Legal

Privacy Policy

Plain language, because your habits are personal. This explains what Mosaik collects, why, and the control you keep over it.

Last updated: May 31, 2026Version 1.1

The short version

  • Your habits live on your device by default. Sync is optional and only with Plus.
  • Apple Health access is read-only — we never write to Health.
  • We don't sell your data or run ad-tracking. Ever.
  • This website uses optional analytics cookies only if you accept them in the banner.
  • You can export or delete everything, including your account, anytime.

What we collect

Mosaik is designed to work with as little data as possible. Most of what you create never leaves your device unless you turn on sync.

Data
Why
Habits & check-ins
The core of the app — your habits, goals, and daily completions.
Notes & mood
Optional journal entries and 1–5 mood you attach to a day.
Account email
Only if you create an account for sync — used to sign you in.
Sync data
An encrypted copy of your habits, kept in step across your devices (Plus).

You can use Mosaik with no account at all. In that mode, nothing is sent to our servers.

Apple Health & HealthKit

If you enable auto-tracking, Mosaik reads a small set of metrics from Apple Health to mark relevant habits for you.

  • Read-only: steps, sleep, and mindful minutes — only the types you allow.
  • Mosaik never writes any data back to Apple Health.
  • Health data is processed on your device to set a habit's daily value; it is not sold, shared, or used for advertising.
  • You can revoke access at any time in iOS Settings → Health, or by turning auto-tracking off in the app.

Third-party services

We rely on a few trusted providers to run the parts of Mosaik that need a server. Each receives only the data necessary for its job.

Provider
Purpose & data
Supabase
Account authentication and encrypted sync for Plus users. Stores your email and synced habit data.
RevenueCat
Manages subscriptions and purchases. Receives a pseudonymous purchase identifier — not your habits.
Sentry
Crash diagnostics in production, so we can fix bugs. Receives technical error reports, not habit content.
Google Analytics (Firebase)
Aggregated app analytics in production (iOS). Helps us understand feature usage and funnels — not your habit content or notes.

The providers above power the Mosaik mobile app. Sentry and Google Analytics run only in production app builds. We do not use third-party advertising or cross-app tracking SDKs in the app.

When you visit this website (themosaik.app), we use Google Analytics 4 — but only if you accept analytics cookies. See Cookies & this website below.

Cookies & this website

This section applies to our marketing website only — not the Mosaik app on your phone. We ask for your consent before loading any analytics on this site.

Type
What & why
Essential
A preference cookie (stored in your browser) so we remember whether you accepted or declined analytics. Required to honor your choice.
Analytics (optional)
Google Analytics 4 (GA4), loaded only if you click “Accept analytics”. Helps us see aggregate traffic — pages visited, referrers, device type — so we can improve the site. We do not use GA4 to track app usage or habit data.

You can accept or decline analytics when the banner appears, or change your choice anytime via Cookie settings in the site footer. If you choose essential cookies only, GA4 is not loaded.

Google may process data in the United States and other countries. Where required, we rely on appropriate safeguards for international transfers. Google's privacy policy is at policies.google.com/privacy.

How we use your data

  • To provide the app: store your habits, show your grid, and sync across devices.
  • To deliver reminders you set up (processed locally on your device).
  • To process subscriptions and restore purchases.
  • To diagnose crashes and improve features through aggregated analytics (in the app, and on this website only with your cookie consent).

We do not sell your personal data, share it with advertisers, or use your habits or notes to train models.

Data retention

On-device data stays until you delete it or uninstall the app. If you use sync, your encrypted data is retained on our infrastructure for as long as your account is active.

When you delete your account, synced data is removed from our active systems promptly and purged from encrypted backups within 30 days. Diagnostic and aggregated analytics records are kept for a limited period and are not linked to your identity. Website analytics data retained by Google is governed by Google's retention settings and our GA4 configuration.

Your rights & deleting your account

You stay in control of your data at all times:

  • Cookie preferences: use Cookie settings in the site footer to withdraw analytics consent on this website.
  • Export:download your full history as CSV from Settings → Data & privacy.
  • Access & correct: all your habit data is visible and editable in the app.
  • Delete account: Settings → Manage subscription → Delete account removes your data from our servers. You can also email us to request deletion.

Depending on where you live (for example the EU/EEA under GDPR, or California under CCPA), you may have additional rights to access, port, or object to processing. We honor these requests regardless of location.

Security

Synced data is encrypted in transit and at rest. Access to production systems is restricted and audited. No method of storage or transmission is perfectly secure, but we work to protect your information using current best practices.

Children

Mosaik is not directed at children under 13 (or the minimum age in your country), and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will remove it.

Changes to this policy

If we make material changes, we'll update the date at the top and, where appropriate, notify you in the app. Continued use after an update means you accept the revised policy.

Contact

Questions about privacy or your data? We're happy to help.

privacy@themosaik.app