Privacy Policy

Effective Date: September 10, 2025
Last Updated: September 10, 2025

Introduction

Welcome to MoodHaven ("we," "our," or "us"). We are committed to protecting your privacy and the privacy of your children. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

MoodHaven is designed to help families track and manage children's moods, events, sleep patterns, and overall wellbeing through secure, collaborative tools.

1. Information We Collect

1.1 Personal Information

  • Account Information: Name, email address, date of birth

  • Authentication Data: Managed securely through Clerk authentication services

  • Guardian Information: Emergency contact details, guardian email addresses

1.2 Child Profile Information


  • Basic Details: Child's name, date of birth, weight, height

  • Medical Information: Medical conditions, genetic conditions, family medical history

  • Healthcare Provider Information: Pediatrician details, healthcare provider contact information

  • Profile Photos: Optional profile images stored securely

1.3 Health and Wellness Data


  • Mood Entries: Daily mood types (happy, sad, angry, anxious, tired, neutral, excited, frustrated, calm, overwhelmed), energy levels (1-10 scale), pleasantness levels (1-10 scale), emotions, triggers, notes

  • Event Tracking: Episodes including type (violence, hallucination, panic, meltdown, self-harm, aggression, withdrawal, hyperactivity, confusion, other), severity (1-10 scale), duration, triggers, location context, detailed notes

  • Sleep Data: Sleep duration, disturbances, sleep patterns

  • Medication Information: Medication names, dosages, schedules, administration tracking

1.4 Media Content


  • Photos and Videos: Images and videos attached to event documentation (up to 5 photos per event)

  • Voice Recordings: Audio notes converted to text for episode documentation

  • Camera Content: Photos captured directly through the app for event context

1.5 Location and Environmental Data


  • Location Data: Approximate location for weather correlation (when explicitly permitted)

  • Weather Information: Local weather conditions to correlate with mood and event patterns

  • Location Names: General area names for context (not precise addresses)

1.6 Usage and Technical Data


  • App Usage: Feature usage patterns, session duration, app interactions

  • Device Information: Device type, operating system version, app version

  • Crash Reports: Anonymous crash data for app improvement

  • Analytics: Usage analytics to improve app functionality

1.7 Team and Sharing Data


  • Team Information: Team names, member roles (admin, caregiver, viewer), invitation codes

  • Collaboration Data: Shared mood entries, events, and sleep data within authorized teams

  • Permission Settings: Role-based access controls and sharing preferences

2. How We Use Your Information

2.1 Primary Purposes


  • Health Tracking: Enabling mood, event, sleep, and medication tracking for children

  • Data Analysis: Providing insights and trends to support healthcare decisions

  • Collaboration: Facilitating secure data sharing among authorized family members and caregivers

  • Healthcare Support: Assisting healthcare providers with comprehensive care information

2.2 App Functionality


  • User Authentication: Secure account management and access control

  • Data Synchronization: Syncing data across devices for authorized users

  • Offline Access: Providing offline functionality with secure local storage

  • Notifications: Sending relevant alerts and reminders (medication, events, etc.)

2.3 Service Improvement


  • App Enhancement: Improving features based on usage patterns

  • Bug Fixes: Identifying and resolving technical issues

  • Security: Monitoring for and preventing security threats

  • Customer Support: Providing technical assistance and user support

3. Information Sharing and Disclosure

3.1 Authorized Sharing Within Teams


  • Team Members: Data shared only with explicitly authorized team members based on role permissions

  • Healthcare Providers: Information shared only when explicitly connected by users

  • Role-Based Access: Different access levels (admin, caregiver, viewer) control data visibility

3.2 Third-Party Service Providers


  • Clerk (Authentication): Secure user authentication and identity management

  • Supabase (Database): Encrypted data storage with row-level security

  • RevenueCat (Subscriptions): Payment processing for premium features

  • Apple (Platform Services): Speech recognition, location services, weather data

3.3 Legal Requirements


  • Law Enforcement: Only when required by valid legal process

  • Child Safety: When required to protect a child's safety or prevent harm

  • Legal Compliance: To comply with applicable laws and regulations

3.4 Business Transfers


  • In case of merger, acquisition, or sale, user data may be transferred with advance notice

4. Data Security and Protection

4.1 Encryption and Security


  • Data Encryption: All sensitive data encrypted in transit (HTTPS/TLS) and at rest

