MOG

Privacy Policy

Last updated: February 7, 2026

This Privacy Policy describes how MOG ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use the MOG mobile application (the "App") and our website at mogapp.com (the "Website"). By using our services, you agree to the practices described in this policy.

We are committed to protecting your privacy and processing your data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and all applicable data protection laws.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted; we never store or have access to your plaintext password)
  • Display name (optional)
  • Authentication tokens for session management

If you sign in using Google, we receive your email address and basic profile information from Google. We do not receive or store your Google password.

1.2 Fitness and Exercise Data

To provide our core service, we collect:

  • Daily exercise goals and targets you set
  • Exercise completion records and progress tracking
  • Workout session history (routines completed, duration, timestamps)
  • Streak data (consecutive days of activity)
  • Custom exercises and routines you create

1.3 Onboarding Preferences

During initial setup, we collect:

  • Your selected fitness goals (e.g., jawline improvement, better posture)
  • Your experience level
  • How you discovered the App

1.4 Subscription Information

If you purchase a subscription, payment processing is handled entirely by Apple through the App Store. We do not collect or store your payment details (credit card number, billing address, etc.). We receive from our subscription management provider:

  • Your subscription status (active, expired, etc.)
  • Subscription plan type (monthly, yearly, lifetime)
  • Subscription expiration date

1.5 Device and Usage Information

We store notification preferences (notification times and frequency) locally on your device. We do not collect device identifiers, advertising IDs, IP addresses for tracking, location data, or browsing history.

1.6 Information We Do NOT Collect

For clarity, MOG does not collect:

  • Photos, videos, or biometric data
  • Apple HealthKit or Health app data
  • Location or GPS data
  • Contacts or address book information
  • Device advertising identifiers (IDFA)
  • Third-party analytics or tracking data

2. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: To create and manage your account, track your exercises, calculate streaks, and deliver the core App functionality.
  • Personalization: To tailor exercise recommendations and routines based on your goals and experience level.
  • Subscription Management: To verify your subscription status and grant access to premium features.
  • Notifications: To send local device notifications based on your configured schedule. We do not send push notifications from our servers.
  • Service Improvement: To understand usage patterns in aggregate (anonymized) form to improve the App.
  • Legal Compliance: To comply with applicable laws and regulations.

We do not use your data for advertising, marketing to third parties, user profiling for ad targeting, or selling to data brokers.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data on the following legal bases:

  • Contract Performance (Article 6(1)(b)): Processing your account data, exercise data, and subscription data is necessary to provide the service you have requested.
  • Consent (Article 6(1)(a)): For processing your onboarding preferences and fitness goals. You may withdraw consent at any time by deleting your account.
  • Legitimate Interest (Article 6(1)(f)): For using anonymized, aggregated data to improve the service, and for ensuring the security of our systems.

Your exercise and workout data may be considered health-related information under GDPR Article 9. We process this data based on your explicit consent, which you provide by creating an account and using the exercise tracking features. You may withdraw this consent at any time by deleting your account.

4. Data Storage and Security

Your data is stored on servers provided by Supabase, Inc., a cloud infrastructure provider. Data is encrypted in transit using TLS/HTTPS and encrypted at rest. Supabase maintains SOC 2 Type II compliance.

Notification preferences are stored locally on your device using standard iOS secure storage and are not transmitted to our servers.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use the following third-party services:

  • Supabase: Cloud database and authentication provider. Processes your account data, exercise data, and all server-side information. Supabase Privacy Policy.
  • RevenueCat: Subscription and in-app purchase management. Processes subscription status and purchase transaction data. RevenueCat Privacy Policy.
  • Apple: Processes payments for in-app purchases and subscriptions through the App Store. Apple Privacy Policy.
  • Google: If you choose to sign in with Google, Google processes your authentication. Google Privacy Policy.

We do not sell, rent, or share your personal data with any other third parties. We do not use any advertising networks or third-party analytics services.

6. International Data Transfers

Your data may be transferred to and processed in the United States, where our infrastructure providers (Supabase, RevenueCat) operate. These transfers are conducted in accordance with applicable data protection laws, including the EU-US Data Privacy Framework where applicable. By using the App, you consent to the transfer of your data to the United States.

7. Data Retention

We retain your data as follows:

  • Account data: Retained for as long as your account is active.
  • Exercise and workout data: Retained for as long as your account is active.
  • Subscription data: Retained for as long as your account is active, plus any period required for tax or legal compliance.

When you delete your account, all associated data is permanently deleted from our servers. This deletion is irreversible.

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

All Users

  • Access: You can view your data within the App at any time.
  • Deletion: You can delete your account and all associated data from within the App's Settings. Upon deletion, all your data is permanently removed from our servers.
  • Correction: You can update your profile information within the App.

European Economic Area (EEA) Residents — GDPR Rights

  • Right of Access (Article 15): Request a copy of your personal data.
  • Right to Rectification (Article 16): Request correction of inaccurate data.
  • Right to Erasure (Article 17): Request deletion of your personal data.
  • Right to Restriction of Processing (Article 18): Request that we limit how we use your data.
  • Right to Data Portability (Article 20): Request your data in a structured, machine-readable format.
  • Right to Object (Article 21): Object to processing based on legitimate interest.
  • Right to Withdraw Consent (Article 7): Withdraw consent at any time where processing is based on consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

California Residents — CCPA/CPRA Rights

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
  • Do Not Sell or Share: We do not sell or share your personal information as defined under the CCPA/CPRA. We do not use your data for cross-context behavioral advertising.

To exercise any of these rights, please contact us at the email address provided below. We will respond to your request within 30 days.

9. Children's Privacy

MOG is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also provide notice within the App. Your continued use of the App after any changes constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how your data is handled, please contact us at:

Email: privacy@mogapp.com

← Back to Home