Privacy Policy

1. Introduction

MoodMirror is an AI-powered journaling app that reflects your emotional patterns back to you. We built it to be genuinely useful for self-reflection, which means we store sensitive personal content — your words, moods, and energy levels. We take that seriously.

This policy explains what data we collect, why we collect it, who we share it with, and how long we keep it. Our guiding principle is to over-disclose what's actually happening with your data rather than hide behind vague language. Every claim in this document maps to a specific call site in our codebase.

This policy applies to the MoodMirror mobile app (iOS and Android) and the moodmirror.io marketing site. It should be read alongside our Terms of Service. If you want to delete your account and data, see our Delete Account page.

2. Data we collect directly from you

When you use MoodMirror, we collect the following categories of information directly from you:

• Account credentials. Your email address and password, or — if you sign in with Apple or Google — the identity claim (user identifier) provided by that platform.
• Journal content. Entry titles, free-text body blocks, tags, mood scores (a 5-step bad-to-good scale), and energy ratings (1–10).
• Photo and audio attachments. Photos and audio recordings you attach to journal entries.
• In-app preferences and counters. Notification settings, haptics preference, theme selection, streak data, and daily usage counters.

On our servers, data is stored in our managed Postgres database (Supabase), which encrypts data at rest. We are not end-to-end encrypted: our backend has plaintext access to your entries because the AI reflection feature needs to read them in order to generate reflections. Access is restricted by row-level security so only you can read your own data.

On your device, the local cache (offline queue and recently synced entries) is encrypted using a randomly generated key held in the iOS Keychain or Android Keystore. Authentication tokens are held in the Keychain / Keystore directly. The device-side encryption key is removed when you uninstall the app.

3. Data we receive from third parties

In addition to what you give us directly, we receive limited data from the sign-in and subscription platforms you use:

• Apple ID claim (Sign In with Apple). When you sign in with Apple, we receive an Apple user identifier and an email address (or relay alias). Users who choose Apple's Hide My Email relay will have a *@privaterelay.appleid.com address stored in our database; we do not attempt to resolve it to a primary email.
• Google ID claim (Sign-In OAuth). When you sign in with Google, we receive your Google account identifier, email address, display name, and profile picture URL from the OAuth ID token.
• RevenueCat customer info. RevenueCat provides us with your subscription state (free vs. paid, entitlement identifier) and transaction history metadata. We do not receive payment card numbers or full billing details.

4. AI processing — how we generate reflections

MoodMirror's AI reflection feature is powered by the Anthropic Claude API, specifically the model claude-haiku-4-5-20251001. Reflections are generated on our backend; your entries are not sent to Anthropic from your device directly.

When you request a reflection, the following is sent to Anthropic's API:

• The current entry's title, tags, mood score, energy rating, and free-text body blocks.
• A small number of recent prior entries selected for thematic context.
• Prior assistant turns within the same entry reflection thread.

Anthropic retains API request content for up to 30 days for abuse monitoring, after which it is deleted. Per Anthropic's commercial terms, your content is not used to train Anthropic's models.

5. Subscriptions and in-app purchases

In-app purchases and subscriptions are processed by the Apple App Store or Google Play Store. RevenueCat orchestrates entitlement validation and communicates subscription state to the app. The merchant of record for all transactions is Apple or Google — not MoodMirror.

We receive only entitlement state (e.g., “premium subscriber”) and transaction metadata such as purchase dates and product identifiers. We never receive or store your payment card numbers, billing address, or full Apple/Google receipt details.

6. Advertising and consent

The free tier of MoodMirror shows ads served by Google AdMob, mediated via the Google Mobile Ads SDK. No ads are shown on the paid tier.

Before initializing AdMob, the app presents a consent prompt using Google's User Messaging Platform (UMP). In the EEA and UK, this consent flow generates an IAB Transparency and Consent Framework v2 (IAB-TCF v2) consent string, which is passed with each ad request. AdMob is only initialized after UMP consent is obtained.

