Moodivation Privacy Policy
How we collect, use, and protect your information.
By using Moodivation’s mobile app, website(s), and related services (the “Service”), you agree to this Privacy Policy and our Terms of Service.
1) Who We Are & Scope
Moodivation provides wellness/productivity tools such as mood check-ins and activity suggestions. This Policy applies to information we collect through our app and website(s), including account creation, app usage, and customer support.
2) What We Collect
A. Information You Provide
- Account details: email address; optional first/last name; authentication identifiers from Apple/Google sign-in (we do not receive your password from Apple/Google).
- App content: mood check-ins, activities, notes, and settings you create, plus related timestamps and metadata.
- Support: messages and contact details when you reach out (e.g., email).
B. Information Collected Automatically
- Device & app: device model, OS version, app version/build, language, time zone, push token (if you opt in).
- Usage/diagnostics: in-app actions (e.g., opening screens, taps), feature usage counts, performance metrics, crash logs, and timestamps. Crash/diagnostic reports may include device details (model, OS/app version), event timestamps, and limited network metadata captured in server logs at time of the event.
- Network: IP address and approximate location (country/region) derived from IP for security, abuse prevention, and rate limiting.
C. Purchases & Subscriptions
Store data (Apple App Store / Google Play): purchase identifiers, product IDs, country/currency, subscription status (active, canceled, trial), renewal dates. We do not receive or store full payment card numbers. If we use a subscription SDK (e.g., Qonversion or RevenueCat), we receive subscription/entitlement status from that provider.
D. Cookies & Website Data
On our website, we may use cookies or similar technologies for essential functionality, analytics, and security (e.g., CDN caching). You can control cookies through your browser. We do not use third‑party advertising cookies.
We do not intentionally collect sensitive medical records and do not use HealthKit/Google Fit. Mood check-ins are general well-being signals that you choose to provide.
3) How We Use Information
- Provide, operate, and maintain the Service;
- Personalize suggestions and track progress you choose to record;
- Sync your content across devices and keep your account secure;
- Process subscriptions, verify entitlements, and send purchase confirmations;
- Send transactional messages (e.g., account or security notices); we do not send marketing emails without consent;
- Monitor performance, fix bugs, and improve features;
- Enforce Terms, prevent abuse/fraud, and comply with legal obligations.
Where required, we obtain your consent (e.g., push notifications, certain analytics categories, or marketing communications). All data is encrypted in transit (HTTPS/TLS).
4) Legal Bases (EEA/UK)
- Contract: to provide the Service you request;
- Legitimate Interests: to secure and improve the Service (e.g., diagnostics, anti-fraud) without overriding your rights;
- Consent: where required (e.g., push notifications, certain analytics/communications);
- Legal Obligation: to meet tax, accounting, or law-enforcement requirements.
EEA/UK Data Controller & Rights
Controller: Moodivation (legal owner/operator). Contact: support@moodivation.app.
Your rights (EEA/UK): access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (where processing is based on consent). You also have the right to lodge a complaint with your local supervisory authority. If we begin systematically offering services in the EEA/UK without an establishment there, we will appoint and list a local representative for GDPR/UK GDPR Art. 27 inquiries.
5) Sharing & Disclosures
We do not sell your personal information. We share it only as needed to run the Service:
- Hosting & Database: Supabase (auth, database, storage)
- Networking/CDN/Edge: Cloudflare (DNS/CDN; may proxy API traffic)
- Rate Limiting: Upstash
- Subscriptions: Apple App Store / Google Play; and, if used, Qonversion or RevenueCat for purchase verification/entitlements
- Crash & Diagnostics: platform tools and/or error reporting (e.g., Sentry)
- Email: UsePlunk (transactional email)
- Legal & Safety: to comply with law, lawful requests, or to protect rights, safety, or security
- Business Transfers: as part of a merger, acquisition, financing, or sale of assets (with required notices)
We do not use third-party advertising networks that track you across other companies’ apps/websites, and we configure providers not to use your data for their own advertising/profiling to the extent settings allow.
6) Data Retention
- Account & content: retained while your account is active. If you delete your account, we delete or anonymize personal information unless retention is required (e.g., fraud prevention, tax/accounting).
- Logs/diagnostics: typically kept 30–90 days unless needed to investigate issues.
