1. Introduction
Moodi Widget ("Moodi," "we," "us," or "our") provides this Privacy Policy to explain how we collect, use, store, share, and protect information about you when you use the Moodi Widget mobile application and related services (collectively, the "Service").
By downloading, installing, or using the App, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, do not download, install, or use the App.
2. Information We Collect
2.1 Information You Provide Directly
- Phone Number: Collected to verify your identity via SMS one-time password (OTP). Your phone number is hashed using HMAC-SHA256 before storage on our servers. We do not store your phone number in plaintext on any of our servers at any time.
- Display Name: A name you choose, visible to members of the groups you join or create.
- Mood Selections: The mood state you select (one of: Happy, Sad, Excited, Chill, Tired, or Angry) and the timestamp of each selection.
- Group Information: Names and types of groups (Couple, BFF, or Family) you create or join, and group membership.
- Heart Interactions: In Couple groups, a cumulative heart counter that both members contribute to.
2.2 Information Collected Automatically
- Push Notification Token (APNs Token): Your device's Apple Push Notification service (APNs) token, used solely to deliver mood update and group invitation notifications to your device. This token is stored encrypted on your device's Keychain and in our database; it is never used for advertising purposes and is never shared with advertising networks.
- Authentication Session Tokens: JWT (JSON Web Token) session credentials stored encrypted on your device. These expire after 7 days and are refreshed when you open the App.
- Service Operation Logs: Basic server-side logs (including IP address, request timestamps, and error information) used to maintain service security and diagnose technical issues. We do not use third-party analytics SDKs.
2.3 Information From Your Device Contacts (Optional)
If you grant permission, the App reads phone numbers from your device's contacts to identify which of your contacts already use Moodi, so you can invite them to a group. This process works as follows:
- Phone numbers from your contacts are hashed on our servers using HMAC-SHA256 before any comparison. Plaintext phone numbers are never transmitted to our servers.
- Contact names are never transmitted to our servers. They remain on your device only, stored locally in an encrypted cache to display names in invitation cards.
- We return only matched user identifiers (not phone numbers) to your device so you can see which contacts are on Moodi.
- Contact matching is rate-limited and subject to batch size restrictions to prevent abuse.
- You may revoke contacts permission at any time in Settings → Privacy & Security → Contacts on your device. Revoking permission will not affect your ability to use the core app features.
2.4 Information We Do NOT Collect
- Location data (GPS, IP-based, or otherwise)
- Photos, videos, or images
- Biometric data of any kind (facial geometry, fingerprints, voice prints, retina or iris scans)
- Advertising identifiers (IDFA, GAID, or similar)
- Data from third-party advertising or analytics SDKs (we use none)
- Contact names on our servers (only hashed phone numbers are used for matching)
- Precise device sensors (microphone, camera, accelerometer, gyroscope)
- Health or fitness data
- iMessage content or SMS content
3. How We Use Your Information
We use your information only for the purposes described below. We do not use your information for targeted advertising, user profiling, or any purpose beyond operating the Service.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Authentication & session management | Hashed phone number, Firebase UID, JWT | Contractual necessity (Art. 6(1)(b)) |
| Displaying moods to group members | Mood selections, timestamps, display name | Contractual necessity (Art. 6(1)(b)) |
| Group management & invitations | Group data, membership, invitation status | Contractual necessity (Art. 6(1)(b)) |
| Push notifications (mood updates, invites) | APNs push token | Consent (Art. 6(1)(a)); Contractual necessity |
| Friend/contact discovery | Hashed contact phone numbers | Consent (Art. 6(1)(a)) — requires your permission |
| Service security & error monitoring | Server logs, IP addresses | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance | Minimum necessary data | Legal obligation (Art. 6(1)(c)) |
4. How We Share Your Information
4.1 With Other Users
When you join or create a group, the following information is visible to other members of that group:
- Your display name
- Your current mood and the time it was set
- Your participation in the shared group
- Your cumulative heart count (Couple groups only)
Your phone number is never shared with other users.
