1.1 Account Information

When you create an account using Firebase Authentication, we collect:

• Email address
• Unique user ID
• Authentication metadata (e.g., login timestamps)

Passwords are securely hashed and managed by Firebase Authentication. We do not have access to your plain-text password.

1.2 Profile Information

During sign-up or profile customization, you may provide:

• Full name
• Age
• Gender
• Avatar photo (optional)

Avatar images are stored securely using Cloudinary (if uploaded).

Providing profile information beyond email is optional, except where required to complete registration. We use this information only to personalize your experience (e.g., tailored AI insights, greetings, or demographic-based analysis features).

1.3 Mood & Journal Data

When using Moody, we store:

• Mood selections
• Journal entries
• Timestamps
• Streak and activity metrics

This data is stored in Firebase Firestore and linked to your account.

1.4 AI Processing

When you request AI insights:

• Your journal content (and relevant profile context, if applicable) may be securely sent to the Google Gemini API for analysis.
• AI-generated responses may be cached using Upstash Redis for up to 7 days to improve performance.

Cached entries are automatically deleted after expiration. Journal content sent to Gemini API is processed according to Google's Gemini API Terms of Service. Google states that data sent via their API is not used to train their models, but you should review their terms at Gemini APIs Terms of Service for the most current policies.

1.5 Uploaded Images

If you upload Avatar photos or Daily memory images, these are stored using secure, non-guessable URLs via Cloudinary. We store only secure references linked to your account.

• URLs are not indexed or listed publicly
• Access requires knowledge of the specific image URL
• We do not provide a “share” feature that makes images publicly discoverable
• You can request deletion of uploaded images at any time

1.6 Technical & Usage Data

We may collect limited technical data such as Browser type, Device type, Error logs, and Performance metrics.

This data is used strictly for reliability, debugging, and improving the service.

1.7 Session Data

To provide a persistent and secure experience, we manage session information:

• Firebase Authentication tokens manage your login sessions
• Sessions expire after 30 days of inactivity (managed by Firebase)
• You can manually log out from the Dashboard page at any time
• Active sessions are stored client-side using secure, encrypted cookies

Upon logout, all session identifiers are cleared from your device.

1.8 Analytics Data

We use PostHog to collect anonymized usage analytics. This helps us understand how Moody is being used so we can improve the experience. Collected data including:

• Page views and interactions with specific features
• Anonymized demographic trends (e.g., age ranges, not individual specific ages)
• Error rates and general performance metrics
• Device-level technical information (Browser type, Screen resolution)

This data is anonymized and cannot be used to identify you personally. We do not send your email address or journal contents to our analytics provider.

You can opt out of analytics tracking at any time via Settings → Privacy → Analytics.