compliance
the boring-but-important stuff about how we handle your data.
data protection & privacy
we follow gdpr, ccpa, and general best practices for keeping your data safe. here's the details.
gdpr compliance
for users in the european union, we comply with the general data protection regulation (gdpr). you have the right to access, correct, delete, and export your personal data at any time.
ccpa compliance
for california residents, we comply with the california consumer privacy act (ccpa). you have the right to know what personal information we collect, opt-out of data sales (we don't sell your data), and request deletion of your information.
data rights
you have the following rights regarding your data:
- ✓ right to access - request a copy of all data we have about you
- ✓ right to rectification - correct inaccurate or incomplete data
- ✓ right to erasure - request deletion of your personal data
- ✓ right to data portability - export your data in a machine-readable format
- ✓ right to object - object to certain data processing activities
to exercise these rights, visit your account settings or contact us at privacy@moodlog.io
data retention
we retain your data only as long as necessary to provide our services or as required by law:
- active accounts: data retained while account is active
- deleted accounts: personal data deleted within 30 days of account deletion
- backups: backup copies removed within 90 days of deletion
- legal requirements: some data may be retained longer if required by law
security measures
here's what we do to keep things locked down:
- encryption of data in transit (tls/ssl)
- encryption of data at rest
- regular security audits and updates
- access controls and authentication
- secure data centers with physical security
for more details, see our security page.
third-party services
we use a small number of third-party services to run moodlog:
payment processing
stripe (pci dss compliant)
hosting
secure cloud infrastructure
all third parties we use meet the data protection standards we'd want for our own data.
data breach notification
in the unlikely event of a data breach that affects your personal information, we will:
- notify affected users within 72 hours of discovery
- report to relevant supervisory authorities as required by law
- take immediate steps to contain and remediate the breach
- provide guidance on protective measures you can take
cookie policy
we use essential cookies to provide our services:
- • session cookies for authentication
- • security cookies for csrf protection
- • preference cookies for user settings
no tracking cookies. no ad cookies. we don't do that.
questions
privacy & compliance questions
privacy@moodlog.io