GDPR Information
Last updated: 11 January 2026
This document explains how Mochi processes personal data under GDPR for users in the EEA.
Data Controller
Martin Malek
Czech Republic, European Union
Email: apps@hellomalek.com
Data We Process (Mochi iOS App)
Data Type: Pseudonymous User ID
Purpose: Usage limits, purchases
Legal Basis: Contract (Art. 6(1)(b))
Retention: Stored on device
Data Type: Device Information
Purpose: Compatibility, improvement
Legal Basis: Legitimate Interest (Art. 6(1)(f))
Retention: With request logs
Data Type: Photos
Purpose: AI image transformation
Legal Basis: Consent (Art. 6(1)(a))
Retention: Deleted within 24 hours
Data Type: Push Notification Token
Purpose: Image-ready notifications
Legal Basis: Consent (Art. 6(1)(a))
Retention: Until token refresh
Data Type: Purchase Information
Purpose: Credit management
Legal Basis: Contract (Art. 6(1)(b))
Retention: Duration of service
Data Type: Aggregated Analytics
Purpose: Service improvement
Legal Basis: Legitimate Interest (Art. 6(1)(f))
Retention: Indefinitely, non-identifiable
Website Contact Form
Data Type: Name
Purpose: Respond to inquiry
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Data Type: Email
Purpose: Respond to inquiry
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Data Type: Message
Purpose: Handle request
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Legal Basis Summary
Consent: Photo processing, push notifications
Contract: Core app functionality and purchases
Legitimate Interest: Aggregated analytics, support
Consent may be withdrawn at any time by discontinuing photo uploads or notifications.
International Data Transfers
Your photos may be temporarily processed outside the EEA:
Provider: OpenAI
Location: USA
Purpose: Image transformation
Provider: Google
Location: USA
Purpose: Image transformation
Provider: Alibaba Cloud
Location: China
Purpose: Image transformation
Provider: Apple
Location: USA
Purpose: Payments, notifications
Safeguards
Standard Contractual Clauses (SCCs)
Encryption in transit
Data minimization
Processing limited to transformation duration
Your GDPR Rights
You have the right to access, rectify, erase, restrict, port, object, and withdraw consent.
Requests: support@mochiapp.eu (include pseudonymous user ID).
Response time: within 30 days.
Complaints
You may lodge a complaint with your local supervisory authority.
Czech Republic: ÚOOÚ – www.uoou.cz
Automated Processing
AI is used solely to transform images based on user request.
No profiling or automated decision-making with legal effects occurs.
Security
TLS encryption
Pseudonymous identifiers
Automatic photo deletion
Signed API requests
Children
We do not knowingly process data of children below the age required by applicable law (typically 13–16).
Contact
Data Controller: Martin Malek
Email: apps@hellomalek.com
For general privacy information:
https://madebymochi.app/privacy
Last updated: 11 January 2026
This document explains how Mochi processes personal data under GDPR for users in the EEA.
Data Controller
Martin Malek
Czech Republic, European Union
Email: apps@hellomalek.com
Data We Process (Mochi iOS App)
Data Type: Pseudonymous User ID
Purpose: Usage limits, purchases
Legal Basis: Contract (Art. 6(1)(b))
Retention: Stored on device
Data Type: Device Information
Purpose: Compatibility, improvement
Legal Basis: Legitimate Interest (Art. 6(1)(f))
Retention: With request logs
Data Type: Photos
Purpose: AI image transformation
Legal Basis: Consent (Art. 6(1)(a))
Retention: Deleted within 24 hours
Data Type: Push Notification Token
Purpose: Image-ready notifications
Legal Basis: Consent (Art. 6(1)(a))
Retention: Until token refresh
Data Type: Purchase Information
Purpose: Credit management
Legal Basis: Contract (Art. 6(1)(b))
Retention: Duration of service
Data Type: Aggregated Analytics
Purpose: Service improvement
Legal Basis: Legitimate Interest (Art. 6(1)(f))
Retention: Indefinitely, non-identifiable
Website Contact Form
Data Type: Name
Purpose: Respond to inquiry
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Data Type: Email
Purpose: Respond to inquiry
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Data Type: Message
Purpose: Handle request
Legal Basis: Legitimate Interest
Retention: Up to 12 months
Legal Basis Summary
Consent: Photo processing, push notifications
Contract: Core app functionality and purchases
Legitimate Interest: Aggregated analytics, support
Consent may be withdrawn at any time by discontinuing photo uploads or notifications.
International Data Transfers
Your photos may be temporarily processed outside the EEA:
Provider: OpenAI
Location: USA
Purpose: Image transformation
Provider: Google
Location: USA
Purpose: Image transformation
Provider: Alibaba Cloud
Location: China
Purpose: Image transformation
Provider: Apple
Location: USA
Purpose: Payments, notifications
Safeguards
Standard Contractual Clauses (SCCs)
Encryption in transit
Data minimization
Processing limited to transformation duration
Your GDPR Rights
You have the right to access, rectify, erase, restrict, port, object, and withdraw consent.
Requests: support@mochiapp.eu (include pseudonymous user ID).
Response time: within 30 days.
Complaints
You may lodge a complaint with your local supervisory authority.
Czech Republic: ÚOOÚ – www.uoou.cz
Automated Processing
AI is used solely to transform images based on user request.
No profiling or automated decision-making with legal effects occurs.
Security
TLS encryption
Pseudonymous identifiers
Automatic photo deletion
Signed API requests
Children
We do not knowingly process data of children below the age required by applicable law (typically 13–16).
Contact
Data Controller: Martin Malek
Email: apps@hellomalek.com
For general privacy information:
https://madebymochi.app/privacy
Back to form