MoodOrbit logo

MoodOrbit

MoodOrbit Privacy Policy

Version 1.3 (draft — individual-operator launch structure) Effective Date: TBD

Review status notes (remove before publication): This is a v1.3 revision of the v1.2 draft dated April 22, 2026. v1.3 changes: the service is now operated by Gary as an individual (sole operator / natural-person controller), not "MoodOrbit SRL." This reflects the actual launch structure — an SRL will be formed only when revenue justifies the costs. All highlighted [TO CONFIRM] items still require owner action before the document is considered final. When an SRL or PFA is later formed, a v1.4 revision will substitute the legal-entity name throughout.

Plain-English Summary

At MoodOrbit we care deeply about your privacy while giving you a safe, pseudonymous space to talk with another adult who's feeling something similar to what you're feeling right now. We collect only the minimum information needed to match you for a short voice call, keep the platform safe, and send you push notifications if you opt in. We do not record or transcribe your calls today. We never ask for your real name or photos, and we never sell your data.

You control most of what we hold about you. You can delete your account at any time, see and correct your information, and withdraw consent for optional features like mood tracking or notifications. This policy tells you exactly what we do with your data, why we do it, and what rights you have under EU, UK, and California law.

1. Who We Are

MoodOrbit is operated by Gerald van der Harten, a natural person resident in Romania, acting as the sole operator of the MoodOrbit service and the data controller under GDPR Art. 4(7). Contact address: Strada Cetatea Histria 6, Bloc A4, Sc E, Apt 75, Bucharest, Romania. You can reach us using the details in Section 14.

A note on structure: at the time of this policy's publication, MoodOrbit operates as an individual-developer service, not a registered company. If and when the service grows into a registered legal entity (e.g. a Romanian PFA or SRL), this policy will be re-issued naming that entity as the operator and controller, with the change logged in Section 15.

A note on terminology: throughout this policy we describe users as pseudonymous rather than "anonymous." Your vibe name, mood check-ins, and call history can technically be re-linked to your verified phone number inside our database, which makes them personal data under GDPR Art. 4(1). We minimise this linkage in every screen a user interacts with, but we are transparent that the underlying data is pseudonymous, not fully anonymous.

2. Information We Collect

We collect only what is necessary for the service to function and stay safe.

Account & contact data - Phone number (verified via Vonage SMS one-time password) - AI-generated "vibe name" - Chosen language(s) - Push-notification token (via Expo / Google FCM) — only if you enable notifications

Preference & session data - Mood and energy selections per match - Intent (Talk / Listen / Either) - Gratitudes sent and received (emoji only — 🙏 💙 🌿) - Call metadata: match time, call start/end times, duration, pseudonymous partner pairing, session status - Queue metadata: time zone offset (for match-timing fairness) - Daily match counter (enforces our 5-per-day wellness cap)

Mental-state data — special category under GDPR Art. 9 - Before- and optional after-call mood check-ins - Free-form mood emoji selections - Content of reports you submit that describes another user's behaviour or your own mental state

Safety data - Reports (reason category + session reference) - Blocks (pair references) - Automated report counts, ban status and reason on your profile

Technical / incidental data - Our sub-processors (Supabase, Vonage, LiveKit, Expo / Google FCM) receive your IP address as a technical necessity of network communication. We do not persistently store IP addresses in our application database. Sub-processors retain them only per their own retention policies (typically for fraud detection and short-lived hosting logs).

What we do NOT collect or store - Voice audio content or call recordings - Call transcriptions or voice-derived text - Text-chat message content (see next paragraph) - Real names or photographs - Precise location - Your contacts - Browsing history

Text chat sessions — Phase 5.5 addition. MoodOrbit now also offers an optional text-chat mode as a secondary matching track, in which two pseudonymous users exchange written messages for up to 5 minutes (with the option to mutually upgrade to a voice call). Text message content is transmitted in real time via our realtime infrastructure and is never persisted to our database. When the session ends, the content is gone — we cannot produce a transcript, respond to a message-level DSAR, or recover the content ourselves. The same rule applies as to voice: if we ever introduce server-side processing or retention of text content (for example, automated moderation that stores flagged messages for review), we will update this policy, notify you in advance, and obtain your explicit consent before any such processing applies to you. We will not retroactively process historical text content.

