Privacy Policy

About this policy

This Privacy Policy explains how Gazdura collects, uses, stores, and protects information across the Gazdura Service. The Service includes the gazdura.com pre-launch waitlist, the gazdura.com authenticated product (account, onboarding, dashboard, Trip Optimizer, alerts, share-cards), the gazdura.com subscription billing flow (Gazdura Gold, Gazdura Platinum, and the 14-day Platinum trial), and any related transactional communications. Gazdura is the customer-facing brand of Lunar Wave LLC, a Washington limited liability company doing business as Gazdura (UBI 604-248-430). References to “Gazdura,” “the Service,” or “the Company” in this policy mean Lunar Wave LLC d/b/a Gazdura.

Geographic scope: the Gazdura Service is offered to United States residents only. Visitors located outside the United States should not submit information to gazdura.com. International expansion will trigger a separate Privacy Policy revision with appropriate jurisdiction-specific tailoring before the Service is opened beyond the United States.

Voice:this policy is written in the voice of the Gazdura entity. References to “Gazdura” mean the Service operated by Lunar Wave LLC, not any individual person.

1. Information Gazdura collects

Gazdura collects only the information needed to operate the Service. The information collected falls into the following categories.

1.1 Account information

When a person creates a Gazdura account, Gazdura collects:

• Email address— used as the primary account identifier. Authentication uses email-and-password or, where enabled, magic-link sign-in.
• Display name(optional) — a self-chosen name used to personalize the in-app experience. Defaults to “You” if not provided.
• Account creation timestamp.
• Invite code(where applicable) — short alphanumeric string identifying which invitation cohort the account belongs to (for example, founding-member or friends-and-family invite waves).

Gazdura does not collect government-issued identification, date of birth, last names of account holders, social-security numbers, or other formal identity attributes at account creation.

1.2 Loyalty-program portfolio information (self-reported)

If a person chooses to complete the onboarding flow, Gazdura collects information about the airline loyalty programs that person participates in. At the current Service stage, the only supported program is Alaska Atmos Rewards. Per-program, Gazdura collects:

• Program identifier— the name of the loyalty program (currently alaska_atmos).
• Status tier(optional) — a categorical value such as “Member (no status),” “Atmos Silver,” “Atmos Gold,” “Atmos Platinum,” or “Atmos Titanium.”
• Status points current(optional) — an integer representing the person’s current-cycle status-qualifying points.
• Tier expiry date(optional) — a date indicating when the person’s current status tier is scheduled to expire.
• Points balance(optional) — an integer representing the person’s current loyalty-program points balance.

All loyalty-program information is self-reported by the person. Gazdura does not connect to any airline account, does not access airline credentials, does not scrape airline websites, and does not receive any data feed from any airline or loyalty program. The person types each value into the onboarding flow or profile. See §3 for the load-bearing self-reported data disclaimer.

1.3 Credit-card portfolio information (self-reported, no card numbers)

If a person chooses to record airline-related credit cards in onboarding, Gazdura collects:

• Card template selection— a categorical value identifying which card the person holds, drawn from a fixed list (currently “Summit Visa Infinite,” “Ascent Visa Signature,” “Business Visa Signature”).
• Card anniversary date(optional) — a date used to project when card-anniversary benefits, certificates, or fee renewals are expected.

Gazdura does NOT collect card numbers, CVV codes, expiration dates, billing addresses, card-issuer login credentials, or any other payment-instrument data. Card-template selection is a categorical reference to a publicly identifiable product, not a payment instrument. The person volunteers it the same way the person volunteers a loyalty-program tier: by typing a self-reported categorical value.

Payment-instrument data for subscription billing is handled separately by Stripe and is described in §1.5.

1.4 Travel preferences and traveler entries (self-reported)

If a person chooses to complete the optional onboarding steps for travel preferences and traveler entries, Gazdura collects:

• Home airport— a three-character IATA code identifying the person’s preferred origin airport.
• Travel cabin preference(where collected) — a categorical preference such as economy, premium economy, business, or first.
• Party size and family-routing preferences (where collected) — integers and boolean preferences identifying typical traveling-party configurations.
• Traveler entries— for each traveler the person chooses to add: a self-chosen first name (1 to 50 characters), a categorical type (adult, child, or infant), and an optional sort order. Traveler entries are limited to a maximum of 8 per portfolio (including the primary traveler).