4.2 With Service Providers (Third-Party Processors)
We share data with the following service providers solely as necessary to operate the Service. Each is bound by data processing agreements and is prohibited from using your data for their own commercial purposes.
| Provider | Data Shared | Purpose | Privacy Policy |
|---|---|---|---|
| Google Firebase (Firebase Authentication) | Phone number (for SMS OTP), Firebase UID, device push token (for verification) | Phone number verification via SMS one-time password | Google Privacy Policy |
| Supabase, Inc. | Display name, user ID, hashed phone, mood data, group data, APNs token, invitation data | Database storage, backend API functions, server-side contact hashing | Supabase Privacy Policy |
| Apple (APNs) | Device push token | Delivering mood update and invitation push notifications | Apple Privacy Policy |
| Apple (App Store / StoreKit) | Purchase receipts, subscription status | Processing and verifying in-app subscriptions | Apple Privacy Policy |
4.3 We Do Not Sell Your Data
We do not sell, rent, lease, or otherwise disclose your personal information to third parties for monetary or other valuable consideration. We do not share your data with advertising networks, data brokers, or marketing platforms.
4.4 Legal Requirements
We may disclose your information if required by law, court order, subpoena, or other governmental or legal authority, or if we believe in good faith that disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Moodi; (c) prevent or investigate possible wrongdoing in connection with the Service; or (d) protect the personal safety of users of the Service or the public.
4.5 Business Transfers
If Moodi is involved in a merger, acquisition, asset sale, bankruptcy, or reorganization, your information may be transferred as part of that transaction. We will provide notice via in-app notification or email before your information becomes subject to a different privacy policy, and you will have the opportunity to delete your account.
5. Data Retention
We retain your personal data only as long as necessary to provide the Service and fulfill the purposes described in this Policy, subject to our legal obligations.
| Data Type | Retention Period |
|---|---|
| Account information (display name, hashed phone, user ID) | Duration of account + 30 days after account deletion |
| Mood data (selections, timestamps) | Duration of account + 30 days after account deletion |
| Group and invitation data | Duration of account + 30 days after account deletion |
| Push notification tokens (APNs) | Deleted within 7 days of account deletion or push notification opt-out |
| Server request logs (IP addresses) | 90 days |
| Application error logs | 12 months |
When you request account deletion, we will delete or anonymize your personal data within 30 days, except where we are required by applicable law to retain certain information for a longer period (e.g., transaction records for tax purposes).
6. Biometric Data — Illinois BIPA Disclosure
We do not collect, capture, purchase, receive through trade, or otherwise obtain biometric identifiers or biometric information, as defined under the Illinois Biometric Information Privacy Act (740 ILCS 14/), or any analogous state or federal law.
Specifically, we do not collect or process:
- Facial geometry or facial recognition data
- Fingerprint data
- Voice prints
- Retina or iris scans
- Any scan of hand or face geometry
The Service does not require or use camera access. No photos or images are uploaded through the Service. We do not employ any machine learning models for biometric analysis. If we ever introduce features that could involve biometric data, we will obtain your explicit written consent and publish a compliant biometric data policy before any collection begins.
7. Push Notifications
We send silent push notifications to your device when: (a) a member of your group updates their mood; or (b) you are invited to join a group. These are silent notifications — they contain no user-visible text or sound. They signal your device and widget to fetch the latest mood data from our servers.
We do not send marketing, promotional, or advertising push notifications.
You may revoke push notification permission at any time via Settings → Notifications → Moodi Widget on your device. Revoking permission will not delete your account but will disable real-time mood updates; your widget will still refresh on a 15-minute polling schedule.
Your push notification token is stored with device-level encryption, excluded from iCloud backup, and is deleted from our servers within 7 days of account deletion or opt-out.
8. Children's Privacy (COPPA)
The Service is not directed to children under the age of 13 (or under 16 in the European Economic Area, where applicable). We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under the age of 13, we will take steps to delete such information as soon as practicable and terminate the associated account.
If you are a parent or guardian and you believe your child has provided us with personal information without your consent, please contact us immediately at info@nocap.bio. We will promptly investigate and take appropriate action.
In compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., and the FTC's COPPA Rule (16 C.F.R. Part 312, as amended effective April 22, 2026), we do not knowingly use, share, or retain personal information from children under 13 for any purpose other than supporting the internal operations of the Service as permitted by law.
9. International Data Transfers
Our servers and service providers — including Google Firebase and Supabase — are based in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, your personal data may be transferred to and processed in the United States, which may not offer the same level of data protection as your home country.
For transfers from the EEA to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (Commission Implementing Decision 2021/914) executed by our service providers.
