Privacy Policy

your data is yours — we keep it simple~

Last updated: May 4, 2026

Mochi & Me ("we", "our", or "us") is operated by Autarex Ltd. This Privacy Policy explains what data we collect, how we use it, and your rights. We built this app to be a cozy, private companion — not a data harvesting tool. We collect only what we need to make the app work.

Data We Collect

Automatically on First Launch

When you first open Mochi & Me, we generate a random anonymous UUID (a unique identifier) and store it locally on your device. This UUID is used to identify your session across our third-party services without linking to any personal information. We do not know who you are from this UUID alone.

If You Sign In (Optional)

Signing in is entirely optional. If you choose to link your account with Apple Sign In or Google Sign In, we receive and store:

• Your email address (from Apple or Google)
• A provider user ID (to link your account if you sign in again)

Signing in lets us back up your data to the cloud and restore it on a new device. If you sign in with "Hide My Email" via Apple, we receive Apple's anonymized relay email instead of your real address.

Content You Create

• Your name — the name you share with Mochi during onboarding, used for personalization
• Journal entries — text you write in the in-app journal; stored locally and optionally backed up to the cloud if you are signed in
• Mood selections — how you're feeling when you check in with Mochi (e.g., "doing okay", "rough day"); used only to personalize Mochi's dialogue

Purchase Information

If you subscribe to Mochi & Me Premium, our payment processor RevenueCat handles the transaction through Apple or Google. We receive only your entitlement status (whether you have an active Premium subscription) — not your payment method, card number, or billing address. Those details remain with Apple or Google.

Device and Usage Data

• Crash reports — if the app crashes, Sentry captures the error, your device model, OS version, and a stack trace. This is non-personally-identifiable technical data used to fix bugs.
• Anonymous usage analytics — PostHog records anonymized events (e.g., "opened app", "completed check-in", "sent notification") linked only to your anonymous UUID. No names, email addresses, or journal content are included in analytics events.
• Notification interactions — whether you tap or dismiss Mochi's local notifications, used to personalize notification timing.

Third-Party Services

We use these services to operate the app. Each has its own privacy policy:

• Supabase — cloud database for optional account data backup. supabase.com/privacy
• Sentry — crash reporting and error monitoring. sentry.io/privacy
• PostHog — anonymous product analytics and feature flags. posthog.com/privacy
• RevenueCat — subscription and purchase management. revenuecat.com/privacy
• Apple / Google — app distribution, payment processing, and optional sign-in. Subject to their respective privacy policies.

How We Use Your Data

• To personalize Mochi's dialogue with your name and mood
• To back up and restore your journal and relationship progress if you are signed in
• To manage your Premium subscription status
• To diagnose and fix crashes and bugs
• To understand how features are used so we can improve the app
• To deliver local push notifications you have opted into (no remote server sends these — they are scheduled by the app on your device)

What We Don't Do

• We do not sell your data to third parties
• We do not use your data for advertising or ad targeting
• We do not engage in cross-app or cross-site tracking
• We do not read or analyze the content of your journal entries for marketing or AI training purposes
• We do not share personally identifiable information with any third party except as described in this policy
• Mochi's responses are pre-written dialogue — the app does not send your journal content or messages to any AI service

Data Security

All data transmitted between the app and our servers is encrypted in transit using HTTPS/TLS. Data stored in Supabase is protected by row-level security (RLS) policies, which means your data is only accessible by your account. Your name and journal entries are also stored locally on your device using iOS/Android secure storage.

Data Retention

• Crash logs (Sentry) — retained for 90 days, then automatically deleted
• Analytics events (PostHog) — retained for 12 months, then automatically deleted
• Account and journal data (Supabase) — retained until you request deletion
• Local device data — retained on your device until you uninstall the app or request deletion

Your Rights

Regardless of where you live, you can:

• Access — request a copy of the personal data we hold about you
• Delete — request deletion of all data associated with your account (see below)
• Correct — update your name or email by contacting us
• Opt out of analytics — contact us and we will add your UUID to the opt-out list
• Withdraw notification consent — at any time through the app's reminder settings or your device's system settings

To delete your data, email hello@mochiandme.app with the subject "Data Deletion Request". We will process your request within 30 days and confirm when complete. If you signed in with Apple or Google, include the email address associated with your sign-in.

Children's Privacy

Mochi & Me is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information to us, please contact us at hello@mochiandme.app and we will delete it promptly.

California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you specific rights regarding your personal information:

• Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, and the purposes for which we use it
• Right to Delete — you may request deletion of personal information we have collected, subject to certain exceptions
• Right to Opt Out of Sale — we do not sell your personal information. There is nothing to opt out of.
• Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at hello@mochiandme.app. We do not require you to create an account to submit a CCPA request.

European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under GDPR or applicable local data protection law:

• Right of access — you can request a copy of your personal data
• Right to rectification — you can request correction of inaccurate data
• Right to erasure — you can request deletion of your personal data ("right to be forgotten")
• Right to restriction of processing — you can request that we limit how we use your data
• Right to data portability — you can request your data in a structured, machine-readable format
• Right to object — you can object to our processing of your personal data

Our legal basis for processing personal data is: (a) performance of a contract (providing the app service you requested); (b) legitimate interests (crash reporting, anonymous analytics for product improvement); and (c) consent (optional sign-in, notifications). You can withdraw consent at any time.

To exercise your rights, contact us at hello@mochiandme.app. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. For significant changes, we may also notify you within the app. Continued use of Mochi & Me after changes are posted constitutes your acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or how we handle your data, please reach out.