Privacy Policy
Introduction
Mochi Break ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Mochi Break (the "App").
We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the UK GDPR for users in the United Kingdom, and applicable privacy laws in other jurisdictions.
Please read this Privacy Policy carefully. By using the App, you consent to the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not use the App.
1. Data Controller
The data controller responsible for your personal data is:
Mochi Break
Email: privacy@mochibreak.app
For GDPR-related inquiries, you may contact us at the email address above.
2. Information We Collect
2.1 Information You Provide Directly
| Data Type | Description | Purpose |
|---|---|---|
| Account Information | Email address, display name (via Google Sign-In) | Account creation, authentication, account recovery |
| Mochi Name | The name you choose for your virtual pet | Personalization, leaderboard display |
| User Preferences | App settings, notification preferences, tracked apps selection | Customizing your experience |
2.2 Information Collected Automatically
App Usage Statistics (Requires Your Permission)
We collect information about your usage of specific applications on your device to calculate your "resistance time" and award experience points (XP). This data is collected only with your explicit permission via Android's Usage Access permission.
| Data Type | Description | Purpose |
|---|---|---|
| Foreground Time | Time spent in tracked apps (Instagram, TikTok, Twitter, and apps you select) | Calculate resistance time, award XP |
| Session Data | App open/close events, session duration | Battle detection feature |
| Daily Statistics | Daily totals of resistance time, XP earned, battles won/lost | Progress tracking, statistics display |
Important: We do NOT collect:
- Content you view within other apps
- Messages, photos, or personal content from other apps
- Browsing history or search queries
- Location data
- Contact information
- Microphone or camera data
Device and Technical Information
| Data Type | Description | Purpose |
|---|---|---|
| Device Identifiers | Firebase installation ID | Analytics, crash reporting |
| App Version | Version number of Mochi Break installed | Technical support, feature compatibility |
| Operating System | Android version | Compatibility, debugging |
| Crash Data | Error logs, stack traces | App stability improvement |
2.3 Information from Third-Party Services
Google Sign-In
When you sign in with Google, we receive:
- Email address
- Display name
- Profile identifier
We do NOT receive your Google password or access to your Google account content.
Google Play Billing
When you subscribe to Mochi Pro, we receive:
- Purchase token (for subscription verification)
- Subscription status and expiration date
- Product identifier (monthly or annual plan)
3. How We Use Your Information
We use your information for the following purposes:
3.1 Core App Functionality
- Calculate your resistance time and award XP
- Track your Mochi's level and evolution progress
- Display your statistics and achievements
- Sync your progress across devices (when signed in)
- Send push notifications (level-ups, daily reminders, battle results)
3.2 Account Management
- Create and maintain your account
- Authenticate your identity
- Process subscription purchases
- Provide customer support
3.3 App Improvement
- Analyze aggregated usage patterns to improve features
- Identify and fix bugs and crashes
- Develop new features based on user needs
3.4 Communication
- Send transactional notifications (account-related)
- Send optional motivational reminders (with your consent)
- Respond to your support requests
4. Legal Basis for Processing (GDPR)
For users in the EEA and UK, we process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Core app functionality | Contract - Necessary to provide the service you requested |
| Account management | Contract - Necessary to manage your account |
| Subscription processing | Contract - Necessary to fulfill your purchase |
| Crash reporting and debugging | Legitimate Interest - Improving app stability |
| Analytics (aggregated) | Legitimate Interest - Understanding usage patterns |
| Push notifications | Consent - You can opt out anytime in Settings |
| Usage statistics collection | Consent - Requires explicit permission grant |
5. Data Sharing and Disclosure
5.1 Third-Party Service Providers
We use the following third-party services to operate the App:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Google LLC | User authentication |
| Cloud Firestore | Google LLC | Data storage and sync |
| Firebase Analytics | Google LLC | Analytics |
| Firebase Crashlytics | Google LLC | Crash reporting |
| Firebase Cloud Messaging | Google LLC | Push notifications |
| Google Play Billing | Google LLC | Subscription management |
Data Processing Location: Our Firebase services are hosted on Google Cloud infrastructure. Data may be processed in the United States and other countries where Google operates data centers. Google complies with GDPR through Standard Contractual Clauses.
5.2 Leaderboard (Public Display)
If you participate in the weekly leaderboard, the following information may be visible to other users:
- Your Mochi's name
- Your Mochi's level
- Your weekly XP total
- Your rank
Your email address and personal account details are never displayed publicly.
