Privacy Policy

Last updated: April 12, 2026

1. Introduction

Welcome to MossMug ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Required: Email address, name, and password (or authentication via Google)
  • Optional: Timezone, country, birthday, profile picture (avatar), bio, and username
  • Referral data: If you signed up via a referral link, we record who referred you

2.2 Walking Data

When you use the Service, we collect:

  • Walk records (date and time you logged each walk)
  • Optional walk details: mood, notes (up to 280 characters), and photos
  • Trail discoveries and friend encounters associated with each walk
  • Achievement progress and earned achievements
  • Milestone progress

2.3 Social Data

If you use our social features, we collect:

  • Friend connections and friend request history
  • High fives you give or receive on walks
  • In-app notifications (e.g., friend requests, achievements, high fives)
  • Public profile settings and per-field visibility preferences

2.4 Preferences

We store your preferences including:

  • Email and push notification settings
  • Selected color theme, button icon, and dark mode preference
  • Feature toggles (mood check-in, walk notes, walk photos, trail)
  • Public profile visibility settings
  • Inspiration feature preferences

2.5 Push Notification Data

If you enable web push notifications, we store:

  • Your browser's push subscription endpoint URL
  • Encryption keys required to send push notifications to your device

This data is deleted when you unsubscribe from push notifications.

2.6 Survey Responses

We may occasionally ask you optional product survey questions within the app. If you choose to respond, we store your answer to help us improve the Service.

2.7 Automatically Collected Information

When you use our Service, we may automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Create and manage your account
  • Track your walking progress and display statistics
  • Store and display your walk photos, notes, and mood entries
  • Determine achievement eligibility and award achievements
  • Generate trail discoveries and friend encounters
  • Enable social features (friends, high fives, public profiles)
  • Send you emails you've opted into (password reset, achievements, milestones, weekly digest)
  • Send web push notifications you've opted into
  • Display your public profile to other users (if enabled)
  • Personalize your experience (timezone-based features, birthday achievements)
  • Process referral tracking when you invite others
  • Respond to your comments and questions
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

4. How We Share Your Information

We will never sell your personal information. We may share your information only in the following circumstances:

  • Public profile: If you enable a public profile, the information you choose to display will be visible to anyone who visits your profile URL
  • Friends: Your friends can see that you've walked today and view information you've shared with them
  • With your consent: We may share your information when you give us explicit permission
  • Legal requirements: We may disclose your information if required by law or in response to valid legal requests
  • Service providers: We may share information with third-party service providers who perform services on our behalf (e.g., hosting providers)
  • Business transfers: If MossMug is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership

5. Third-Party Services

We use the following third-party services:

  • Google Sign-In: If you choose to sign in with Google, we receive your name and email address from Google. Google's use of your data is governed by their Privacy Policy
  • Google reCAPTCHA: We use reCAPTCHA to protect against spam and abuse during account registration and password reset. This service may collect usage data as described in Google's Privacy Policy and Terms of Service
  • Matomo Analytics: We use Matomo (a privacy-friendly analytics platform) to understand how users interact with our Service. Matomo operates in cookieless mode, which means no tracking cookies are set and no consent is required. This approach is fully GDPR-compliant. We use Matomo Cloud, which does not share your data with third parties. Data collected includes pages visited, time spent on site, and basic usage patterns. You can learn more at Matomo's Privacy Policy
  • Amazon Web Services (AWS): We use AWS S3 to store user-uploaded files such as walk photos and profile avatars. Files are stored securely and are only accessible through the Service. AWS's data handling is governed by their Privacy Notice
  • Postmark: We use Postmark to deliver transactional and notification emails (e.g., password resets, achievement notifications, weekly digests). Postmark processes your email address and message content to deliver emails on our behalf. Learn more at Postmark's Privacy Policy
  • Honeybadger: We use Honeybadger for error monitoring to help us identify and fix issues. Error reports may include technical details about the request that triggered the error (such as URL, browser type, and IP address) but do not intentionally include personal content like walk notes or photos. Learn more at Honeybadger's Privacy Policy

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and hold certain information. Cookies are files with a small amount of data that are stored on your device. We use:

  • Essential cookies: Required for the Service to function (e.g., keeping you logged in)
  • Preference cookies: Remember your settings and preferences (e.g., selected theme)

We do not use analytics cookies. Our analytics (Matomo) operate in cookieless mode, which means no tracking cookies are set on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly without essential cookies.

7. Data Security

We use reasonable administrative, technical, and physical security measures to protect your personal information:

  • Passwords are securely hashed and never stored in plain text
  • Data is transmitted over encrypted connections (HTTPS)
  • Access to user data is restricted to authorized personnel only

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our Service. If you delete your account, we will delete your personal data, though some information may be retained in backups for a limited period or as required by law.

9. Your Rights and Choices

You have control over your data:

  • Access and update: You can view and update your personal information in your account settings
  • Email preferences: You can control which emails you receive in your notification settings
  • Public profile: You can disable your public profile or adjust what information is displayed at any time
  • Friends: You can remove friends and decline friend requests
  • Account deletion: You can delete your account at any time directly from your Account Settings. You have two options:
    • Delete Walking Data: Permanently removes all your walks and achievements while keeping your account active
    • Delete Account: Permanently removes your entire account and all associated data including your profile, walks, achievements, friendships, and preferences
    Both actions are immediate and cannot be undone. Some information may be retained in backups for a limited period or as required by law.

Depending on your location, you may have additional rights regarding your personal information, including:

  • The right to access your personal data
  • The right to correct inaccurate data
  • The right to delete your data
  • The right to object to processing of your data
  • The right to data portability — to request a copy of your data in a portable format, please contact us

10. Children's Privacy

Our Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us.

← Back to Home