For child and infant traveler entries, Gazdura collects only a first name and a categorical type (and an optional age-bucket where the person chooses to provide one). Gazdura does not collect dates of birth, last names, government-issued identifiers, school information, photos, or any other information identifying the child beyond what the parent or guardian volunteers. See §9 for COPPA non-applicability rationale.

1.5 Subscription and billing information

If a person subscribes to Gazdura Gold or Gazdura Platinum, or starts the 14-day Platinum trial, Gazdura’s subscription system records:

• Subscription plan— categorical value such as free, free+platinum_trial, gold, gold+platinum_trial, or platinum.
• Plan-state timestamps— when the trial started, when the trial expires, when the subscription started, when the subscription ends.
• Stripe customer identifier— an opaque identifier issued by Stripe linking Gazdura’s record of the subscription to Stripe’s record of the underlying payment relationship.

Gazdura does NOT collect or store payment-instrument data. Card numbers, CVV codes, billing addresses, and bank-account information are entered directly into a Stripe Checkout page hosted by Stripe and are received and stored by Stripe as the payment-data controller. Gazdura receives only an opaque customer identifier and the subscription state from Stripe via webhook. See §6 sub-processor table for Stripe disclosure.

1.6 Behavioral usage information

When a person uses the Service, Gazdura’s analytics provider (PostHog — see §6) records pseudonymous events identifying which features the person used and when. Examples include onboarding_step_viewed, onboarding_step_completed, dashboard_viewed, trip_optimization_started, share_card_generated. Each event carries:

• Pseudonymous user identifier— Gazdura’s internal account UUID, never the person’s email address or display name.
• Event name and timestamp.
• Event properties— a structured payload describing the event in non-identifying terms. Example: for the points-balance onboarding event, Gazdura records a categorical balance bucket (<100K, 100K-500K, 500K-1M, 1M-5M, >5M) rather than the actual integer.

Personally identifying information (email address, display name, exact balance integer, anniversary date, traveler name) is never sent to PostHog as event properties. Application-layer property contracts enforce this discipline at the analytics emission layer.

The Do Not Track browser preference is respected for non-operational events.

1.7 Automatically collected technical information

When a person accesses gazdura.com, limited technical information is automatically logged by Gazdura’s hosting and infrastructure providers in the ordinary course of operating a web service. This includes:

• IP address (used for security, rate-limiting, abuse prevention, and aggregate traffic measurement; pseudonymized or short-TTL where retained for rate-limiting per §6 Upstash row).
• Browser type and version.
• Operating system.
• Pages viewed and the date and time of access.
• Referring URL (the site, if any, that linked the person to gazdura.com).

This information is logged for operational, security, and aggregate-traffic-measurement purposes only. Gazdura does not use third-party advertising trackers, behavioral-advertising pixels, or cross-site tracking tools.

1.8 What Gazdura does not collect

Gazdura does not collect, anywhere in the Service:

• Government-issued identification numbers (social-security, driver’s license, passport).
• Last names of account holders or of travelers entered into a portfolio (first name only for travelers; account holders are not asked for any name beyond an optional self-chosen display name).
• Dates of birth (children’s traveler entries use age-buckets only, where collected at all).
• Phone numbers (until and unless explicit opt-in for SMS-based alerts is offered, which is not present at this Service stage).
• Physical mailing addresses.
• Card-issuer login credentials, airline-account credentials, bank-account login credentials, or credentials for any third-party service.
• Card numbers, CVV codes, or other payment-instrument data (handled by Stripe, see §1.5).
• Biometric data (fingerprint, face, voice, gait).
• Health, medical, or genetic data.
• Precise geolocation. Home-airport selection is a categorical choice from a public airport list; it is not derived from device GPS or from the person’s IP.
• Photographs or images of any person.
• Children’s last names, schools, or other identifying attributes (see §9).

2. Why Gazdura collects this information

Gazdura collects the information enumerated in §1 only for the purposes described below. The general principle: every data class is collected because it directly enables a specific Service feature the person has requested. Gazdura does not collect data speculatively or for future undefined purposes.

2.1 To operate the person’s account and authenticate access

• Email address and password (or magic-link material) — to authenticate sign-in and protect the account.
• Account-creation timestamp and invite code — to administer cohort-based access and the founding-member program.