If we introduce any voice-based safety feature in the future (for example, real-time crisis keyword detection as part of our AI Safety Layer), we will update this policy, notify you in advance, and obtain your explicit consent before processing any voice content. We will not retroactively apply such a feature to past calls.

3. How We Use Your Personal Data

4. Lawful Bases for Processing (GDPR & UK GDPR)

For each category of data we process, we rely on a specific lawful basis:

You may withdraw consent at any time for any consent-based processing. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

5. Sharing and Third-Party Processors

We share your personal data with the following sub-processors only to the extent necessary for them to provide their service to us, and under written data-processing agreements that bind them to GDPR/UK GDPR standards:

A current, maintained list of our sub-processors — including name, location, purpose, and the date of the most recent change — is published at [TO CONFIRM — https://moodorbit.app/subprocessors]. We will update that list before adding or changing any sub-processor.

We do not sell your personal data. We also do not "share" your personal data for cross-context behavioural advertising within the meaning of the California Privacy Rights Act (CPRA).

6. International Data Transfers

Some of our sub-processors are based in, or have sub-processors in, the United States. Where your personal data leaves the European Economic Area or the United Kingdom, we rely on the European Commission's 2021 Standard Contractual Clauses (SCCs) with the applicable supplementary measures (encryption in transit and at rest, access controls, audit rights). We conduct transfer-impact assessments where required by case law (including Schrems II).

7. Data Retention

Limits on erasure. The right to erasure is not absolute. We may retain specific records beyond the periods above when necessary to (a) establish, exercise, or defend legal claims, (b) comply with a legal obligation, or (c) preserve moderation history needed to protect other users from an abusive actor. Where we retain any such record, we limit the retention to the minimum data and period necessary.

8. Security and Data Breach Response

We use industry-standard technical and organisational measures — including encryption in transit and at rest, row-level database security, access controls, and regular review — to protect your data. No system is 100% secure.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Romanian supervisory authority (ANSPDCP) within 72 hours of becoming aware of the breach, as required by GDPR Art. 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, as required by GDPR Art. 34.

9. Your Data Rights

Under GDPR / UK GDPR (and, where applicable, CCPA / CPRA) you have the right to:

Automated processing and decision-making. Our matching algorithm uses only your self-reported mood, energy, intent, and language preferences to propose compatible pseudonymous partners. You can always decline a proposed match and start a new one, so this algorithm does not produce a legal or similarly significant effect on you within the meaning of Art. 22 GDPR.

We do, however, operate one automated decision that has a meaningful effect: when a user accumulates a threshold number of valid reports from distinct other users within a short window, our system automatically suspends their account pending review. A user affected by an automated suspension has the right to request human review of the decision by contacting us using the details in Section 14; we will review promptly and restore the account if the suspension is not warranted.

California residents (CCPA / CPRA) additionally have the right to know the specific categories and sources of personal information we have collected, to request deletion, to correct, and to opt out of any "sale" or "sharing" of personal information. We do neither. We honour the Global Privacy Control (GPC) signal when detected, treating it as a valid opt-out request. We do not use personal information for profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any right, contact us using the details in Section 14. We respond within one month, extendable by a further two months in complex cases with notice to you.

10. Children's Privacy

The service is strictly for adults 18 or older. At signup, users must affirmatively confirm they are 18 or older.

We plan to introduce stronger age verification (age-estimation via the Yoti SDK or equivalent liveness-based estimation) in an upcoming release. Until that feature is live, our age check relies on user self-declaration, which we recognise is a limitation.

If we discover that a user is under 18, we will: 1. Immediately suspend the account 2. Delete all personal data associated with the account within 30 days (subject to the limits in Section 7) 3. Not permit the same person to create a new account until they are 18

If you are a parent or guardian and believe your child has created an account, please contact us at the details in Section 14.

