Moodsy/Privacy Policy

Privacy Policy & GDPR Notice

Last updated: May 2026

1. Who We Are

Moodsy (“we”, “us”, “our”) operates the platform accessible at moodsy.cc. For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection laws, we are the data controller of your personal data.

Contact: privacy@moodsy.cc

2. Data We Collect

  • Account data: email address, username, display name, password (hashed — never stored in plain text)
  • Profile data: bio, date of birth, gender, marital status, city, profile photo
  • Activity data: posts, likes, messages, swipes, friend connections, karma transactions
  • Technical data: IP address (via Supabase Auth), browser type, language preference
  • Optional data: location city (only if you choose to display it)

We do not collect precise GPS location. We do not sell your data to third parties.

3. Legal Basis for Processing

  • Contract performance (Art. 6(1)(b) GDPR): processing your account and profile data to provide the service
  • Consent (Art. 6(1)(a) GDPR): optional profile data such as location city, bio, photos
  • Legitimate interest (Art. 6(1)(f) GDPR): safety features, fraud prevention, account health monitoring, service improvement

4. How We Use Your Data

  • To operate the platform (feed, matching, messaging, profiles)
  • To send you in-app notifications about matches, messages, and interactions
  • To protect the community (reporting, moderation, shadow-banning)
  • To calculate karma and account health scores
  • To communicate with you about your account (transactional emails only)

5. Data Retention

  • Active accounts: data is retained while your account is active
  • Deleted accounts: soft-deleted immediately; permanently purged within 30 days
  • Messages: retained for 2 years after the conversation ends
  • Contact form submissions: retained for 1 year

6. Your Rights Under GDPR

If you are located in the EU/EEA or UK, you have the following rights:

  • Right of access: request a copy of your personal data
  • Right to rectification: correct inaccurate data via Profile → Edit
  • Right to erasure: delete your account via Settings → Delete account
  • Right to data portability: request a machine-readable export of your data
  • Right to object: object to processing based on legitimate interest
  • Right to restrict processing: request we pause processing your data

To exercise any right, contact privacy@moodsy.cc. We will respond within 30 days.

7. Data Sharing

We do not sell or rent your personal data. We share data only with:

  • Supabase (database and auth infrastructure, EU data processing)
  • Vercel (hosting and deployment)
  • Law enforcement if required by applicable law

8. Cookies

We use the following cookies:

  • sb-* (Supabase Auth): session management — strictly necessary
  • lc_lang: your language preference — functional

We do not use advertising or tracking cookies.

9. Security

Passwords are hashed using bcrypt. All connections use HTTPS/TLS. Database access is restricted by row-level security policies. We perform regular security reviews.

10. Children

Moodsy is intended for users aged 18 and older. We do not knowingly collect data from minors. If you believe a minor has registered, contact us immediately.

11. Changes to This Policy

We may update this policy. Material changes will be communicated via in-app notification. Continued use after notification constitutes acceptance.

12. Contact

Questions or complaints: privacy@moodsy.cc

You also have the right to lodge a complaint with your national data protection authority.