- Purchases: subscription/order records retained as required by tax/accounting laws (often 6–7 years, by jurisdiction).
- Backups: encrypted backups are overwritten on their normal cycle (typically ~35 days).
7) Your Rights & Choices
- In-app: update profile details, manage notifications, export data (if provided), and delete your account.
- Email support@moodivation.app to exercise rights we do not expose in-app; we may ask you to verify your identity.
- California (CCPA/CPRA): rights to know, delete, correct, and opt out of certain sharing/sale. We do not sell or share personal information for cross-context behavioral advertising.
8) International Transfers
We may process information in countries outside your own (e.g., Canada, the United States, or the EU), where our providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses and ensure providers implement adequate security.
9) Security
We use administrative, technical, and organizational measures to protect information (e.g., encryption in transit, role-based access, rate limiting, and monitoring). No method of transmission or storage is 100% secure. You are responsible for safeguarding your account credentials and device.
10) Children’s Privacy
The Service is intended for individuals 13+ (or the age of digital consent in your region). We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it and take steps to close the account.
11) Data Deletion & Account Closure
- In-app: Settings → Account → Delete Account (initiates deletion or anonymization of personal data associated with your account, subject to legal retention obligations).
- Web: If you do not have app access, visit moodivation.app/account-delete to request deletion.
- You may also email support@moodivation.app from the email associated with your account.
Deletion timeline
When you request deletion, we permanently delete your account and personal data within 30 days. Legal/anti-fraud or tax/accounting records may be retained as required by law. Encrypted backups are overwritten on their normal cycle (typically ~35 days).
12) Changes to This Policy
We may update this Policy from time to time. Material changes will be notified in-app and/or by email. The “Last Updated” date above reflects the latest version. Where required, we will seek your consent to material changes.
13) Contact Us
Questions, concerns, or requests? Email support@moodivation.app.
In-App Privacy Summary (for store review & onboarding)
- We collect account info (email, optional name), app content you choose to enter (mood check-ins, activities), and device/usage diagnostics to improve reliability and personalize suggestions.
- Payments are handled by Apple/Google; we receive subscription status and product IDs, not full card numbers.
- Data is used to provide the Service, secure accounts, process subscriptions, and improve features.
- We do not sell your data or use third-party ad tracking.
- You can delete your account in the app or via our web deletion page.
- See the full Privacy Policy at moodivation.app/legal/privacy-policy.
Appendix A — App Store Privacy (summary)
| Data Type | Examples | Linked to You | Purpose(s) |
|---|---|---|---|
| Contact Info | Yes | Account, Support | |
| Identifiers | User ID, Push Token | Yes | Functionality, Notifications |
| Purchases | Product ID, Status | Yes | Subscriptions |
| Usage Data | Screen views, taps | Yes | Analytics, Reliability |
| Diagnostics | Crash logs | Likely Yes* | Diagnostics |
Tracking: We do not use data for tracking across other companies’ apps or websites.
Diagnostics linkage note: If our crash tool includes a user or device identifier, Diagnostics should be marked “Linked to You” in App Store Connect; otherwise “Not Linked.”
Appendix B — Google Play Data Safety (summary)
| Category | Collected | Shared | Purpose | Retention |
|---|---|---|---|---|
| Personal info (email, name) | Yes | Service providers | Account, Support | Life of account; deletion on request |
| App activity (interactions) | Yes | Service providers | Analytics, Reliability | 30–90 days (aggregations may persist) |
| Device/other IDs (user ID, push token) | Yes | Service providers | Functionality, Notifications | Life of account |
| Diagnostics (crash/perf) | Yes | Service providers | Reliability | 30–90 days |
| Purchases | Yes | Apple/Google billing; entitlements SDK (if used) | Subscriptions | Per tax/accounting laws |
| Location (approximate from IP) | Yes | No (beyond processors) | Security, Abuse-prevention | Short-term logs |
Security practices: Data encrypted in transit; deletion available in-app and via web. Age group: Not child-directed (13+).
- Encryption: All data is encrypted in transit (TLS).
- Deletion available: Yes — in-app and via web.
- Optional data: Push token (only if you opt in to notifications).
- Ephemeral processing: Approximate location from IP is used for security/abuse-prevention and kept only in short-term logs.