Moodz Privacy Policy

Last updated: 10 May 2026

The short version: Your mood data stays on your device. We never collect, sell, or share it. The only things we receive are anonymous, aggregated usage statistics (so we know which features people use) and your subscription status from Apple or Google (so we know whether to unlock Pro features). We have no ability to read your moods, journal entries, or anything you write.

1. Who We Are

Moodz is a character-driven emotional wellness brand based in Portsmouth, United Kingdom. The Moodz app is published by Moodz. The data controller for any personal data described in this policy is Moodz, contactable at contact@moodz.xyz.

This policy covers both the Moodz mobile app (iOS and Android) and the moodz.xyz website. It applies in addition to the Apple App Store and Google Play Store privacy practices for app distribution.

2. The Data We Process — and Why

We process the minimum data required to operate the app. Every purpose is listed below, with the lawful basis under UK GDPR and what you can do to opt out.

Purpose	What's processed	Lawful basis	Opt-out
Mood tracking	Mood entries, journal notes, level progress, streak data, app preferences. Stored only on your device.	Not processed by us — we never receive this data.	Don't use the feature, or delete the app to wipe it.
Subscription management	Anonymous device identifier, subscription status (active / lapsed / refunded). Processed by RevenueCat on our behalf.	Performance of contract (UK GDPR Art. 6(1)(b)) — needed to deliver Pro features you've paid for.	Don't subscribe to Pro. The free tier requires no data processing.
Anonymous analytics	Which screens are opened, how long sessions last, app version, generic device type. No identifiers, no IP storage, no cross-session tracking. Processed by TelemetryDeck.	Legitimate interests (UK GDPR Art. 6(1)(f)) — to understand which features are used and prioritise development.	Settings → Privacy → toggle "Help improve Moodz" off. Default is off — you opt in, not out.
Newsletter signup	Email address only. Stored in our Supabase database.	Consent (UK GDPR Art. 6(1)(a)) — you give it by typing your email and submitting the form.	Email contact@moodz.xyz with "unsubscribe" — we'll remove you within 7 days. Or click the unsubscribe link in any email we send.
UK Mood Map voting	Your selected mood and city. We store a one-way hash of (your IP + the day's date + a server-side secret) to prevent multiple votes per day per device. Raw IPs are not stored.	Legitimate interests (UK GDPR Art. 6(1)(f)) — to provide a fair, abuse-resistant aggregate view of UK mood.	Don't vote. The map is browsable without participating.
Bot prevention (Cloudflare Turnstile)	Cloudflare runs an invisible challenge in your browser. Cloudflare may receive technical signals (browser type, screen size, mouse/touch behaviour) for the duration of the challenge.	Legitimate interests (UK GDPR Art. 6(1)(f)) — to prevent vote spam and abuse.	Voting requires this. Browsing the map and using the app does not.

3. What We Never Do

We do not share your data with Google, Google Fit, Apple Health, Facebook, Meta, X, TikTok, Instagram, LinkedIn, or any social platform. There is no advertising SDK in the app. There are no analytics SDKs from Google, Meta, or any ad-network. There is no tracking pixel anywhere on this website.

We do not profile you. We don't build behavioural profiles, infer your mental health condition, or use your data to target advertising — anywhere, ever.

We do not sell your data. We have never sold data. We will not sell data. If Moodz is acquired, the acquirer will be bound by these terms or required to provide an equivalent or stronger privacy guarantee.

We do not have access to your mood entries or journal notes. They live on your device. Even if we wanted to read them, we cannot — there is no server-side copy.

4. On-Device Data

The following data is stored only on your device, in the app's secure local storage:

Mood entries and timestamps
Journal notes
Tracking factors (sleep, activity, weather, etc., if you log them)
App preferences (theme, notification settings, PIN)
Level progress, coin balance, unlocked badges, themes, and hoodies
Streak data
Notification schedule

If you set a PIN, it's stored only on your device. We can't access or recover it. Biometric authentication (Face ID / Touch ID) goes through your device's secure enclave — we never see your biometric data.

If you delete the app, all of this is permanently deleted. We hold no cloud backup.

5. Third-Party Services — What They Receive and Why

We use four third-party services. Each is listed below with the exact data they receive, the reason, and a link to their own privacy policy.

5.1 RevenueCat (subscription management)

What they receive: An anonymous user identifier we generate (UUID, no link to you), your transaction receipt from Apple or Google, and your subscription status.

What they do not receive: Your name, email, payment card details, mood data, journal entries, IP address as a stored field, or any analytics about how you use the app.

Why: So we can verify whether you've paid for Pro and unlock those features. Without a third-party verification layer, we'd have to build subscription server infrastructure ourselves — which would be less secure and harder to audit.

Their policy: revenuecat.com/privacy

5.2 TelemetryDeck (anonymous analytics)

What they receive: Anonymous, aggregated events such as "user opened Insights screen" or "session lasted 4 minutes". Events include app version and a generic device type ("iPhone", "iPad", "Android phone"). The user identifier sent is hashed with rotating salts so the same user appears as a different ID across days — there is no persistent profile.