On iOS, the App Tracking Transparency (ATT) prompt additionally controls whether the IDFA (Identifier for Advertisers) is shared. The table below describes what identifier flows to AdMob in each branch:

The ad request type (personalized vs. non-personalized) is gated on both the UMP consent result and the ATT authorization result. If either is denied, ads are served as non-personalized.

7. Permissions we ask for

MoodMirror requests the following system permissions. The exact text shown in the system prompt is included for each:

• Photos. “Allow MoodMirror to attach photos to your journal entries.” Used when you attach a photo to a journal entry.
• Microphone. “Allow MoodMirror to record voice notes for your journal entries.” Used when you record an audio note for a journal entry.
• App Tracking Transparency (iOS only). “This identifier will be used to deliver personalized ads to you.” Governs whether the IDFA is shared with AdMob, as described in Section 6.

8. Children's privacy and COPPA

MoodMirror is not directed at children under 13 (or under 16 in jurisdictions where a higher digital-consent age applies under EU law). We do not knowingly collect personal information from children under 13. The App Store age rating for MoodMirror is 13+.

If we learn that we have collected personal information from a user under 13, we will suspend the account within 7 days and delete the data within 30 days. To report a suspected child user, parents may contact us at contact@moodmirror.io.

9. Data retention

• While your account is active. All data is kept until you delete it.
• Account deletion. Deleting your account (via the Delete Account page or Settings → Danger zone → Delete account in the app) immediately erases your journal content, attachments, profile, AI reflections, and all associated data from our servers.
• Backups and operational logs. We maintain encrypted database backups and operational logs (which may include user identifiers for debugging) for a short rolling window for disaster recovery and reliability. Deleted data may persist in those backups and logs until the window rolls over, after which it is purged.
• Anthropic API. 30-day retention as described in Section 4.
• On-device cache. The local cache is wiped when you uninstall the app or wipe the device. The encryption key held in the iOS Keychain or Android Keystore is removed when the app is uninstalled.

10. Cookies and local storage on moodmirror.io

The moodmirror.io marketing website sets one functional cookie that remembers your light/dark theme preference. It stores only your visual preference and does not track you across sessions or sites. Under EU ePrivacy classifications it is a functional cookie, not a tracking or advertising cookie, and does not require consent under the “strictly necessary” exemption.

We do not use tracking cookies, advertising cookies, or third-party analytics on the marketing site at this time.

11. International data transfers

MoodMirror and most of our sub-processors operate in the United States. Specifically: Supabase (AWS us-east-1 by default), Anthropic, RevenueCat, Google AdMob, Google Sign-In, Apple Sign In with Apple, and Expo / EAS are all US-based.

For users in the EEA, UK, or other jurisdictions with data-transfer restrictions, transfers rely on the Standard Contractual Clauses (SCCs) contained in each sub-processor's standard data processing terms.

12. Your rights

Depending on where you live, you may have the following rights regarding your personal data:

• Access (GDPR Article 15). You may request a copy of the personal data we hold about you by emailing contact@moodmirror.io. We respond within 30 days.
• Deletion (GDPR Article 17 / CCPA right to delete). Use the in-app Settings → Danger zone → Delete account flow for immediate deletion, or email contact@moodmirror.io if you no longer have access to the app.
• Correction. You can edit any journal entry directly in the app.
• Portability. Email contact@moodmirror.io with the subject “Data export request” and we will provide a copy of your journal data in a machine-readable format (JSON) within 30 days.
• California (CCPA) — Do Not Sell My Personal Information. We do not sell or share your personal information for cross-context behavioral advertising. To exercise any CCPA right, email contact@moodmirror.io with the subject “CCPA request”.

13. Sub-processors

We share data with the following sub-processors. The data categories listed are the complete set of information each processor may receive.

14. Contact and policy changes

Questions about this policy? Email us at contact@moodmirror.io.

We update the “Last updated” date at the top of this page whenever the policy changes. For material changes — such as new sub-processors or new data categories — we will make reasonable efforts to notify you via an in-app banner on your next sign-in or by email.

See also our Terms of Service and our Delete Account page.