Privacy Policy

Effective date: 1 June 2026

This Privacy Policy explains how MoodSpace (“MoodSpace”, “we”, “us”, or “our”) collects, uses, shares, and protects information when you use the MoodSpace mobile and web applications and related services (collectively, the “Service”).

MoodSpace is designed to support emotional communication between children and their parents or guardians through mood check-ins, journaling, and private family messaging. It is built for children (typically ages 8–13) and is set up and managed by a parent or legal guardian. Because the Service is intended for use by children with parental involvement, we treat the information you share with us as sensitive and handle it accordingly.

By using MoodSpace, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

Contents

Who we are
Who can use MoodSpace
Information we collect
How we use information
Legal bases (EEA/UK)
How information is shared
International data transfers
Data security and encryption
Data retention
Your rights and choices
Push notifications and communications
Children’s privacy
Changes to this Policy
Contact us

1. Who we are

MoodSpace is the data controller for personal information processed through the Service. If you have any questions about this Policy or how your information is handled, you can contact us at privacy@getmoodspace.app.

2. Who can use MoodSpace

MoodSpace is intended for:

Children, with the involvement and consent of a parent or legal guardian.
Parents and legal guardians of those children.

MoodSpace is designed to be set up and managed by a parent or legal guardian. Because the Service is built for children (typically ages 8–13), a parent or guardian must create the family account and provide verifiable consent before a child’s account is created and used. We do not knowingly allow children to create accounts without this parental involvement, and we honour the minimum-age and parental-consent requirements of applicable law in your jurisdiction (for example, the Children’s Online Privacy Protection Act (COPPA) for children under 13 in the United States, and the GDPR/UK GDPR in the EEA/UK).

If you believe a child has provided us with personal information without appropriate parental consent, contact us at privacy@getmoodspace.app and we will delete the relevant data.

3. Information we collect

3.1 Information you provide

Account information: email address, password (handled by our authentication provider), username, display name, role (child or parent), and avatar.
Profile information: birthdate (used to calculate age and tailor the experience), themes, preferences, timezone, notification settings, and check-in reminder time.
Mood and wellbeing data: mood selections, intensity ratings, optional notes, optional voice messages, and context tags.
Journal content (“Daily Reflections”): written reflections you save in your private space.
Messages: the content of one-to-one and family group chats you send within MoodSpace, including text, optional voice messages, attached media, mood shares, and read state.
Family connections and invitations: information provided when inviting or linking family members, such as the invitee’s name, email address, a child’s date of birth, invitation codes, and chosen avatar metadata, together with the parental-consent confirmations you provide when adding a child.
Consent records: an audit trail of the legal and parental consents you give (such as accepting these terms and confirming parental consent), including the version and timestamp.
Support communications: information you share when you contact us for help or feedback.

3.2 Information collected automatically

Authentication tokens and session data stored securely on your device.
Service usage data: limited operational logs including timestamps, streak and check-in counts, and points/goals activity.
Safety and audit logs: where authorized administrative review occurs, we may log reviewer, time, duration, reason, and IP address.
Device and technical information necessary to operate the app, including a push notification token where you enable notifications.

3.3 Information from third-party sign-in providers

If you sign in using Google or Apple, we receive the basic profile information those providers share with us (such as your name, email address, and a unique provider identifier) as permitted by your settings with that provider.

3.4 What we do not collect

We do not collect precise location data.
We do not access HealthKit, Google Fit, or other health platform data.
We do not knowingly collect biometric identifiers.
We do not currently process payments and do not collect payment card information.

3.5 Camera, photos, microphone, and notifications

With your permission, MoodSpace may access:

Your camera and photo library, only to let you choose or take a profile photo.
Your microphone, only to record voice messages or voice check-ins where that feature is available.
Push notifications, only to deliver reminders, family activity, and messages you have asked to receive.

You can change or withdraw these permissions at any time in your device settings.