What they do not receive: Your moods, journal entries, location, name, email, IP address, advertising ID, or anything else that could identify you.

Why: So we know which features people actually use. This drives our development roadmap.

Opt-out: Settings → Privacy → "Help improve Moodz" can be turned off entirely. Default is off.

Their policy: telemetrydeck.com/privacy

5.3 Supabase (newsletter and Mood Map only — never app data)

What they receive: Newsletter email addresses you give us, and the Mood Map vote records (city, selected mood, hashed IP-per-day token). Hosted in EU (Frankfurt).

What they do not receive: Anything from inside the app. No moods, no journal entries, no app behaviour.

Why: A reliable, EU-hosted database for the two website-only features that need a server.

Their policy: supabase.com/privacy

5.4 Cloudflare (Mood Map bot protection only)

What they receive: Browser fingerprint signals (Turnstile challenge data) at the moment you submit a Mood Map vote. Cloudflare does not see anything else.

Why: Without bot protection, the public Mood Map would be flooded with fake votes within hours.

Their policy: cloudflare.com/privacypolicy

6. Website Data Collection

The moodz.xyz website is mostly static. We collect the following:

Newsletter signup — email only, stored in Supabase, used to send the monthly Britain Mood Report and occasional product updates. Unsubscribe at any time.
Mood Map participation — covered above. Browsing the map collects nothing; voting collects only the vote and the daily anti-duplicate token.
Standard server logs — Netlify (our host) keeps short-lived access logs (timestamp, request URL, IP, browser type) for security and abuse-prevention purposes. Logs auto-expire within 30 days. We do not analyse these for marketing.

We do not use cookies for tracking. The site sets only essential local storage entries needed for the Mood Map (your daily vote record, theme preference). Nothing is shared with third parties from these.

7. Third-Party Links

Our website and app may link to third-party websites (e.g. our Instagram, the App Store, NHS resources, charity partners). When you follow such a link, you leave Moodz and the destination's own privacy policy applies. We have no control over how external sites process your data and accept no responsibility for them. We recommend you read the privacy policy of any external site before submitting personal data to it.

8. Children's Privacy

Moodz is rated 4+ in the App Store and PEGI 3 on Google Play, which means content is suitable for all ages. Because we collect no personal information from anyone, we collect none from children. We do not knowingly process personal data of children under 13 in the UK or 16 in EU jurisdictions where that's the relevant age. If you believe a child has interacted with us in a way that involves personal data, contact us and we'll act swiftly.

9. Your Rights (UK GDPR / EU GDPR)

You have the right to:

Access any personal data we hold on you. For most users, this is "none" — but if you're on the newsletter or have voted on the Mood Map, you can ask what we have.
Rectify data that's incorrect.
Erase data ("right to be forgotten"). For app data, delete the app. For newsletter, ask us to remove your email. For Mood Map, your individual vote can't be located after the daily hash rotates, but we can confirm none is held against you.
Object to processing based on legitimate interests (analytics, Mood Map). For analytics, the in-app toggle handles this. For Mood Map, opting out means not voting.
Withdraw consent at any time where consent is the basis (newsletter).
Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local data protection authority.

To exercise any of these rights, email contact@moodz.xyz. We aim to respond within 7 days and complete requests within 30.

10. Data Retention

App data: Held on your device until you delete it.
Newsletter: Held until you unsubscribe.
Mood Map votes: Individual votes are aggregated nightly. The hashed daily anti-duplicate token rotates every 24 hours. After aggregation, no record of an individual vote remains; only the regional totals do.
Contact emails: Held only as long as needed to respond to you.
Server logs: 30 days, then auto-deleted by Netlify.

11. Security

App data is stored in your device's encrypted local storage. Newsletter and Mood Map data are held in an encrypted-at-rest Supabase database in the EU. Communication between app, website, and our servers uses HTTPS (TLS 1.2 or higher). We have no payment infrastructure to breach — Apple and Google handle payments, and we never see card details.

If we ever experience a breach affecting personal data, we will notify the UK ICO within 72 hours as required by law and notify affected users without undue delay.

12. International Transfers

Newsletter and Mood Map data are stored in the EU (Frankfurt). RevenueCat and TelemetryDeck are based in the United States and operate under standard contractual clauses approved by the European Commission for data transfers from the UK and EU to the US.

13. Changes to This Policy

We may update this policy as the product and applicable laws evolve. We'll update the "last updated" date at the top of this page when we do. Significant changes (new third-party services, new data categories) will also be flagged in-app and via newsletter, where you've signed up for one.

14. Contact

Questions, requests, or concerns:

Email: contact@moodz.xyz
Postal: Moodz, Portsmouth, United Kingdom (full address available on request)
Website: moodz.xyz