Privacy Policy

1. Information We Collect

We follow a minimal data principle: we collect the information reasonably needed to authenticate users, run workspaces, process requests, secure the service, and communicate with you. We do not sell your personal data.

2. California Privacy Notice

This section supplements the rest of this Privacy Policy for California residents where California privacy law applies. Some rights apply only if MoodLens is legally treated as a covered business under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

To submit a California privacy request, email support@moodlens-ai.com. Account deletion requests should be sent to account-deletion@moodlens-ai.com from the same email address used for the MoodLens account whenever possible. We may need to verify your identity, account relationship, or agent authorization before acting on requests.

3. How We Use Your Data

We do not use your personal data for third-party advertising, and we do not sell or rent your personal data to advertisers or data brokers. Some information is required to create an account or provide a requested feature; if you do not provide it, that feature may not work.

4. Authentication, Providers, Integrations & AI

MoodLens relies on operational service providers to run infrastructure, hosting, storage, analytics, authentication, AI responses, communications, payments, calling, and integrations. Depending on the feature you use, limited data may be processed by those providers to complete the requested workflow.

If you choose Google, Microsoft, or GitHub sign-in, those providers authenticate you and may share basic profile data with us, such as your name, email address, profile image, and provider account identifier, depending on the scopes or claims granted and your provider settings.

We do not allow your personal data or workspace content to be used to train third-party AI models for their own products. When Moody AI or related AI features are used, request content is sent only as needed to generate the requested output or complete the requested action.

If you use AI features with uploaded files or media, our servers may read, download, parse, resize, transcribe, summarize, or convert authorized content into text, image parts, PDF/document parts, audio transcripts, screenshots, or extracted video frames before sending the needed content to AI providers for the requested workflow. Conversation history may cause earlier attachments to be included again as context.

Workspace owners and admins may see workspace content, member profiles, membership records, audit activity, billing state, integrations, automation logs, and other information needed to operate a shared workspace. Other members may see content shared with their workspace, channels, meetings, docs, tasks, or permissions.

Private media is served through authenticated access controls and workspace membership checks. If you publish a doc, share an artifact, or create another public link, the linked content and referenced media may be accessible to anyone with the link until it is unpublished or removed. External file URLs and embeds are controlled by the third-party service that hosts them.

5. AI, Automation & Human Control

6. Your Rights Over Your Data

Depending on your location and the laws that apply, you may have rights to access, correct, delete, export, or restrict the processing of your personal data, and to object to certain processing or withdraw consent where consent is the legal basis.

To exercise these rights, contact us at support@moodlens-ai.com. For account deletion requests, email account-deletion@moodlens-ai.com from the same email address you use to sign in to MoodLens so we can match the request to the account. If we cannot verify the requester, we may ask for additional confirmation or be unable to complete the request. We will respond within the timeframes required by applicable law.

You can also visit the AEPD at aepd.es.

7. Retention, Security & International Processing

We retain personal data for as long as needed to provide the service, secure accounts and workspaces, maintain audit trails, preserve billing and tax records, comply with legal obligations, resolve disputes, and enforce agreements. After deletion requests, we delete or anonymize data within a reasonable period except where retention is legally required or where limited backup, security, billing, or dispute records must be retained.

Some in-product deletion actions soft-delete records or remove visible links before underlying files, generated PDFs, transcripts, AI context, cached results, or backups are fully removed. Workspace clips are designed to delete the linked storage object when deleted; local clips are stored in your browser and can be removed from that browser. For broader deletion, email account-deletion@moodlens-ai.com so we can review account, workspace, storage, backup, and legal-retention records.

We use industry-standard safeguards designed to protect data, including access controls, encrypted transport, and secure infrastructure practices. No method of storage or transmission is completely secure, but we work to reduce risk and respond appropriately to security incidents.

MoodLens applies authentication, membership checks, file size limits, supported content-type checks, private media proxy controls, and public-link checks for published content. These controls reduce risk but do not guarantee that every unsafe, infringing, or malicious file will be detected before it is uploaded or viewed.

Because we use providers that may operate in multiple countries, your data may be processed outside your city, region, or country. Where required, we rely on appropriate contractual, technical, or organizational safeguards, such as adequacy decisions, standard contractual clauses, or equivalent transfer measures.

8. Cookies & Similar Technologies

We use cookies and similar technologies only where needed for authentication, security, session continuity, preferences, and basic product functionality. We do not use third-party advertising cookies to profile you across unrelated sites for ads. Public website analytics may be used to understand page performance, traffic, and reliability without selling personal data.

These technologies may include session cookies, local storage, security tokens, and login-state markers. If you use Google, Microsoft, or GitHub sign-in, those providers may also use their own cookies or similar technologies as part of their OAuth or OpenID Connect authentication flows, subject to their own policies. You can control browser cookies through your settings, but disabling some technologies may affect how the service works.

Because there is no single industry standard for browser Do Not Track signals, we do not currently respond to those signals. Where a legally recognized opt-out preference signal applies to a sale or sharing of personal information, we will honor it as required; at present, we do not sell personal information or share it for cross-context behavioral advertising.

9. Changes, Controller Details & Contact

We may update this Privacy Policy from time to time. We will post the updated version here and revise the "Last updated" date. For material changes, we may notify you in-product or by email when required by law.

For the purposes of this policy, MoodLens is operated by Moodlens Technology, Carrer de la Riera Alta, 61, Ciutat Vella, 08001 Barcelona, Spain. If you need to exercise privacy rights or contact us about a data issue, please email support@moodlens-ai.com.

We use this email as the primary privacy contact. If a dedicated data protection officer, representative, or additional controller contact becomes required or appointed, we will publish those details here.

We will respond in good faith and within the timeframes required by applicable law.