GDPR Information

Last updated: 11 January 2026

This document explains how Mochi processes personal data under GDPR for users in the EEA.

Data Controller

Martin Malek Czech Republic, European Union Email: support@madebymochi.app

Data We Process (Mochi iOS App)

Data TypePurposeLegal BasisRetention
Pseudonymous User IDUsage limits, purchasesContract (Art. 6(1)(b))Stored on device
Device InformationCompatibility, improvementLegitimate Interest (Art. 6(1)(f))With request logs
PhotosAI image transformationConsent (Art. 6(1)(a))Deleted within 24 hours
Push Notification TokenImage-ready notificationsConsent (Art. 6(1)(a))Until token refresh
Purchase InformationCredit managementContract (Art. 6(1)(b))Duration of service
Aggregated AnalyticsService improvementLegitimate Interest (Art. 6(1)(f))Indefinitely, non-identifiable

Website Contact Form

Data TypePurposeLegal BasisRetention
NameRespond to inquiryLegitimate InterestUp to 12 months
EmailRespond to inquiryLegitimate InterestUp to 12 months
MessageHandle requestLegitimate InterestUp to 12 months
  • Consent: Photo processing, push notifications
  • Contract: Core app functionality and purchases
  • Legitimate Interest: Aggregated analytics, support

Consent may be withdrawn at any time by discontinuing photo uploads or notifications.

International Data Transfers

Your photos may be temporarily processed outside the EEA:

ProviderLocationPurpose
OpenAIUSAImage transformation
GoogleUSAImage transformation
Alibaba CloudChinaImage transformation
AppleUSAPayments, notifications

Safeguards

  • Standard Contractual Clauses (SCCs)
  • Encryption in transit
  • Data minimization
  • Processing limited to transformation duration

Your GDPR Rights

You have the right to access, rectify, erase, restrict, port, object, and withdraw consent.

Requests: support@madebymochi.app (include pseudonymous user ID). Response time: within 30 days.

Complaints

You may lodge a complaint with your local supervisory authority. Czech Republic: ÚOOÚ – www.uoou.cz

Automated Processing

AI is used solely to transform images based on user request. No profiling or automated decision-making with legal effects occurs.

Security

  • TLS encryption
  • Pseudonymous identifiers
  • Automatic photo deletion
  • Signed API requests

Children

We do not knowingly process data of children below the age required by applicable law (typically 13–16).

Contact

Data Controller: Martin Malek Email: support@madebymochi.app

For general privacy information see the Privacy Policy.