2.2 To run the optimizer the person came to Gazdura to use

• Loyalty-program identifier, status tier, status points, tier expiry date, points balance — to compute trip-optimization recommendations, status-tier projections, and earn-versus-burn analysis specific to the person’s portfolio.
• Credit-card template selection and anniversary date — to model card-anniversary benefits (annual companion fares, anniversary certificates, and similar) in the optimizer’s strategy output.
• Home airport and travel preferences — to pre-fill trip-form origin and to scope route-discovery features to airports the person actually flies from.
• Traveler entries — to allocate award-availability searches across the right number and type of travelers (a family of four returns different optimizations than a solo traveler).

2.3 To honor what the person has paid for

• Subscription plan and plan-state timestamps — to gate features that require Gazdura Gold or Gazdura Platinum, to start and end the 14-day Platinum trial correctly, and to display the right pricing and renewal copy.
• Stripe customer identifier — to reconcile subscription state with Stripe and to handle subscription-management actions the person initiates (upgrade, downgrade, cancel).

2.4 To send the person the alerts and communications they have opted into

• Email address (account context) — to send transactional messages (sign-up confirmations, magic-link sign-ins, password resets, billing receipts) and to send opt-in alerts (certificate-expiry warnings, points-balance staleness nudges, optimization completion notifications).
• Subscription state — to scope alert delivery (a person on Free does not receive alerts that depend on Gazdura Gold features the person has not subscribed to).

2.5 To process subscription payments

• Email address (in the form Stripe receives directly from the person on the Checkout page) — Stripe identifies the customer.
• Card details (in the form Stripe receives directly from the person on the Checkout page) — Stripe authorizes and captures the payment. Gazdura does not see, receive, or store this data.

2.6 To improve the Service through pseudonymous behavioral analytics

• Pseudonymous user identifier and event-level usage data — to measure feature adoption, identify drop-off points in onboarding, prioritize Service improvements, and surface bugs. Aggregate analytics inform product decisions; individual records do not drive personalized advertising and are never combined with third-party identifiers.

2.7 To prevent abuse and to keep the Service running

• IP address and rate-limit counters — to block credential-stuffing attempts, brute-force enumeration, and other abuse patterns at endpoints with sensitivity (sign-in, password reset, magic-link issuance, waitlist submission, transactional-message dispatch).
• Server logs — to diagnose Service outages, investigate security events, and maintain operational reliability.

2.8 What Gazdura does not do with this information

Gazdura does not:

• Sell, rent, share, or otherwise transfer information to any third party for marketing, advertising, or commercial gain.
• Use information for advertising, behavioral profiling, lookalike modeling, or audience-building.
• Provide information to data brokers, list-rental services, affiliate networks, or marketing co-ops.
• Use information to train any machine-learning model, including Gazdura’s own future AI-assistant features. (Aggregate, fully de-identified product-usage statistics may inform product decisions, but per-person records do not enter any model training pipeline.)
• Combine self-reported portfolio information with third-party data sources (credit bureaus, marketing databases, social-media graphs) to infer attributes the person did not provide.

Sub-processor model-training posture. Gazdura’s error-monitoring sub-processor (Sentry — see §6) discloses two AI/ML sub-processors of its own: Anthropic, PBC and OpenAI, L.L.C., per Sentry’s published Sub-processor list v2.2.0 dated 2026-03-05. Per Sentry’s published Service Data Usage policy, “By default, your data will not be used to train any generative AI models without your permission.” Gazdura’s contractual binding to Sentry under the executed Data Processing Addendum dated 2026-04-29 prohibits Sentry from authorizing any opt-in to identifying-data model training without Gazdura’s instruction. Gazdura has not opted in and will not opt in to any model-training authorization for identifying or aggregated-identifying user data without a separate Privacy Policy revision and notice to affected users.

Gazdura’s core operating principle is that the user is the customer, never the product. This principle governs every data-handling decision Gazdura makes, at every Service stage.

3. Self-reported data and the loyalty-program disclaimer

A load-bearing fact about how Gazdura works: all loyalty-program data, status-tier data, points-balance data, credit-card-template selections, and anniversary dates are volunteered by the person at the keyboard. Gazdura does not access any airline loyalty account, any card-issuer account, any bank account, or any third-party data source to populate or verify this information.