4. How we use information

We use the information we collect to:

Provide, operate, and maintain the Service, including mood check-ins, journaling, one-to-one and family group messaging, family linking, points/streaks, and notifications.
Authenticate you, secure your account, and prevent abuse, fraud, and unauthorized access.
Personalize your experience (for example, themes, reminders, age-appropriate content).
Enable family features, including sharing mood check-ins, reflections, and messages with linked family members in accordance with configured permissions.
Send transactional messages, such as invitation emails, password resets, and important service notices.
Respond to your support requests and feedback.
Detect, investigate, and respond to safety, security, or policy issues, including reviewing reported content where permitted.
Comply with legal obligations and enforce our terms.

We do not sell your personal information, and we do not use your mood data, journal content, or messages for advertising.

5. Legal bases for processing (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Contract: to provide the Service you’ve signed up for.
Consent: for optional features such as push notifications, microphone, camera, and parental consent for a child’s account use.
Legitimate interests: to keep the Service secure, prevent abuse, and improve reliability, balanced against your rights.
Legal obligation: where we must process information to comply with applicable law.

You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. How information is shared

We share information only as described below:

Within your family on MoodSpace. Mood check-ins, reflections, and messages may be visible to linked parents or family members based on configured permissions. Family group chat ("Family Chat") is a single shared conversation that includes the parent/guardian(s) and all children in the family; messages there are visible to every participant.
Service providers. We rely on a small number of vendors to operate the Service, including Supabase (authentication, database, real-time, storage, and edge functions), Apple and Google (sign-in, app distribution, and Android push delivery via Firebase Cloud Messaging), Resend (transactional emails), Expo/EAS (app builds and updates), and Sentry (error and crash diagnostics). They process data only on our instructions and under appropriate contractual safeguards.
Legal and safety. We may disclose information if we believe in good faith that it is necessary to comply with law, protect the rights or safety of users (including minors), or investigate violations of our terms.
Business transfers. If MoodSpace is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.

We do not share your information with advertisers or data brokers.

7. International data transfers

Your information may be processed in countries other than the one you live in, including in the United States and other regions where our service providers operate. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) to protect international transfers.

8. Data security and encryption

We take the security of your information seriously, particularly given the sensitive nature of mood, journal, and family communications.

8.1 End-to-end encryption (E2EE) for messages and journals

Family chat messages and Daily Reflection journal entries are protected with end-to-end encryption. This means:

Content is encrypted on your device before it is transmitted and can only be decrypted by the intended recipients (family members in a chat, or the journal author). MoodSpace, our infrastructure providers, and our staff cannot read the plaintext content of your messages or journal entries.
We use industry-standard cryptographic primitives: X25519 elliptic-curve key exchange and XSalsa20-Poly1305 authenticated encryption (via the TweetNaCl library), and PBKDF2-HMAC-SHA512 for password-based key derivation with a minimum of 600,000 iterations.
Your private encryption key is generated on your device and stored exclusively in the device’s secure storage (iOS Keychain / Android Keystore). For password-based accounts, an encrypted copy is also stored on our servers so you can unlock your key on a new device using your password.

8.2 What is not end-to-end encrypted

The following data is stored in readable form on our servers because it is necessary for the Service to function:

Mood check-ins (mood selection, intensity, context tags) — required for trend analysis and parent visibility.
Message metadata: sender ID, timestamp, read status, message type — required for delivery and notification.
Profile information, family connections, points, and goals.

8.3 Key recovery

Because we cannot decrypt your keys, losing access to your account could result in loss of access to encrypted message history. MoodSpace provides three recovery mechanisms:

Recovery code — a high-entropy one-time code shown at signup that you can save to a password manager. The plaintext code is never sent to our servers.
Family member recovery — another family member can approve a recovery request from their device, re-issuing shared chat keys without exposing plaintext to our servers.
Parent-initiated child recovery — parents hold an encrypted backup of their child’s encryption key and can re-issue it from the child settings screen.

8.4 Other security measures

All connections between the MoodSpace app and our servers are protected with TLS (HTTPS) encryption in transit.
Access to non-encrypted data is restricted using row-level security policies, JWT-based authentication, and least-privilege controls on the backend.
Authentication tokens and encryption keys are stored using your device’s secure storage (iOS Keychain / Android Keystore).

