1. Introduction
MG Business Lab ("we", "our", "us") operates the Moodline application ("App"). This Privacy Policy explains how we collect, use, and protect your information when you use our App.
We are committed to protecting your privacy. Moodline was designed with a privacy-first approach — your journal entries never leave your device unencrypted, and we collect only the minimum data necessary to provide our services.
2. Information We Collect
2.1 Account Information
When you sign in with Apple or Google, we receive:
- Email address (may be a private relay address if you use Apple's Hide My Email feature)
- Display name (if provided by your sign-in provider)
- Authentication token for session management
We do not receive or store your Apple ID or Google account password.
2.2 Journal Data
Your journal entries, mood selections, and tags are:
- Stored locally on your device, encrypted using AES-256 encryption via MMKV
- Synced to the cloud via Supabase to enable cross-device access and backup
- Protected in transit using TLS/HTTPS encryption
- Access-controlled using Row Level Security — only you can read your own data
Cloud sync happens automatically in the background. Your data remains available offline and syncs when connectivity is restored.
2.3 AI Processing
When you request an AI-powered reflection (Premium feature):
- Your journal entry text is sent to our secure server for processing
- The entry is processed by an AI model to generate a reflection
- Your entry is immediately discarded after processing — it is not stored, logged, or used for AI training
- Only the generated reflection is returned to your device
2.4 Subscription Data
Subscription and purchase information is managed by Apple (App Store) or Google (Play Store) and RevenueCat (our subscription management provider). We receive:
- Subscription status (active, expired, etc.)
- Subscription type (monthly, annual)
- We do not receive your payment method details, credit card numbers, or billing address
2.5 Usage Data
We may collect anonymized usage data such as:
- Number of journal entries created
- Feature usage patterns
- App performance data and crash reports
This data is anonymized and cannot be used to identify you or reconstruct your journal content.
3. How We Use Your Information
| Data |
Purpose |
Stored Where |
| Email & name |
Account authentication, communication |
Supabase (encrypted) |
| Journal entries |
Your personal journaling, cross-device sync, backup |
Your device (AES-256) & Supabase cloud (RLS-protected) |
| AI reflection requests |
Generate personalized reflections |
Not stored (processed & discarded) |
| Subscription status |
Provide access to premium features |
RevenueCat, Supabase |
| Anonymized usage |
Improve the App |
Analytics service |
4. Data Security
We implement strong security measures to protect your data:
- On-device encryption: Journal entries are encrypted with AES-256 via MMKV. The encryption key is stored in your device's secure enclave (iOS Keychain / Android Keystore).
- Secure authentication: We use industry-standard OAuth 2.0 through Apple and Google sign-in providers.
- Encrypted transmission: All network communication uses TLS/HTTPS encryption.
- Cloud security: Server-side data is stored in Supabase with Row Level Security (RLS) policies, ensuring only authenticated users can access their own data.
- Offline-first architecture: The App works fully offline. Data syncs securely when connectivity is available.
5. Data Sharing
We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:
- Supabase: Authentication, account management, and secure cloud storage for journal data
- RevenueCat: Subscription management
- OpenAI: AI reflection processing (entry text only, immediately discarded)
Each of these service providers is bound by their own privacy policies and data protection agreements.
6. Your Rights
You have the right to:
- Export your data: Use the Export feature in Settings to download all your journal entries as a JSON file.
- Delete your data: You can delete individual entries within the App. Uninstalling the App removes all locally stored data. Contact us to delete your account and all associated cloud data.
- Access your data: All your journal data is accessible within the App at any time.
- Opt out of AI processing: AI reflections are entirely optional and only triggered when you explicitly request them.
7. Data Retention
- Journal entries (local): Stored on your device until you delete them or uninstall the App.
- Journal entries (cloud): Stored in Supabase while your account is active. Deleted within 30 days of account deletion request.
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- AI processing data: Not retained. Discarded immediately after generating a reflection.
8. Children's Privacy
Moodline is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can take appropriate action.
9. Notifications
If you enable daily reminders, notification scheduling is handled locally on your device. We do not use push notifications for marketing purposes.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes through the App. Your continued use of the App after changes are posted constitutes your acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or your data, please contact us:
Last updated: February 22, 2026