Privacy Policy for "Reset"
​
Last updated: 28 April 2025
​
Moment Apps Ltd.
Company No. 15926946
Registered office: 44 Carlton Avenue West, London HA0 3QU, United Kingdom
Contact: contact@momentapps.co.uk
​
1. Who we are
Moment Apps Ltd. (“Reset”, “we”, “our”, “us”) develops the Reset mobile application, which helps users build a daily mental-wellness practice. We act as the controller of the personal data described below.
​
2. What data we collect and why
Mental-health input (special-category data)
• Examples: vent text you type, voice-to-text transcripts, answers to onboarding questions about stress, anxiety, triggers, or prior treatments.
• Purpose: to generate personalised exercises and insights via AI.
• Lawful basis: explicit consent – you choose to provide this information.
• Retention: sent to AI providers and kept by them for up to 30 days; not stored on our servers.
On-device wellness data
• Examples: daily mental-health score, historical entries, exercise picks.
• Purpose: display your history and trends locally in the app.
• Storage: saved only on your device; never uploaded.
• Retention: until you delete the data or uninstall the app.
Usage and event data
• Examples: anonymous Firebase Analytics events, crash logs, in-app actions.
• Purpose: measure performance and improve features.
• Lawful basis: legitimate interests (product analytics).
• Retention: up to 14 months (Firebase default).
Device and attribution identifiers
• Examples: IDFA/AAID, AppsFlyer ID, notification-permission status.
• Purpose: marketing attribution and fraud prevention.
• Lawful basis: consent (gathered via Apple ATT / Google Play prompts).
• Retention: up to 24 months (AppsFlyer default).
Payment and subscription data
• Examples: transaction ID, subscription status reported by RevenueCat.
• Purpose: provide paid features and billing support.
• Lawful basis: performance of contract.
• Retention: while your subscription is active plus six years for accounting.
We do not collect names, email addresses, precise location data, or health-care identifiers.
3. How and where your data is processed
Our trusted processors (all engaged under UK GDPR-compliant contracts) are:
• OpenAI and Anthropic – generate AI responses (servers in the USA; certified under the UK-US Data Privacy Framework and backed by Standard Contractual Clauses).
• Google Firebase – analytics, crash reports, Cloud Functions (servers in the EU and USA; DPF and SCCs).
• Supabase – edge functions and routing (servers in the EU; SCCs).
• RevenueCat together with Apple or Google – subscription fulfilment (servers in the EU and USA; DPF or SCCs).
• AppsFlyer – marketing attribution (servers in the USA; DPF and SCCs).
All traffic is encrypted in transit (TLS). Firebase and Supabase automatically encrypt data at rest.
4. Your choices and rights
• Withdraw consent – simply stop entering vent text or uninstall the app.
• Access, erasure, portability – we do not hold any data that identifies you directly; transient data held by our processors is deleted automatically after the periods listed above.
• Analytics opt-out – disable tracking via your device’s ATT/AAID settings.
• Questions – email contact@momentapps.co.uk.
5. Children
Reset is intended only for users aged 13 years or older. We do not knowingly collect data from children under 13. If you believe that a child has provided data, please contact us so we can delete it.
6. International transfers
Personal data may be processed in countries outside the UK. Transfers rely on:
• UK-US Data Privacy Framework certifications, and/or
• the UK addendum to the EU Standard Contractual Clauses.
​
7. Security
We apply industry best practices, including encryption in transit and at rest, least-privilege access controls, and periodic security reviews. No method is 100 percent secure, but we take reasonable steps to protect your data.
8. Changes
We may update this Privacy Policy from time to time. We will post any revisions in-app; continued use after changes are posted constitutes your acceptance of the revised notice.