Privacy Policy

Last updated: | Effective: January 1, 2025

MoodPlant is committed to protecting your privacy while helping you build mindful habits through mood tracking, AI-powered coaching, and plant-based growth visualization. This comprehensive policy explains our data practices with complete transparency.

TL;DR: We collect only what's necessary to make MoodPlant work, we don't sell your data, and you can export or delete everything anytime.

Who We Are

MoodPlant is an independent project developed to help users build mindful habits through mood tracking and AI-powered coaching. We are the data controller responsible for your personal information. Contact us at team@moodplant.app for any privacy-related questions.

Information We Collect

Account & Authentication Data

Email address (for account creation and sign-in)
Display name and plant name (optional, user-provided)
Profile avatar (optional image upload via Firebase Storage)
Third-party sign-in data:
- Google Sign-In: Basic profile info (name, email, profile image URL)
- Apple Sign-In: Email (real or private relay), optional name

Mood & Wellness Data

Mood entries (emoji selections, optional notes, timestamps)
Journal entries (text content, creation dates)
Breathing exercise data (session duration, technique used)
Focus timer sessions (duration, completion status)
Nature sounds preferences (selected sounds, usage duration)
Gratitude entries (text content, dates)
Custom affirmations (user-created content)
Mood art creations (digital artwork, creation metadata)

AI Coaching & Plant Generation

Coach interaction history (generated tips, affirmations, prompts - stored locally to avoid repetition)
Plant generation data (species selection, growth stage, visual characteristics)
Plant sprites (AI-generated images stored in Firebase Storage)
Growth progression data (evolution stages, unlock timestamps)

App Usage & Technical Data

Feature usage (unlocked features, coin balance, streak data)
App performance data (crash reports, error logs via Firebase Crashlytics)
Device information (device type, OS version, app version, device identifiers)
Push notification tokens (for delivering optional reminders)
Network activity logs (API calls, timestamps, error responses)
Offline sync data (cached mood entries, sync timestamps)

How We Use Your Information

Core App Functionality

Provide mood tracking, journaling, and wellness features
Generate personalized coaching responses via AI services
Create and evolve your plant companion using AI image generation
Sync data across your devices securely
Enable Growth Center features and progress tracking

Personalization & Improvement

Show mood trends and insights from your historical data
Avoid repeating coaching content you've already seen
Customize plant growth based on your engagement patterns
Provide region-appropriate crisis resources and support

Communication (Optional)

Send gentle reminders if you enable notifications
Deliver important app updates or security notifications
Respond to your support requests and feedback

Safety & Security

Maintain service security and prevent unauthorized access
Troubleshoot technical issues and improve app stability
Detect and prevent fraud, spam, or abuse
Comply with legal obligations and law enforcement requests

AI Services & Third-Party Processing

Coaching AI (OpenAI GPT)

We use OpenAI's GPT models to generate personalized coaching content. We send minimal context (recent mood trends, basic preferences) and never include identifiable personal information or detailed journal content. OpenAI processes this data according to their privacy policy and API terms.

Plant Image Generation (Google Gemini AI)

Plant sprites are generated using Google's Gemini AI models via Google AI API. We send only plant species and growth characteristics - no personal or mood data. Generated images are stored in Firebase Storage and associated with your account.

Firebase Services (Google)

Authentication: Account management and sign-in
Firestore: Secure cloud database for your app data
Storage: Plant images and profile avatars
Functions: Server-side processing for AI features
Messaging: Push notifications (if enabled)
Crashlytics: Crash reporting for app stability

Legal Basis for Processing (GDPR/UK GDPR)

Consent

Mood data processing (potentially sensitive personal data)
AI coaching (automated decision-making with personal context)
Push notifications (optional marketing/reminder communications)
Third-party sign-in (data sharing with Apple/Google)

Legitimate Interests

Service security and fraud prevention
Technical troubleshooting and app improvement
Legal compliance and dispute resolution

Contractual Necessity

Account management and authentication
Core app functionality delivery
Data synchronization across devices

Your Privacy Rights

Universal Rights

Access: Request a copy of all your data
Portability: Export your data in machine-readable format
Correction: Update inaccurate or incomplete information
Deletion: Permanently delete your account and all associated data
Objection: Object to specific types of data processing

GDPR/UK GDPR Additional Rights

Restriction: Limit how we process your data while disputes are resolved
Consent withdrawal: Revoke consent for mood tracking or AI coaching
Automated decision-making: Opt out of AI-generated content
Data Protection Authority: Lodge complaints with your local DPA

California Privacy Rights (CCPA/CPRA)

Know: Detailed disclosure of personal information collected
Delete: Request deletion of personal information
Opt-out: We don't sell personal information, but you can request we don't share for analytics
Non-discrimination: Equal service regardless of privacy choices
Sensitive data: Additional protections for health/wellness information

How to Exercise Your Rights:
• In-app: Profile → Privacy Settings → Account Actions
• Email: privacy@moodplant.app
• Response time: Within 30 days (GDPR) or 45 days (CCPA)

Data Retention & Deletion

Active Account Data

We retain your personal data while your account is active and for as long as necessary to provide services you've requested.