5.3 Legal Requirements
We may disclose your information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to:
- Comply with legal obligations
- Protect our rights or property
- Prevent fraud or security issues
- Protect the safety of users
5.4 Business Transfers
If Mochi Break is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
5.5 What We Do NOT Do
We do NOT:
- Sell your personal data to third parties
- Share your data with advertising networks
- Use your data for targeted advertising
- Share your detailed app usage data with anyone (only aggregated XP totals appear on leaderboards)
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Data | Until account deletion | Necessary for service |
| Usage Statistics | Until account deletion | Progress tracking |
| Mochi Progress | Until account deletion | Game state preservation |
| Crash Reports | 90 days | Debugging purposes |
| Analytics Data | 14 months (Google default) | Usage analysis |
| Purchase Records | As required by law (typically 7 years) | Legal/tax requirements |
You can request deletion of your data at any time (see Section 8).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal data:
Technical Measures
- Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Encryption at Rest: Data stored in Firebase is encrypted at rest using AES-256
- Authentication: Secure token-based authentication via Firebase Auth
- Access Control: Firestore security rules ensure users can only access their own data
- Server-Side Validation: Cloud Functions validate data integrity and prevent cheating
Organizational Measures
- Limited access to production systems
- Regular security reviews of code and infrastructure
- No storage of passwords (handled by Google Sign-In)
- Sensitive data (like purchase tokens) excluded from debug logs
While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
8. Your Rights (GDPR)
If you are in the EEA or UK, you have the following rights under GDPR:
8.1 Right of Access
You can request a copy of the personal data we hold about you.
How to exercise: Contact us at privacy@mochibreak.app or use the "Export Data" feature in Settings (coming soon).
8.2 Right to Rectification
You can request correction of inaccurate personal data.
How to exercise: Update your Mochi name in the app, or contact us for other corrections.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data.
How to exercise: Use the "Delete Account" feature in Settings, or contact us at privacy@mochibreak.app. Upon deletion:
- Your account and all associated data will be permanently deleted
- Your Mochi, statistics, and settings will be removed from our servers
- This action cannot be undone
8.4 Right to Restrict Processing
You can request that we limit how we process your data in certain circumstances.
8.5 Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
How to exercise: Use the "Export Data" feature in Settings (coming soon), which provides your data in JSON format.
8.6 Right to Object
You can object to processing based on legitimate interests.
8.7 Right to Withdraw Consent
Where we rely on consent, you can withdraw it at any time:
- Push Notifications: Disable in Settings > Notifications
- Usage Stats Collection: Revoke permission in Android Settings > Apps > Mochi Break > Permissions
- Analytics: Contact us to opt out
8.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority in your country of residence.
Response Time: We will respond to your request within 30 days (or sooner where required by law).
9. Children's Privacy
Mochi Break is not intended for children under the age of 13 (or 16 in certain EEA countries). We do not knowingly collect personal data from children under these ages.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@mochibreak.app. We will delete such data promptly.
10. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including the United States, where Google's servers are located.
For transfers from the EEA/UK:
- We rely on Google's compliance with Standard Contractual Clauses (SCCs)
- Google is certified under the EU-U.S. Data Privacy Framework
11. Android Permissions Explained
Mochi Break requests the following permissions:
| Permission | Why We Need It | What Happens If Denied |
|---|---|---|
| Usage Access | To measure time spent in tracked apps and calculate resistance time | Core feature won't work - you won't earn XP |
| Notifications | To send level-up alerts, daily reminders, and battle results | You won't receive push notifications |
| Internet | To sync your progress and verify subscriptions | App works offline but won't sync |
| Run in Background | To track usage even when app is closed | Usage tracking may be less accurate |
You can revoke any permission at any time in Android Settings.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes:
- We will update the "Last Updated" date at the top
- We will notify you via in-app notification or email (for significant changes)
- Continued use of the App after changes constitutes acceptance
We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@mochibreak.app
Data Protection Inquiries:
For GDPR-related requests (access, deletion, portability), please email privacy@mochibreak.app with the subject line "GDPR Request" and include:
- Your registered email address
- The specific right you wish to exercise
- Any relevant details
We aim to respond within 30 days.
14. Additional Information for Specific Regions
14.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act:
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information (Note: We do not sell personal information)
- Right to non-discrimination for exercising your rights
14.2 Brazil Residents (LGPD)
Brazilian residents have rights under the Lei Geral de Proteção de Dados similar to GDPR rights outlined in Section 8.
Summary
| What We Collect | Why | Your Control |
|---|---|---|
| Email & name | Account, sync | Delete account |
| App usage time | Calculate XP | Revoke permission |
| Statistics | Track progress | Export or delete |
| Crash reports | Fix bugs | Automatic (90-day retention) |
| Subscription info | Billing | Cancel anytime |
We do NOT: Sell your data, show ads, track your location, or access your private content.
This Privacy Policy is designed to be transparent and GDPR-compliant. If you have any questions, please don't hesitate to contact us.