You may request information about the safeguards we rely on for international data transfers by contacting us at info@nocap.bio.
10. Your Privacy Rights
10.1 General Rights (All Users)
Regardless of your location, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your account and associated personal data.
- Withdraw Consent: Withdraw consent for optional processing (e.g., contacts access) by revoking device permissions or contacting us.
Account Deletion: Contact us at info@nocap.bio to request account deletion. We will delete your account and personal data within 30 days of a verified deletion request.
10.2 Rights of EEA and UK Residents (GDPR / UK GDPR)
If you are located in the European Economic Area or the United Kingdom, you have the following rights under Regulation (EU) 2016/679 (GDPR) and the UK GDPR:
- Right of Access (Art. 15): Obtain confirmation of whether we process your data and receive a copy.
- Right to Rectification (Art. 16): Correct inaccurate personal data.
- Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten") where no overriding legal basis exists.
- Right to Restriction of Processing (Art. 18): Restrict how we process your data in certain circumstances.
- Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests.
- Right to Withdraw Consent (Art. 7): Withdraw consent at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: File a complaint with your local data protection authority (e.g., the ICO in the UK, the CNIL in France, or the relevant supervisory authority in your EU member state).
We will respond to GDPR data subject requests within 30 days (extendable by a further two months for complex requests).
10.3 Rights of California Residents (CCPA / CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (Cal. Civ. Code § 1798.100 et seq.) and the California Privacy Rights Act:
- Right to Know: Know the categories and specific pieces of personal information we collect, use, share, and sell (we do not sell).
- Right to Delete: Request deletion of your personal information, subject to certain exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. No opt-out is required, but you may contact us to confirm this at any time.
- Right to Limit Use of Sensitive Personal Information: Your phone number is sensitive personal information under CPRA. We use it solely for authentication; we do not use it for advertising or any secondary purpose.
- Right to Non-Discrimination: We will not discriminate against you in pricing, service quality, or any other manner for exercising your CCPA/CPRA rights.
To exercise your California privacy rights, contact us at info@nocap.bio. We will respond within 45 days as required by CCPA. You may designate an authorized agent to submit a request on your behalf.
CCPA Categories of Personal Information Collected:
| Category | Examples Collected | Sold / Shared for Advertising? |
|---|---|---|
| Identifiers | Display name, Firebase UID, hashed phone, APNs token | No |
| Commercial information | Subscription purchase history | No |
| Internet / network activity | App usage events, error logs | No |
| Inferences / profiles | None created | No |
| Sensitive personal information | Phone number (hashed; used only for auth) | No |
11. Security
We implement industry-standard technical and organizational security measures to protect your personal data, including:
- All network communications are encrypted using HTTPS/TLS.
- Phone numbers are hashed (HMAC-SHA256) before storage; plaintext phone numbers are never written to our servers.
- Authentication credentials (JWT, APNs token, Firebase UID) are stored in your device's Keychain with the
kSecAttrAccessibleWhenUnlockedThisDeviceOnlyattribute — encrypted, device-locked, and excluded from iCloud backup. - All database tables are protected by Row-Level Security (RLS) policies, ensuring that each user can only access their own data.
- Server-side Edge Functions authenticate every request with JWT verification before processing.
- Contact matching uses server-side hashing; our servers never receive plaintext contact phone numbers.
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.
12. Apple Privacy Manifest
In compliance with Apple's App Store requirements effective May 2024, the App includes an Apple Privacy Manifest (PrivacyInfo.xcprivacy) that declares all APIs that access sensitive data and the approved reasons for such access, as well as all third-party SDKs that access such APIs. This manifest is submitted to Apple as part of each App Store release and is available for review upon request.
13. Third-Party Links and Services
The App may contain links to third-party websites or services (such as the App Store page, social media, or support documentation). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third party before providing them with your personal information. We are not responsible for the privacy practices of third parties.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy within the App or by sending an in-app notification at least 30 days before the change takes effect (where reasonably practicable). The "Last Updated" date at the top of this page reflects the most recent revision date.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree to the updated policy, you must stop using the Service and may request account deletion.
15. Contact Us
If you have questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact us:
Email: info@nocap.bio
For GDPR-related inquiries, you may also file a complaint with your local data protection authority. A list of EU supervisory authorities is available at edpb.europa.eu.