Privacy Policy

Moosic is operated by the provider of the Moosic application (“we”, “us”, or “our”), who is the data controller for personal data processed through the app. This Privacy Policy explains what personal data we collect, how we use it, our lawful bases for doing so, who we share it with, how long we keep it, and your rights.

1. Information We Collect

Account information: When you create an account, we collect your email address, username, and display name. If you sign in with Apple or Google, we receive basic profile information from that provider.

Game data: We store your game progress, match results, practice session history, ratings, XP, coin balance, streak data, and cosmetic item ownership.

Usage analytics: We use Amplitude to collect usage analytics, which may include device identifiers, app events, feature interactions, session length, and device type. This data may be associated with your account or device identifiers.

Session replay: If enabled, Amplitude Session Replay may record on-screen interactions such as taps, navigation, and screen flows to help us diagnose bugs and improve usability. We do not intentionally record password fields, payment card data, or private text-entry fields, and we configure masking where available. Session replay is used for debugging and product improvement only.

Crash reports: We use Sentry to collect crash reports and error diagnostics, including device model, OS version, and stack traces. These help us identify and fix technical issues.

Push tokens: If you enable notifications, we store your device push token to send match invitations and daily reminders. You can disable notifications at any time through your device settings.

Purchase data: Subscription and purchase status is managed by RevenueCat, which receives transaction data from Apple App Store or Google Play. We store your premium entitlement status (active/expired) but do not store payment card details.

2. How and Why We Use Your Information

We process your personal data on the following lawful bases:

• Contract: Account creation, gameplay, progress tracking, matchmaking, leaderboards, friend features, subscriptions, and in-app purchases — these are necessary to provide the service you have signed up for.
• Legitimate interests: Security and abuse prevention, crash diagnostics, product improvement, analytics, and session replay — we have a legitimate interest in keeping the app secure and improving the experience for all users.
• Consent: Push notifications — we only send these where you have given consent, and you may withdraw consent at any time through your device settings.
• Legal obligation: Where we are required to retain certain records for tax, accounting, or legal compliance purposes.

3. Third-Party Services

We share data with the following service providers, acting as our service providers and subject to their own privacy terms and policies where applicable:

• Supabase (supabase.com) — authentication, database hosting, and cloud functions
• Amplitude (amplitude.com) — product analytics and session replay
• Sentry (sentry.io) — crash reporting and error tracking
• RevenueCat (revenuecat.com) — in-app purchase and subscription management
• Expo (expo.dev) — push notification delivery

We do not sell your personal information to any third party.

4. International Transfers

Some of our service providers may process personal data outside the UK or EEA. Where this happens, we rely on appropriate safeguards such as adequacy regulations, standard contractual clauses, or the UK International Data Transfer Agreement, as applicable. You can contact us for more information about the safeguards in place.

5. Data Retention

We retain different categories of data for different periods:

• Account and game data: Retained until you delete your account.
• Analytics data: Retained for up to 12 months from collection, in accordance with Amplitude’s retention settings.
• Crash reports: Retained for up to 12 months from collection.
• Purchase and transaction records: Retained for up to 7 years where required for tax, accounting, or legal compliance.
• Support requests: Retained for up to 12 months after resolution.

6. Your Rights

Under applicable data protection law, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Request restriction of processing
• Data portability (receive your data in a structured, machine-readable format)
• Object to processing based on legitimate interests
• Withdraw consent at any time, where we rely on consent as our lawful basis

You can delete your account from the Settings screen in the app. You may also request deletion through our web deletion page at https://playmoosic.com/account-deletion/ or by contacting us at the details below. This will delete or irreversibly anonymise your personal data, except information we are required or permitted to retain by law for legitimate business purposes such as fraud prevention, dispute resolution, or financial record-keeping.

If you are located in the UK or EU/EEA, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ico.org.uk).

7. Children’s Privacy

Moosic is not directed to children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children under these ages. If you believe we have collected such data, please contact us and we will delete it promptly. We encourage parents and guardians to monitor their children’s app usage.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Where required by law, we will notify you of material changes. The latest version will always be available within the app and will show the updated revision date above.

9. Contact

If you have questions about this Privacy Policy, wish to exercise your data rights, or want to make a complaint, contact the provider of the Moosic application or privacy@playmoosic.com.