11. Digital Services Act (EU DSA)

MoodOrbit is an "online platform" facilitating user-to-user interaction and is therefore subject to Regulation (EU) 2022/2065 (Digital Services Act). In line with the DSA we:

We are currently below the Very Large Online Platform (VLOP) threshold (45 million monthly active EU users) and the additional VLOP obligations do not apply.

12. Cookies and Similar Technologies

MoodOrbit is a native mobile application and does not use browser cookies. The application uses standard mobile platform identifiers (for example, a push notification token from Expo / Google FCM) solely for the purposes described in Section 3. We do not use advertising identifiers (Android Advertising ID, iOS IDFA) and we do not integrate any advertising SDKs or cross-app tracking.

13. Changes to this Privacy Policy

We may update this policy from time to time.

Non-material changes (clarifying wording, formatting, contact updates): we will update the effective date and note the change in the Changelog.

Material changes (new processing purposes, new sub-processors, new categories of data, changes affecting your rights): we will notify you in-app and / or by email at least 30 days before they take effect.

Material changes affecting special category data (Art. 9) — for example, if we introduce any feature that processes your voice content, text content, or expands mental-state inference: we will request fresh explicit consent from you in-app. If you do not grant the new consent, the new feature will not be enabled for your account, and your existing use of the service will continue under the terms you have already consented to.

14. Contact Us

Email: privacy@moodorbit.app [TO CONFIRM — mailbox must be created and monitored before this policy is published]

Postal address: Strada Cetatea Histria 6, Bloc A4, Sc E, Apt 75, Bucharest, Romania (Gerald van der Harten operates MoodOrbit as an individual; no registered office yet.)

Data Protection Officer: We have not currently appointed a formal Data Protection Officer because our present scale of processing does not meet the large-scale threshold under Art. 37(1)(c) GDPR. Given that our core activity includes the processing of special category data (mood and mental-state information), we reassess this obligation quarterly and on reaching 10,000 monthly active users, whichever comes first, and will appoint a DPO if the assessment indicates the threshold has been met.

All privacy queries are handled by our privacy team at the email above and are responded to within one month.

15. Changelog

  1. (Updated 2026-04-24) Operator is currently Gary as a natural person — no registered legal entity yet. Re-issue policy as v1.4 when a PFA or SRL is formed, substituting the legal-entity name + registered office in Section 1 and Section 14.
  2. Confirm Supabase project region (Section 5) — if not EU, Section 6 requires more detail on SCCs and transfer-impact assessment.
  3. Create the privacy@moodorbit.app mailbox and the /subprocessors page before publication.
  4. Engage a Romanian tech-law specialist to review the whole document, paying particular attention to: - DPO threshold analysis (Section 14) — is quarterly reassessment defensible given we process Art. 9 data as a core activity? - Automated-ban under Art. 22 (Section 9) — is the described human-review mechanism sufficient, or do we need to gate the automated suspension itself? - DSA compliance posture (Section 11) — confirm our complaint mechanism and content-moderation policy in the ToS meet DSA requirements. - Governing law clauses in the companion Terms of Service.
  5. Confirm with a California-licensed attorney whether our CCPA/CPRA disclosures (Section 9) are sufficient for any Californian users at launch.
  6. Confirm whether the Romanian ANSPDCP requires any specific national-law language in addition to the GDPR baseline.
  7. Confirm the voice-feature future-proofing language (end of Section 2 and Section 13) is compatible with the planned Phase 6 AI safety layer.
  8. Confirm the 2-year maximum for moderation data (Section 7) is defensible for your jurisdiction; for some severe safety records, longer retention may be justifiable.
  9. Confirm whether a separate Cookie / Tracking Technologies policy is required for the marketing website (outside this app policy).
  10. Confirm whether you need a separate California Privacy Notice or whether Section 9 suffices.
  11. Decide whether to publish the /subprocessors list at a versioned URL with date-stamped history so changes are auditable.
  12. Before launch, run this policy through a readability check (Flesch-Kincaid 8–10 or simpler) — EU courts have partially invalidated consent where policy language was too complex for ordinary users.

End of Privacy Policy v1.1 draft.