This means:

• Gazdura does not have an integration with Alaska Atmos Rewards or any other airline. Gazdura does not log into the person’s airline account, does not scrape the airline’s website, and does not receive a feed of the person’s points balance from the airline.
• Gazdura does not have an integration with any credit-card issuer. Card-template selection (for example, “Summit Visa Infinite”) is a categorical reference to a publicly identifiable product. Gazdura does not access the person’s credit-card account, does not receive the actual card number, and does not see card transactions.
• The person is the source and the subject of the data. When the person updates a points balance, the person is updating a record they themselves created and maintain. Gazdura provides the storage and the optimizer; the person provides the input.
• Accuracy is the person’s responsibility, with Gazdura’s support. Gazdura applies reasonable freshness signals (timestamps on every field, “last updated” indicators, monthly nudges to re-confirm a stale balance) so the person can keep the portfolio accurate, but Gazdura cannot independently verify that any value entered matches the person’s actual airline-account state.

This data-collection model is structurally similar to a person who keeps a spreadsheet of their loyalty programs at home, except that Gazdura’s spreadsheet is enriched by an optimizer that computes recommendations against the person’s stated portfolio. Gazdura does not extract data from the person’s third-party accounts; the person extracts the data themselves and types it in.

4. How Gazdura stores and retains information

4.1 Storage

Account, portfolio, traveler, and subscription data are stored in Supabase(a managed Postgres database service operating on AWS infrastructure) under Gazdura’s Supabase project. Supabase processes data in accordance with its own data-processing terms and applies industry-standard security controls (encryption in transit, encryption at rest, access controls, audit logging). Gazdura applies row-level security (RLS) on every table containing per-person data, so each authenticated person can only access their own records via the application.

Server-side application infrastructure is hosted on Netlify (Netlify, Inc.). Netlify logs operational data (request logs, error logs) in the ordinary course of operating the service.

Rate-limit counters and short-TTL keys for abuse prevention are stored in Upstash(Upstash, Inc.). Upstash’s data is short-TTL by design (typically minutes to hours) and contains pseudonymized IP hashes and rate-limit counters, not durable identifiers.

4.2 Retention windows

Gazdura retains information per the following windows, applying the shortest retention consistent with the purpose of the data. A person may at any time exercise the deletion right described in §8.

Gazdura applies the shortest retention window consistent with the purpose of the data.

4.3 Security

Gazdura applies reasonable administrative, technical, and physical safeguards designed to protect Service data from unauthorized access, disclosure, alteration, or destruction. These include:

• Encryption in transit (HTTPS/TLS) for all network traffic.
• Encryption at rest for all persistent data storage (Supabase, Stripe).
• Row-level security (RLS) on every database table containing per-person data, so the application cannot retrieve another person’s records under any circumstance.
• Access controls limiting database access to authorized operators.
• Routine review of access logs.
• Rate-limiting and abuse-prevention infrastructure on sensitive endpoints (sign-in, password reset, waitlist submission).

No security program is perfect; in the event of a data incident affecting Service data, Gazdura will notify affected persons and applicable regulators in accordance with applicable law.

5. Sharing with third parties

Gazdura does not sell, rent, share, or otherwise transfer information to any third party for marketing, advertising, or commercial purposes. This is a load-bearing posture, not a clause: Gazdura’s business model is subscription-based, and Gazdura’s revenue does not depend on monetizing user data.

The only third parties that receive information are the sub-processors listed in §6, which act only on Gazdura’s behalf to provide the infrastructure that runs the Service.

5.1 Compelled disclosure

Gazdura will disclose information when required by law, valid legal process (subpoena, court order), or to protect the rights, property, or safety of Gazdura, its users, or the public. Where lawful and consistent with the applicable order, Gazdura will notify affected persons before complying with a disclosure demand.

5.2 Business transfer

If Gazdura is involved in a merger, acquisition, asset sale, or similar transaction, information may be transferred to the acquiring entity as part of the business assets. In any such case, the acquiring entity will be bound by this Privacy Policy, or it will provide notice and an opportunity to opt out before any change in how the information is handled.

6. Sub-processors

Gazdura uses a small number of vendors to operate the Service. These vendors process limited data only to provide their services to Gazdura and are bound by their respective data-processing terms. Gazdura updates this list before introducing any new sub-processor that processes personal information.

Sub-processor changes take effect after notice in this policy.

