Privacy Policy
MoodSnug is built privacy-first. This policy explains, in plain language, what we collect, why, and what we deliberately cannot see.
Who we are
The data controller is Wombat d.o.o. (Mediteranska 59-3, Budva, Montenegro, registration no. 03486923). Contact: team@moodsnug.com.
End-to-end encryption — the core of MoodSnug
What you share with your circle (your availability, mood, profile details, and location if you enable it) is encrypted on your device for each recipient individually. Our servers store and route only encrypted messages: we cannot read their content, and neither can anyone who compromises our servers. Encryption keys are generated and kept on your device.
What we collect and why
- Phone number — your account identifier, verified by SMS code. Used for sign-in and so friends who already know your number can find you.
- Display name and profile photo — shown to the people you connect with.
- Connections — who you are connected with (needed to route your encrypted messages). We see who is connected to whom, never what you share.
- Contact discovery (optional) — if you allow contact access, phone numbers from your address book are hashed and matched on the server, then immediately discarded; your address book is never stored on our servers and never leaves your device in readable form.
- Location (optional, off by default) — if you enable location sharing, a fix is captured only at the moment you change your status or mood (no background tracking) and travels end-to-end encrypted to the friends you allow. Anonymous, coarse location may also feed aggregated, city-level-or-wider mood statistics that are never linked to your account.
- Push tokens — so we can wake the app for new encrypted messages (via Google Firebase). Pushes are content-free.
- Crash reports — technical diagnostics via Firebase Crashlytics (device model, OS version, stack trace). No message content is ever included.
- Purchases — subscriptions are processed by the app store and RevenueCat; we receive subscription status, never your payment details.
What we deliberately do NOT do
- No advertising, no ad identifiers, no selling or sharing of personal data.
- No reading of your shared content — technically impossible for us by design.
- No background location tracking.
- No social graph mining beyond routing your own connections.
Data retention and deletion
Encrypted messages are deleted from our servers once delivered. Account data is kept while your account exists. You can request full account deletion at any time from within the app or by emailing team@moodsnug.com with the subject "Privacy"; deletion removes your profile, connections and directory entries.
Processors we rely on
Supabase (database and authentication infrastructure), Google Firebase (push delivery, crash reporting), Twilio (SMS verification), RevenueCat (subscription management). Each receives only the minimum needed for its role.
Your rights
You may request access to, correction of, or deletion of your personal data, and you may withdraw optional permissions (contacts, location) at any time in your device settings. EU/EEA users have the rights provided by the GDPR.
Changes
We will post any changes to this policy on this page with an updated effective date.