No security measure is perfect. If we become aware of a security incident affecting your information, we will notify you and the appropriate authorities as required by law.

9. Data retention

We keep your personal information only for as long as is necessary to provide the Service and for the purposes described in this Policy.

Active accounts: information is retained while your account is active.
Deleted or inactive accounts: associated personal data is removed or anonymized within a reasonable period, subject to backups and limited records we are required to keep for legal, security, or audit purposes.
Soft-deleted records: some content is initially marked as deleted before permanent removal, so that accidental deletions can be recovered for a limited time.

10. Your rights and choices

Depending on where you live, you may have the following rights regarding your personal information:

Access the personal information we hold about you.
Correct information that is inaccurate or incomplete.
Delete your account and associated personal information.
Export a copy of your data in a portable format.
Restrict or object to certain processing.
Withdraw consent where processing is based on consent.
Lodge a complaint with your local data protection authority.

For children’s accounts, a parent or legal guardian may exercise these rights on the child’s behalf. You can also manage many settings directly in the app (profile information, family links, notification preferences, and visibility settings).

11. Push notifications and communications

If you enable push notifications, MoodSpace may send you check-in reminders, family activity alerts, and other in-app updates. You can disable notifications at any time from your device settings or from the in-app notification preferences.

We may send you transactional emails (such as account verification, password reset, and invitations) that are necessary to operate your account. We do not send marketing emails without your consent.

12. Children’s privacy

MoodSpace is designed for children and includes parent-managed features. We:

Require a parent or legal guardian to set up and consent to each child’s account, in line with applicable law (including COPPA for children under 13 in the United States).
Do not knowingly collect more personal information from children than is necessary to provide the Service.
Do not use children’s data for behavioral advertising or sell it to third parties.
Provide controls so that parents and children can manage what is shared and with whom within their family.

If you are a parent or guardian and believe your child has provided personal information to MoodSpace without your consent, please contact us at privacy@getmoodspace.app so we can review and, where appropriate, delete that information.

13. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the app, by email, or by other appropriate means, and update the effective date at the top of this Policy. Your continued use of the Service after the changes take effect means you accept the updated Policy.

14. Contact us

If you have questions, concerns, or requests about this Policy or your personal information, contact us at privacy@getmoodspace.app, or for general enquiries hello@getmoodspace.app.

Privacy Policy

Effective date: 1 June 2026

By using MoodSpace, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

Contents

Who we are
Who can use MoodSpace
Information we collect
How we use information
Legal bases (EEA/UK)
How information is shared
International data transfers
Data security and encryption
Data retention
Your rights and choices
Push notifications and communications
Children’s privacy
Changes to this Policy
Contact us

1. Who we are

2. Who can use MoodSpace

MoodSpace is intended for:

Children, with the involvement and consent of a parent or legal guardian.
Parents and legal guardians of those children.

If you believe a child has provided us with personal information without appropriate parental consent, contact us at privacy@getmoodspace.app and we will delete the relevant data.

3. Information we collect

3.1 Information you provide

Account information: email address, password (handled by our authentication provider), username, display name, role (child or parent), and avatar.
Profile information: birthdate (used to calculate age and tailor the experience), themes, preferences, timezone, notification settings, and check-in reminder time.
Mood and wellbeing data: mood selections, intensity ratings, optional notes, optional voice messages, and context tags.
Journal content (“Daily Reflections”): written reflections you save in your private space.
Messages: the content of one-to-one and family group chats you send within MoodSpace, including text, optional voice messages, attached media, mood shares, and read state.
Family connections and invitations: information provided when inviting or linking family members, such as the invitee’s name, email address, a child’s date of birth, invitation codes, and chosen avatar metadata, together with the parental-consent confirmations you provide when adding a child.
Consent records: an audit trail of the legal and parental consents you give (such as accepting these terms and confirming parental consent), including the version and timestamp.
Support communications: information you share when you contact us for help or feedback.

3.2 Information collected automatically

Authentication tokens and session data stored securely on your device.
Service usage data: limited operational logs including timestamps, streak and check-in counts, and points/goals activity.
Safety and audit logs: where authorized administrative review occurs, we may log reviewer, time, duration, reason, and IP address.
Device and technical information necessary to operate the app, including a push notification token where you enable notifications.