7. Cookies and tracking

The Service uses only first-party operational cookies and pseudonymous analytics identifiers necessary for the basic functioning of the Service, the security of authenticated sessions, and (when enabled) pseudonymous behavioral analytics. Specifically:

Current production cookies (in effect today)

• Supabase Auth session cookies— set by Supabase Auth to maintain authenticated session state. Required for the Service to function for signed-in persons.
• First-party form/preference cookies— set by Gazdura to manage form-submission state and prevent duplicate waitlist signups.

Planned (when PostHog is enabled in production)

PostHog session identifier — not currently in effect.PostHog has not been added to the Gazdura runtime as of this policy’s effective date. When PostHog is enabled in production, this section will be updated before activation to disclose: (a) the exact storage mechanism (cookie versus localStorage), (b) the identifier name, (c) the lifetime, (d) Do Not Trackbehavior, and (e) whether the identifier is linked to the account UUID. Until that update is published, the Service does not set a PostHog identifier on any visitor’s browser.

The Service does not use:

• Third-party advertising cookies or pixels (no Meta Pixel, no Google Ads tags, no LinkedIn Insight Tag, no TikTok Pixel, no programmatic-advertising tags of any kind).
• Cross-site tracking technologies.
• Behavioral profiling tools intended to build advertising audiences.
• Marketing email open-tracking pixels in transactional or alert emails. (Where open-rate measurement is needed for product improvement, it is performed at the aggregate level via Resend’s deliverability dashboards and is not tied to per-person identifiers in Gazdura’s records.)

A person can opt out of all cookies by configuring the browser to block cookies; the practical consequence is that authentication will not persist across sessions and the duplicate-submission prevention will not function.

8. User rights

Persons interacting with the Service have the following rights as a US-resident baseline. State-specific rights may extend further; see “State-specific rights” below.

Gazdura responds to verified rights requests within forty-five (45) days, with a one-time forty-five (45) day extension where reasonably necessary, consistent with CCPA/CPRA and the four other active US comprehensive state privacy laws.

For waitlist-only persons, verification typically means responding from the email address on file. For authenticated-account persons, Gazdura may additionally require sign-in to the account from a known device or a similar verification step proportionate to the sensitivity of the request.

State-specific rights

The Service is offered to US residents only. Residents of states with active comprehensive privacy laws have, at a minimum, the rights described above. Specific state laws also confer the following:

• California residents (CCPA/CPRA, Cal. Civ. Code § 1798.100 et seq.): the right to know what personal information is collected, the right to delete, the right to correct, the right to opt out of “sale” or “sharing” (Gazdura does not sell or share personal information for cross-context behavioral advertising), the right to limit use of sensitive personal information (Gazdura does not collect sensitive personal information of the categories statutorily defined as triggering a limit-use right), and the right to non-discrimination for exercising these rights.
• Virginia residents (VCDPA, Va. Code § 59.1-575 et seq.): the rights of access, correction, deletion, portability, and the right to opt out of targeted advertising, sale, and certain profiling. Gazdura does not engage in any of those activities.
• Colorado residents (CPA, C.R.S. § 6-1-1301 et seq.): the rights of access, correction, deletion, portability, and the right to opt out of targeted advertising, sale, and profiling. Gazdura does not engage in any of those activities.
• Connecticut residents (CTDPA, Conn. Public Act 22-15): the rights of access, correction, deletion, portability, and the right to opt out of targeted advertising, sale, and profiling. Gazdura does not engage in any of those activities.
• Utah residents (UCPA, Utah Code § 13-61-101 et seq.): the rights of access, deletion, portability, and the right to opt out of targeted advertising and sale. (Utah’s UCPA does not include a correction right, but Gazdura honors correction requests as a baseline policy regardless of state of residence.)

Other states have enacted comprehensive privacy laws that have taken effect or will take effect after the effective date of this policy (Texas, Oregon, Montana, Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Kentucky, Maryland, Minnesota, Rhode Island, and others). Gazdura’s baseline rights commitments above are designed to be portable across state lines; specific state-by-state tailoring will be added in a future Privacy Policy revision as those laws’ effective dates and scope thresholds become applicable to Gazdura.

9. Children’s privacy

The Service is not directed to children and is not designed to be used by children. Account holders must be of legal age to enter into a binding agreement under the law of the state in which they reside, as further described in the Terms of Service.

