Risk Management

Last updated: 10 May 2026

The short version: Moodz is a small team committed to doing safe, careful work. This page explains how we handle bug reports, safety concerns, security incidents, updates, and content concerns. The single contact for all of it is contact@moodz.xyz.

1. Reporting an Issue

One inbox handles everything: contact@moodz.xyz. We aim to acknowledge every message within 2 working days and respond substantively within 7. Urgent safety or security issues are prioritised.

Issue type	Who handles it	Target response
Bug report (app or website)	Frank (development lead)	2 working days to acknowledge; fix shipped in next release cycle
Safety or wellbeing concern	Frank and Charlotte (founders)	Same working day where possible
Security incident or vulnerability	Frank	Same day. See section 3.
Content concern (illustration, copy, character)	Charlotte (creative lead)	2–5 working days
Privacy or data request	Frank (data controller)	7 days to respond, 30 to fulfil — see Privacy Policy

2. Bug Reports

If something doesn't work as expected:

Email contact@moodz.xyz with a brief description of what went wrong.
If you can, include: which device (e.g. iPhone 14 Pro), which OS version (e.g. iOS 18.2), what you were doing, what you expected to happen, and what happened instead. A screenshot or screen recording is gold.
We will reply with either a workaround, an estimated fix timeline, or a request for more information.

We do not maintain a public bug tracker. We do read every message.

3. Security Incidents

If you have discovered a security vulnerability — a bug that could let someone access data, bypass authentication, perform unauthorised actions, or otherwise compromise users — please do not publish it. Email contact@moodz.xyz with "SECURITY" in the subject line and we will respond the same working day.

We commit to:

Acknowledging your report within 24 hours, 7 days a week.
Investigating promptly and keeping you informed of progress.
Fixing confirmed issues as quickly as the severity warrants. Critical issues (data exposure, authentication bypass) are patched within 72 hours; lower-severity issues within the next planned release.
Crediting you, with your permission, when we publish a fix — unless you prefer to remain anonymous.
Not pursuing legal action against good-faith researchers who follow responsible disclosure.

Breach notification

If a security incident affects users' personal data, we will notify the UK Information Commissioner's Office within 72 hours of becoming aware (as required by UK GDPR Article 33) and notify affected users without undue delay (Article 34) if there is a high risk to their rights and freedoms. In practice, given how little data we hold, the population most likely to be affected is newsletter subscribers and Mood Map participants — and we have direct email contact with the former.

4. Safety and Wellbeing Concerns

Moodz is intended to be a kind, low-stakes way to track and reflect on emotions. If something in the app is not landing that way for you — copy that feels invalidating, illustrations that feel wrong, mechanics that nudge unhealthy behaviour — please tell us. We will read it and act, even when it means changing something we've shipped.

Our Safety & Disclaimer page has fuller information on what Moodz is, what it isn't, and where to seek help in a crisis.

5. Content Concerns

If a Moodz character, illustration, blog post, comic, or piece of copy raises a concern — for example, that it might trivialise a mental health experience, stigmatise a group, or misrepresent a condition — please email contact@moodz.xyz with the specific page, screen, or character and a short note about your concern.

Charlotte (creative lead) will review every concern. We don't promise to make every change requested, but we promise to read carefully, respond, and explain our reasoning either way. Where we agree, we update — including pulling content from circulation if necessary.

6. Update Cycle

We aim to ship app updates roughly every 2–4 weeks during active development, with a slower cadence once the product is mature. Critical fixes (security, crash bugs, data integrity) are released as soon as they're ready, outside the normal cycle.

Every release is tested on real devices before submission. Significant changes — new data processing, new third-party services, changes to subscription pricing — are flagged in-app and on this website's privacy or terms pages with a "last updated" date.

We support the current and previous major iOS and Android versions. Older versions may continue to work but may not receive new features or fixes.

7. Discontinuation

If Moodz is ever discontinued or sold, we will:

Give notice on this website and via the newsletter at least 30 days in advance.
Provide an export tool so users can take their on-device data with them.
Refund any unused portion of paid annual subscriptions.
If sold, ensure the acquirer either accepts these terms or provides equivalent guarantees.

8. Limits of This Process

We are a two-person team based in Portsmouth, UK. Our response times are best-effort and we may be slower during weekends, public holidays, or holidays. For anything time-critical to your safety, please don't wait for us — see the crisis resources on our Safety page.

9. Contact

One inbox, one promise to read every message:

Email: contact@moodz.xyz
Website: moodz.xyz