3.3 Information from third-party sign-in providers

3.4 What we do not collect

We do not collect precise location data.
We do not access HealthKit, Google Fit, or other health platform data.
We do not knowingly collect biometric identifiers.
We do not currently process payments and do not collect payment card information.

3.5 Camera, photos, microphone, and notifications

With your permission, MoodSpace may access:

Your camera and photo library, only to let you choose or take a profile photo.
Your microphone, only to record voice messages or voice check-ins where that feature is available.
Push notifications, only to deliver reminders, family activity, and messages you have asked to receive.

You can change or withdraw these permissions at any time in your device settings.

4. How we use information

We use the information we collect to:

Provide, operate, and maintain the Service, including mood check-ins, journaling, one-to-one and family group messaging, family linking, points/streaks, and notifications.
Authenticate you, secure your account, and prevent abuse, fraud, and unauthorized access.
Personalize your experience (for example, themes, reminders, age-appropriate content).
Enable family features, including sharing mood check-ins, reflections, and messages with linked family members in accordance with configured permissions.
Send transactional messages, such as invitation emails, password resets, and important service notices.
Respond to your support requests and feedback.
Detect, investigate, and respond to safety, security, or policy issues, including reviewing reported content where permitted.
Comply with legal obligations and enforce our terms.

We do not sell your personal information, and we do not use your mood data, journal content, or messages for advertising.

5. Legal bases for processing (EEA/UK users)

Where the GDPR or UK GDPR applies, we rely on the following legal bases:

Contract: to provide the Service you’ve signed up for.
Consent: for optional features such as push notifications, microphone, camera, and parental consent for a child’s account use.
Legitimate interests: to keep the Service secure, prevent abuse, and improve reliability, balanced against your rights.
Legal obligation: where we must process information to comply with applicable law.

You can withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6. How information is shared

We share information only as described below:

Within your family on MoodSpace. Mood check-ins, reflections, and messages may be visible to linked parents or family members based on configured permissions. Family group chat ("Family Chat") is a single shared conversation that includes the parent/guardian(s) and all children in the family; messages there are visible to every participant.
Service providers. We rely on a small number of vendors to operate the Service, including Supabase (authentication, database, real-time, storage, and edge functions), Apple and Google (sign-in, app distribution, and Android push delivery via Firebase Cloud Messaging), Resend (transactional emails), Expo/EAS (app builds and updates), and Sentry (error and crash diagnostics). They process data only on our instructions and under appropriate contractual safeguards.
Legal and safety. We may disclose information if we believe in good faith that it is necessary to comply with law, protect the rights or safety of users (including minors), or investigate violations of our terms.
Business transfers. If MoodSpace is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction.

We do not share your information with advertisers or data brokers.

7. International data transfers

8. Data security and encryption

We take the security of your information seriously, particularly given the sensitive nature of mood, journal, and family communications.

8.1 End-to-end encryption (E2EE) for messages and journals

Family chat messages and Daily Reflection journal entries are protected with end-to-end encryption. This means:

Content is encrypted on your device before it is transmitted and can only be decrypted by the intended recipients (family members in a chat, or the journal author). MoodSpace, our infrastructure providers, and our staff cannot read the plaintext content of your messages or journal entries.
We use industry-standard cryptographic primitives: X25519 elliptic-curve key exchange and XSalsa20-Poly1305 authenticated encryption (via the TweetNaCl library), and PBKDF2-HMAC-SHA512 for password-based key derivation with a minimum of 600,000 iterations.
Your private encryption key is generated on your device and stored exclusively in the device’s secure storage (iOS Keychain / Android Keystore). For password-based accounts, an encrypted copy is also stored on our servers so you can unlock your key on a new device using your password.

8.2 What is not end-to-end encrypted

The following data is stored in readable form on our servers because it is necessary for the Service to function:

Mood check-ins (mood selection, intensity, context tags) — required for trend analysis and parent visibility.
Message metadata: sender ID, timestamp, read status, message type — required for delivery and notification.
Profile information, family connections, points, and goals.