9.1 Account holders

Gazdura does not knowingly create accounts for children under the age of 13 in violation of the Children’s Online Privacy Protection Act (COPPA, 15 U.S.C. §§ 6501–6506). The Service is adult-directed, presented as a financial-and-travel-planning tool for adult travelers managing loyalty-program portfolios. If Gazdura becomes aware that a child under 13 has created an account, Gazdura will delete the account and associated information promptly. Parents or guardians who believe a child under 13 has created an account may contact Gazdura at ops@gazdura.com to request deletion.

9.2 Child travelers entered by an adult account holder

The Service allows an adult account holder to enter travelers into a household portfolio for the purpose of optimizing trips that include those travelers. For child or infant travelers, Gazdura collects only a self-chosen first name and a categorical type (child or infant), plus an optional age-bucket where the parent chooses to provide one. Gazdura does not collect last names, dates of birth, government-issued identifiers, school information, photographs, or any other identifying attribute of a child traveler.

This collection model is not subject to COPPA’s online-services regime for the following reasons:

• The Service is adult-directed; the data subject (the child) is not the user. The user is the adult parent or guardian who has consented to the Service on their own behalf and who is volunteering categorical descriptive data about a household member to receive a household-level optimization.
• The categorical descriptive data Gazdura collects (first name, child / infant category, optional age-bucket) is the minimum necessary to perform the household-optimization purpose for which the parent volunteered it (a family of four optimizes differently than a solo traveler; a child without award-pricing-equivalent ages requires different award-availability assumptions).
• No persistent identifier of a child is collected. No behavioral profile of a child is built. No advertising or marketing content is directed at the child. The child does not have an account or credentials.

If Gazdura’s product roadmap evolves to introduce features that would expose a child to online services in their own right (a child-facing UX, a child-account, third-party content directed at children), that evolution will be re-evaluated against COPPA’s full regime before any such feature ships, and this Privacy Policy will be revised accordingly.

9.3 Parents and guardians

Parents or guardians who believe a child’s information has been entered into the Service in a manner inconsistent with §9.1 or §9.2 above may contact Gazdura at ops@gazdura.com. Gazdura will respond promptly and, where appropriate, delete the information.

10. Pre-launch waitlist (separate scope)

The pre-launch waitlist program operates in parallel with the live Service. The data classes, retention windows, and processing context for the waitlist differ from the post-onboarding Service and are summarized here for clarity.

The waitlist collects only an email address, submitted voluntarily through the waitlist form on gazdura.com, plus first-party operational cookies (session, duplicate-submission preference) and limited automatically collected technical information (per §1.7).

Waitlist email addresses are used solely to notify the person when the Gazdura product launches and to provide periodic build updates if the person opts in. Waitlist email addresses are not used for advertising, behavioral profiling, list-rental, training of any model, or any other purpose. Waitlist email addresses are retained until one of the following occurs, whichever is earlier: (a) the person exercises the right to deletion, (b) thirty (30) days after the person unsubscribes, (c) two (2) years after collection if the product has not launched and the person has not interacted with the waitlist, or (d) closure or wind-down of the waitlist program (in which case all waitlist data is deleted within ninety (90) days of program closure).

All other terms of this Privacy Policy (sub-processors, security, user rights, children’s privacy, contact) apply to the waitlist program on the same basis as to the live Service.

11. Changes to this policy

Gazdura may update this Privacy Policy from time to time. When Gazdura makes material changes, Gazdura will:

• Update the “Effective date” at the top of this policy;
• Notify account holders and waitlist members by email at least seven (7) days before the changes take effect, where the changes materially expand how Gazdura uses or shares information, or otherwise materially alter the rights or obligations of the parties;
• Post the prior version’s archive at gazdura.com/privacy/archive (or a reasonable equivalent) so the change history is auditable.

Continued use of the Service after the effective date of an updated policy constitutes acceptance of the updated terms.

12. Contact

For privacy questions, rights requests, or any other matter related to this policy:

Email: privacy@gazdura.com (preferred for privacy-specific matters); ops@gazdura.com (general operations and rights requests)

Entity: Lunar Wave LLC, a Washington limited liability company doing business as Gazdura, UBI 604-248-430.

Document status

This policy is a working draft prepared by Gazdura’s internal legal-coordination workstream and is not a substitute for licensed legal counsel. Cowork second-pair-of-eyes review completed 2026-05-04 (CLEAR_WITH_CHANGES); must-fix patches applied as v1.2.1. Full publication remains conditional on F-5 publication-day Sentry citation re-verify.