Privacy Policy

Last Updated: March 24, 2026

Mogyou ("we," "our," or "us") respects your privacy and is committed to protecting the personal data of our users worldwide. This Privacy Policy explains how we collect, process, and store your data, especially focusing on the sensitive biometric data required for our AI analysis tools.

This policy is designed to comply with global privacy standards, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other international data privacy laws.

1. What Information We Collect

We collect essential data to provide and improve our services:

  • Account Information: Email address, secure password hash, username, and age (to ensure you are 18+ or have parental consent).
  • Biometric & Health Data: Photos of your face and body submitted exclusively for AI analysis (Face Scanner and Body Scanner). Metrics derived from these photos (e.g., estimated body fat, facial symmetry).
  • Payment Information: Processed securely by Stripe. We do not store your credit card details on our servers.
  • Usage & Device Data: IP addresses, browser type, device information, and diagnostic data to ensure the app runs smoothly.

2. How We Process Your Photos (Biometric Data)

Given the highly sensitive nature of biometric data, we have strict protocols regarding your photos:

  • Purpose: Photos are used solely to perform the AI analysis you explicitly request (e.g., generating a fitness or skincare routine).
  • Zero Training Policy: We do NOT use your private photos to train our overarching AI models, nor do we permit our AI providers (OpenAI) to use your images to train their foundational models.
  • Storage & Deletion: The original images are processed securely in memory or temporarily stored as required to generate the output, and are immediately discarded or heavily secured. You have the right to request the immediate destruction of all associated analysis records via your account settings.

3. Third-Party Data Processors

In order to provide a reliable, global service, we utilize industry-standard, secure third-party processors. By using our service, you agree that your data may be processed by:

  • Supabase: For secure database hosting and user authentication (Servers located globally/US/EU depending on infrastructure).
  • Vercel: For fast, secure application hosting.
  • Stripe: For secure payment processing and subscription management.
  • OpenAI: Our primary artificial intelligence partner API. Images sent to OpenAI via the API are strictly governed by their API privacy policy, which forbids the use of customer data to train their models without explicit opt-in.
  • PromoteKit: Used for tracking affiliate and partner referrals via cookies (only if you consent to non-essential cookies).

4. Global Data Transfers

Mogyou is based in Austria (EU). However, our infrastructure providers (like Supabase and Vercel) operate globally. Your data may be transferred to, and maintained on, computers located outside of your state, province, or country where data protection laws may differ. We ensure that all international transfers rely on legally approved frameworks (e.g., Standard Contractual Clauses) to guarantee GDPR-level protection for your data regardless of where it is processed.

5. Cookies and Tracking

We use essential cookies to keep you logged in and secure your session. If you provide explicit consent via our Cookie Banner, we may also use analytics/marketing cookies (like PromoteKit) to track affiliate referrals. You can decline or revoke your consent to non-essential cookies at any time.

6. Your Rights (GDPR, CCPA, & Global)

We grant all users the following baseline rights regardless of their location:

  • Right to Access: You can request a copy of the data we hold about you.
  • Right to Rectification: You can correct any inaccurate data.
  • Right to Erasure (Right to be Forgotten): You can instantly delete your account and all associated data via the "Danger Zone" in your Settings panel.
  • Right to Withdraw Consent: You can withdraw consent for AI processing at any time by deleting your account.

If you are a California resident, you additionally have the right to know and the right to non-discrimination regarding the sale of personal information. Mogyou does not and will never sell your personal information.

7. Data Retention

We retain your account data and analysis history for as long as your account is active to provide you with your progress history. If you initiate a deletion, your data is wiped from our active databases immediately. Encrypted backups are automatically purged within 30 days.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18 without parental consent. We do not knowingly collect personal data from children. If we become aware that we have collected Personal Data from a child without verification of parental consent, we take steps to remove that information from our servers immediately.

9. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact our Data Protection Officer:

  • Email: legal@mogyou.com
  • Company Address: Noah Maximilian Janko, St. Veiterstraße 92, 8046 Graz, Austria