8.3 Key recovery

Because we cannot decrypt your keys, losing access to your account could result in loss of access to encrypted message history. MoodSpace provides three recovery mechanisms:

Recovery code — a high-entropy one-time code shown at signup that you can save to a password manager. The plaintext code is never sent to our servers.
Family member recovery — another family member can approve a recovery request from their device, re-issuing shared chat keys without exposing plaintext to our servers.
Parent-initiated child recovery — parents hold an encrypted backup of their child’s encryption key and can re-issue it from the child settings screen.

8.4 Other security measures

All connections between the MoodSpace app and our servers are protected with TLS (HTTPS) encryption in transit.
Access to non-encrypted data is restricted using row-level security policies, JWT-based authentication, and least-privilege controls on the backend.
Authentication tokens and encryption keys are stored using your device’s secure storage (iOS Keychain / Android Keystore).

No security measure is perfect. If we become aware of a security incident affecting your information, we will notify you and the appropriate authorities as required by law.

9. Data retention

We keep your personal information only for as long as is necessary to provide the Service and for the purposes described in this Policy.

Active accounts: information is retained while your account is active.
Deleted or inactive accounts: associated personal data is removed or anonymized within a reasonable period, subject to backups and limited records we are required to keep for legal, security, or audit purposes.
Soft-deleted records: some content is initially marked as deleted before permanent removal, so that accidental deletions can be recovered for a limited time.

10. Your rights and choices

Depending on where you live, you may have the following rights regarding your personal information:

Access the personal information we hold about you.
Correct information that is inaccurate or incomplete.
Delete your account and associated personal information.
Export a copy of your data in a portable format.
Restrict or object to certain processing.
Withdraw consent where processing is based on consent.
Lodge a complaint with your local data protection authority.

11. Push notifications and communications

We may send you transactional emails (such as account verification, password reset, and invitations) that are necessary to operate your account. We do not send marketing emails without your consent.

12. Children’s privacy

MoodSpace is designed for children and includes parent-managed features. We:

Require a parent or legal guardian to set up and consent to each child’s account, in line with applicable law (including COPPA for children under 13 in the United States).
Do not knowingly collect more personal information from children than is necessary to provide the Service.
Do not use children’s data for behavioral advertising or sell it to third parties.
Provide controls so that parents and children can manage what is shared and with whom within their family.

13. Changes to this Policy

14. Contact us

If you have questions, concerns, or requests about this Policy or your personal information, contact us at privacy@getmoodspace.app, or for general enquiries hello@getmoodspace.app.

Privacy Policy

1. Who we are

2. Who can use MoodSpace

3. Information we collect

3.1 Information you provide

3.2 Information collected automatically

3.3 Information from third-party sign-in providers

3.4 What we do not collect

3.5 Camera, photos, microphone, and notifications

4. How we use information

5. Legal bases for processing (EEA/UK users)

6. How information is shared

7. International data transfers

8. Data security and encryption

8.1 End-to-end encryption (E2EE) for messages and journals

8.2 What is not end-to-end encrypted

8.3 Key recovery

8.4 Other security measures

9. Data retention

10. Your rights and choices

11. Push notifications and communications

12. Children’s privacy

13. Changes to this Policy

14. Contact us

Privacy Policy

1. Who we are

2. Who can use MoodSpace

3. Information we collect

3.1 Information you provide

3.2 Information collected automatically

3.3 Information from third-party sign-in providers

3.4 What we do not collect

3.5 Camera, photos, microphone, and notifications

4. How we use information

5. Legal bases for processing (EEA/UK users)

6. How information is shared

7. International data transfers

8. Data security and encryption

8.1 End-to-end encryption (E2EE) for messages and journals

8.2 What is not end-to-end encrypted

8.3 Key recovery

8.4 Other security measures

9. Data retention

10. Your rights and choices

11. Push notifications and communications

12. Children’s privacy

13. Changes to this Policy

14. Contact us

‍

Ready to build healthy phone-era habits as a family?