Privacy Policy

Last updated: 9 February 2025

1. Introduction

MiniMoods ("we", "us", "our") is a child behaviour star chart application that helps parents track and encourage positive behaviours in their children. We are the data controller for the personal data processed through our service.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This privacy policy explains what personal data we collect, how we use it, and your rights.

2. What data we collect

Account data

  • Email address
  • Display name
  • Password (stored in hashed form only)

Children's data

Data you provide about your children, including:

  • Children's names
  • Avatar selections
  • Behaviour definitions and logs
  • Star chart records
  • Diary entries
  • Mood data

Technical data

  • Cookies (see our Cookie Policy)
  • IP address
  • Browser type and version
  • Device information

3. How we use your data

We process your personal data on the following lawful bases under UK GDPR:

Contract performance (Article 6(1)(b))

  • Creating and managing your account
  • Providing the star chart tracking service
  • Storing and displaying your children's data, diary entries, and mood records
  • Authenticating your sessions

Legitimate interests (Article 6(1)(f))

  • Improving and maintaining the security of our service
  • Analysing usage patterns to improve user experience
  • Preventing fraud and abuse

Consent (Article 6(1)(a))

  • Optional analytics cookies (if enabled in the future)
  • Marketing communications (if offered in the future)

4. Children's data

MiniMoods is designed for use by parents and guardians. We take the protection of children's data very seriously and comply with the ICO's Age Appropriate Design Code (Children's Code).

  • No direct collection from children: We do not collect personal data directly from children. All data about children is entered and managed by their parent or guardian.
  • Parental control: Parents have full control over all data relating to their children, including the ability to view, edit, and delete it at any time.
  • Data minimisation: We only collect the minimum data necessary to provide the star chart and behaviour tracking service. We do not collect unnecessary information about children.
  • No profiling: We do not use children's data for profiling, targeted advertising, or any purpose other than providing the service to the parent.
  • Best interests: The best interests of the child are a primary consideration in how we design and operate our service.

5. Data sharing

We do not sell your personal data. We will never sell, rent, or trade your information to third parties.

We share data only with the following service providers who act as data processors on our behalf:

  • Supabase: Database hosting and authentication services. Supabase processes your data under a data processing agreement in accordance with UK GDPR.
  • Vercel: Application hosting. Vercel processes minimal technical data necessary to serve the application.

6. International transfers

Our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the ICO
  • Transfers to countries with an adequacy decision from the UK Government
  • Data processing agreements that require equivalent levels of data protection

7. Data retention

We retain your personal data for as long as your account is active and you continue to use our service. Specifically:

  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Children's data, star records, and diary entries: Retained with your account. You can delete individual entries at any time, or all data by deleting your account.
  • Technical data: Server logs are retained for a maximum of 30 days.

When you request account deletion, we will delete all your personal data and your children's data within 30 days.

8. Your rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can ask us to correct inaccurate or incomplete data. You can also update most data directly through the app.
  • Right to erasure: You can ask us to delete your personal data. You can also delete your account and all associated data through the app settings.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
  • Right to object: You can object to processing based on legitimate interests.
  • Right to withdraw consent: Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to complain to the Information Commissioner's Office (see below).

To exercise any of these rights, please contact us at hello@minimoods.app. We will respond to your request within one month.

9. Cookies

We use essential cookies to keep you signed in and ensure the service functions correctly. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

10. Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • Encryption: All data is encrypted in transit (TLS/HTTPS) and at rest.
  • Row-Level Security (RLS): Database-level access controls ensure you can only access your own data. Each parent's data is strictly isolated.
  • Secure authentication: Passwords are hashed using industry-standard algorithms. Session tokens are securely managed via HTTP-only cookies.
  • Regular updates: We keep our dependencies and infrastructure up to date with security patches.

11. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify registered users by email or through a notice in the app. We encourage you to review this page periodically. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact us

If you have any questions about this privacy policy or how we handle your data, please contact us:

Email: hello@minimoods.app

13. Information Commissioner's Office

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: https://ico.org.uk