  • Core Data Protection: iOS built-in encryption for local device storage

  • Secure Authentication: JWT tokens with automatic refresh and validation

  • Row-Level Security: Database policies ensuring user data isolation

4.2 Access Controls


  • User Authentication: Multi-factor authentication support through Clerk

  • Permission Management: Granular role-based access controls

  • Team Isolation: Strict data separation between different teams

  • Audit Logging: Comprehensive access logging for security monitoring

4.3 Data Storage


  • Private Storage: All media files stored in private, secure buckets

  • File Validation: MIME type verification and file size limits

  • Secure URLs: Temporary, signed URLs for media access

  • Regular Backups: Automated, encrypted database backups

5. Your Privacy Rights and Choices

5.1 Access and Control


  • Data Access: View all data associated with your account

  • Data Export: Download your data in portable formats

  • Data Deletion: Delete specific entries or entire account

  • Team Management: Add/remove team members and manage permissions

5.2 Privacy Settings


  • Location Services: Enable/disable weather tracking and location access

  • Media Permissions: Control camera, microphone, and photo library access

  • Sharing Controls: Manage team sharing and collaboration settings

  • Notification Preferences: Customize alert and reminder settings

5.3 Data Retention


  • Active Accounts: Data retained while account is active

  • Account Deletion: Complete data removal within 30 days of account deletion

  • Team Data: Shared data remains with teams until all members remove it

  • Legal Holds: Data may be retained longer if required by law

6. Children's Privacy (COPPA Compliance)

6.1 Parental Consent


  • Guardian Verification: All child accounts require verified guardian consent

  • Age Verification: Strict age verification for users under 13

  • Parental Control: Parents maintain full control over child's data

6.2 Limited Data Collection


  • Minimal Data: Only health-relevant information collected for children

  • No Advertising: No advertising or marketing data collection for children

  • Educational Purpose: Data used solely for health tracking and family care

6.3 Parental Rights


  • Data Review: Parents can review all data collected about their children

  • Data Deletion: Parents can request deletion of child's data at any time

  • Access Control: Parents control who can access their child's information

7. International Data Transfers


  • Data Location: Primary data storage in secure, compliant data centers

  • Transfer Protections: Appropriate safeguards for international transfers

  • EU Compliance: GDPR-compliant handling for European users

  • Regional Compliance: Adherence to local privacy laws where applicable

8. Cookies and Tracking

8.1 Local Storage


  • Offline Functionality: Local data storage for offline app functionality

  • User Preferences: Settings and preferences stored locally

  • Authentication Tokens: Secure token storage in iOS Keychain

8.2 Analytics


  • Usage Analytics: Anonymous usage patterns to improve app functionality

  • Crash Reporting: Anonymous crash data for bug fixes

  • Performance Monitoring: App performance metrics (no personal data)

9. Third-Party Integrations

9.1 Authentication (Clerk)


  • Purpose: Secure user authentication and identity management

  • Data Shared: Email, name, authentication tokens

  • Privacy Policy: Clerk Privacy Policy

9.2 Database (Supabase)


  • Purpose: Secure, encrypted data storage and synchronization

  • Data Shared: All user health and app data (encrypted)

  • Privacy Policy: Supabase Privacy Policy

9.3 Payments (RevenueCat)


  • Purpose: Subscription and payment processing

  • Data Shared: Purchase information, subscription status

  • Privacy Policy: RevenueCat Privacy Policy

9.4 Apple Services


  • Purpose: Platform services (location, speech, weather)

  • Data Shared: Location data, voice recordings (processed locally)

  • Privacy Policy: Apple Privacy Policy

10. Data Breach Response

10.1 Breach Notification


  • User Notification: Immediate notification of any data breaches affecting personal information

  • Authority Notification: Compliance with regulatory notification requirements

  • Incident Response: 24/7 monitoring and immediate response protocols

10.2 Breach Mitigation


  • Immediate Action: Immediate containment and assessment of breaches

  • Security Enhancement: Additional security measures post-breach

  • User Support: Dedicated support for affected users

11. Privacy Policy Updates

11.1 Change Notification


  • Advance Notice: 30-day notice for material changes to this policy

  • In-App Notification: Prominent notices of policy updates within the app

  • Continued Use: Continued use constitutes acceptance of updated terms

11.2 Version Control


  • Version History: Previous versions available upon request

  • Effective Date: Clear indication of when changes take effect

  • Material Changes: Explicit consent required for material changes

12. Contact Information

12.1 Privacy Questions


For questions about this Privacy Policy or our data practices:

Email: support@moodhaven.com

12.2 Data Protection Officer


For EU residents or GDPR-related inquiries:

DPO Email: dpo@moodhaven.com

12.3 Support


For technical support and general inquiries:

Support Email: support@moodhaven.com
In-App Support: Available through the app's settings menu

13. Legal Basis for Processing (GDPR)

13.1 Lawful Basis


  • Consent: Explicit consent for health data processing

  • Legitimate Interest: App functionality and security improvements

  • Legal Obligation: Compliance with applicable laws

  • Vital Interest: Child safety and wellbeing protection

13.2 Special Category Data


  • Health Data: Processed with explicit consent for healthcare purposes

  • Sensitive Data: Additional protections for mental health information

14. State-Specific Rights


14.1 California Residents (CCPA/CPRA)


  • Right to Know: Categories and sources of personal information collected

  • Right to Delete: Request deletion of personal information

  • Right to Opt-Out: Opt-out of sale of personal information (Note: We do not sell personal information)

  • Right to Non-Discrimination: No discrimination for exercising CCPA rights

14.2 Other State Laws


  • Virginia (VCDPA): Similar rights to access, delete, and correct data

  • Colorado (CPA): Additional rights for Colorado residents

  • Connecticut (CTDPA): Data protection rights for Connecticut residents

15. Retention and Deletion

15.1 Data Retention Periods


  • Active Account Data: Retained while account is active and for legitimate business purposes

  • Inactive Accounts: Data deleted after 3 years of inactivity (with prior notice)

  • Legal Requirements: Some data may be retained longer for legal compliance

  • Backup Data: Secure deletion from all backups within 90 days

15.2 Deletion Process


  • User-Initiated: Immediate processing of deletion requests

  • Complete Removal: Data removed from all systems and backups

  • Confirmation: Deletion confirmation provided to users

  • Exceptions: Legal holds may prevent immediate deletion in rare cases

Conclusion


Your privacy is fundamental to our mission of supporting children's mental health and wellbeing. We are committed to maintaining the highest standards of data protection while providing valuable tools for families and healthcare providers.

This Privacy Policy is designed to be transparent about our practices and your rights. We encourage you to review this policy regularly and contact us with any questions or concerns.

By using MoodGuardian, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

This Privacy Policy is effective as of September 16 2025 and was last updated on September 16 2025