

6.2 Identity Separation

Operator identities (human) and agent identities (automated) are distinct operating-system accounts with distinct credentials. A compromise of an agent identity cannot escalate to operator-level access without separately compromising operator credentials.

6.3 File-System Access Controls

Credential files, identity tokens, and private keys carry deny-rules against agent identities even where the agent identity is otherwise privileged on the machine. This limits the blast radius of any agent-level compromise.

6.4 Decoy and Alerting Layer

Operator and production systems carry decoy files designed to attract automated credential-scanning activity. Decoys contain instrumented identifiers that, when used or transmitted, generate real-time alerts to the operations team. Genuine credentials never overlap with decoy values.

6.5 Pre-Commit Secret Scanning

All source-control commits across operator and production environments pass through automated pattern-matching that blocks accidental publication of access keys, API tokens, and private keys.

6.6 Human Review Gate

Client-facing deliverables (copy, designs, campaigns, communications) are reviewed by a human Project Lunar operator before release. Agentic processes that act autonomously between reviews operate within written policies and are observable through logs you can request.

6.7 Application-Layer Security Hardening

Web applications built and operated by Project Lunar implement defence-in-depth at the HTTP layer: a Content Security Policy restricting script and resource origins, HTTP Strict Transport Security, clickjacking prevention, MIME-sniffing protection, and permission scoping for browser APIs. PII-bearing API endpoints are configured with Cache-Control: no-store to prevent exposure on shared devices.

7. Data You Provide and How We Use It

Data Category	Purpose
Business contact information (your name, role, email, phone)	Account management, engagement communication, invoicing
Customer / prospect lists you provide	Operating the agreed campaigns or analyses on your behalf
Brand assets, source materials, content briefs	Producing creative and strategic deliverables
Performance data from your platforms (ad accounts, analytics, CRM)	Reporting, optimisation recommendations
Recordings or transcripts of strategy calls (with consent)	Strategy documents, internal training, retrieval-augmented context for AI assistants

We do not sell, rent, or broker any personal information. We do not use your business data for advertising purposes.

8. AI Content Disclosure

Where Project Lunar produces content with AI assistance, we follow these principles:

We disclose AI assistance to clients at the engagement level (in the MSA and project documentation).
We do not represent AI-generated content as solely human-authored where doing so would mislead an audience or breach a platform’s rules.
For paid social content, we follow platform-level AI disclosure requirements (Meta, Google, TikTok, etc.).
For voice and likeness generation, we obtain documented consent from the natural person being represented before any synthesis or cloning.

9. Retention

Default retention follows the engagement: we retain operational data for as long as needed to deliver the contracted services plus a reasonable period thereafter for audit and reconciliation, generally twenty-four (24) months after engagement close unless the engagement specifies otherwise.

You may request earlier deletion of identifiable information; we will comply within thirty (30) days subject to any legal-hold obligations or open invoices.

10. Your Rights

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), Alberta’s Personal Information Protection Act (PIPA), and equivalent regimes where applicable, you have the right to:

Request access to the personal information we hold about you
Request correction of inaccurate information
Withdraw consent for ongoing processing, subject to contractual obligations
Complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Office of the Information and Privacy Commissioner of Alberta (oipc.ab.ca)

Send requests to xander@lunar-project.com.

11. Breach Notification

In the event of a personal-information breach posing a real risk of significant harm (as defined under PIPEDA), Project Lunar will:

Notify affected individuals as soon as reasonably feasible.
Notify the Office of the Privacy Commissioner of Canada.
Retain a record of the breach as required.
Where the affected data is yours, notify you (the client) without undue delay and coordinate any downstream notification.

12. Cross-Border Transfers

Several of our subprocessors operate from the United States, the European Union, or other jurisdictions. By engaging Project Lunar, you acknowledge that information may be processed outside of Canada. Each subprocessor is bound by its own data-protection obligations under contracts we maintain.

13. Children

Project Lunar’s services are intended for use by businesses and adults. We do not knowingly process personal information of individuals under 18 years of age.

14. Updates to This Disclosure

We may update this disclosure as our systems evolve. Material changes will be reflected in the “Last updated” date above. Where a change materially affects how your data is handled, we will notify you through the engagement’s primary contact channel.

15. Contact

Project Lunar
Attn: Xander Gamelo, Founder
Alberta, Canada
xander@lunar-project.com
lunar-project.com

Vendor due-diligence packet. For procurement teams, security reviewers, or counsel requiring deeper technical detail (architecture diagrams, subprocessor list with DPAs, incident-response runbook, threat-model summary), request the Vendor Due-Diligence Packet from xander@lunar-project.com. The packet is released under mutual NDA.