Specific Retention Periods

Mood entries: Retained until account deletion
Coach history: 90 days (to avoid repetition)
Crash logs: 90 days maximum
Plant generation data: Retained until account deletion
Marketing communications: Until you unsubscribe

Account Deletion

When you delete your account, we permanently delete your profile and all associated data (moods, journal entries, coach history, plant data) within 30 days. Some technical logs may be retained for up to 90 days for security and legal compliance purposes.

Data Security

We implement industry-standard security measures including:

Encryption in transit: TLS 1.3 for all data transmission
Encryption at rest: AES-256 encryption via Firebase
Access controls: Role-based access with multi-factor authentication
Security monitoring: Automated threat detection and response
Regular audits: Quarterly security assessments
Data minimization: Collect and retain only necessary information

Security Incident Response: If a data breach occurs, we will notify affected users within 72 hours and relevant authorities as required by law.

International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate, including:

Google Cloud Platform: Global infrastructure with data residency controls
OpenAI: United States (coaching AI processing)
Apple/Google: Various regions (authentication services)

For transfers from the EU/UK, we rely on adequacy decisions and Standard Contractual Clauses (SCCs) approved by the European Commission to ensure your data receives equivalent protection.

Children's Privacy (COPPA Compliance)

MoodPlant is not intended for children under 13 (or the minimum age in your jurisdiction for digital consent). We do not knowingly collect personal information from children. If we discover we have collected information from a child under 13, we will delete it immediately.

For users 13-18: We recommend parental awareness of mental health app usage and encourage open communication about emotional wellbeing.

Cookies & Local Storage

Our app uses local device storage for:

Authentication tokens: Keep you signed in securely
Offline mood cache: Allow mood logging without internet
App preferences: Theme, language, notification settings
Performance data: Cache plant images and coach content

Our website uses minimal cookies for theme preferences and analytics (if enabled).

Marketing & Communications

We may contact you via:

Push notifications: Gentle reminders (optional, can be disabled)
Email: Important app updates, security notices (minimal frequency)
In-app messages: Feature announcements, wellness tips

You can opt out of all marketing communications while still receiving essential security and legal notices.

Do Not Sell Policy

We do not sell, rent, or share your personal information for commercial purposes. Period.

We may share anonymized, aggregated data (e.g., "users who track mood daily have 23% better streaks") for research purposes, but this never includes individually identifiable information.

Data Sharing & Disclosure

We share personal data only in these limited circumstances:

Service providers: Firebase, AI services (with data processing agreements)
Legal requirements: Court orders, regulatory compliance, safety threats
Business transfers: Mergers or acquisitions (with equivalent privacy protections)
Emergency situations: Imminent threats to safety (mental health crisis resources)

Regional Compliance

European Union (GDPR)

EU users have enhanced rights under GDPR, including data portability, right to be forgotten, and the right to lodge complaints with supervisory authorities. Our lawful basis for processing is clearly identified above.

California (CCPA/CPRA)

California residents have specific rights regarding personal information, including the right to know what information is collected, the right to delete, and the right to opt-out of sale (though we don't sell data).

Other Jurisdictions

We comply with applicable privacy laws in all regions where MoodPlant is available, including Canada (PIPEDA), Australia (Privacy Act), and other local requirements.

Health Information Disclaimer

Important: MoodPlant is a wellness tool, not a medical device. We do not provide medical advice, diagnosis, or treatment. If you're experiencing a mental health crisis, please contact local emergency services or a qualified healthcare provider immediately.

Age Requirements

Under 13: Not permitted to use MoodPlant
13-18: Permitted with awareness of mental health content
18+: Full access to all features

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. When we make material changes:

We'll update the "Last updated" date above
For significant changes, we'll notify you via email or in-app notification
Continued use of MoodPlant after changes constitutes acceptance
You may delete your account if you disagree with policy changes

Contact & Data Protection

Privacy Contacts

General privacy questions: privacy@moodplant.app
Data requests: data@moodplant.app
Legal inquiries: legal@moodplant.app

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at compliance@moodplant.app.

Regulatory Authorities

If we cannot resolve your privacy concern, you have the right to contact your local data protection authority:

EU: Your national data protection authority
UK: Information Commissioner's Office (ICO)
California: California Attorney General's Office

Questions about this policy? We're here to help. Contact us at help@moodplant.app and we'll respond within 48 hours.