MPF App Oy
Laajalahdentie 16, 00330 Helsinki, Finland
info@moodiempf.com
Data Protection contact: MPF App Oy does not currently have a mandatory obligation to appoint a Data Protection Officer (DPO) under Art. 37 GDPR given the current scale of processing. All data protection enquiries are handled by the controller at info@moodiempf.com. A DPO will be appointed and this policy updated if processing reaches a scale requiring formal appointment.
MoodieFlow is a workplace well-being application operated by MPF App Oy, a company registered in Finland. MoodieFlow enables employees to track their mood and chat privately with an AI companion, and provides HR leaders with anonymous, aggregated team well-being data.
MPF App Oy is the data controller responsible for your personal data. If you have any questions about this policy or wish to exercise your rights, contact us at info@moodiempf.com.
This policy explains what personal data MoodieFlow collects, why we collect it, how long we keep it, who we share it with, and what rights you have under the EU General Data Protection Regulation (GDPR).
When you register, we collect your email address, password (stored as a one-way cryptographic hash — we cannot read it), your role (employee or HR leader), and the timestamp of your consent. We also record which company account you belong to.
Providing your email address is a contractual requirement — without it, we cannot create your account or provide the service. All other data categories below are collected on the basis of your consent and are optional in the sense that you may withdraw consent (by deleting your account) at any time.
When you log a mood, we store the emoji and label you selected, and the timestamp. This data is encrypted at rest with a key unique to your account.
When you chat with Moodie, we store the messages you send and the AI responses you receive. All messages are encrypted at rest with a key unique to your account. Your messages are transmitted to Anthropic's Claude AI to generate responses — see Section 6.
After each conversation, Moodie maintains a short encrypted summary of recurring themes and personal context from your past conversations. These notes are never visible to your HR leader or employer. You can delete them at any time by telling Moodie "forget everything about me" — in any language.
If you choose to save a chat session to your journal, we store a reference to that session and your mood at the time. Journal entries are encrypted at rest and private to you.
If you submit feedback through the app, we store the text of your feedback linked only to your company — never to your personal account or identity.
We collect minimal server-side logs for security and abuse prevention purposes. We do not use third-party analytics SDKs, advertising technology, or tracking pixels in the app.
Mood data and the content of your conversations may reveal information about your mental health or emotional state. Under GDPR Article 9, this is classified as special category data and carries the highest level of protection.
We process this data only on the basis of your explicit consent (Article 9(2)(a) GDPR), given at the time of registration. You may withdraw this consent at any time by deleting your account. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Your HR leader cannot see:
Your HR leader can see:
We share data with the following third-party service providers. All are bound by data processing agreements and are required to protect your data in accordance with GDPR.
| Sub-processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Anthropic PBCanthropic.com | AI processing — your chat messages are sent to Claude AI to generate responses | United States | Standard Contractual Clauses (SCCs) — Art. 46 GDPR |
| Railway Inc.railway.app | Application hosting and PostgreSQL database storage | EU — Amsterdam, Netherlands | Data stored within the EU/EEA |
| Resend Inc.resend.com | Transactional email delivery (e.g. account notifications) | United States | Standard Contractual Clauses (SCCs) — Art. 46 GDPR |
| Vercel Inc.vercel.com | Hosting for the HR web application (hr.moodiempf.com) | United States | Standard Contractual Clauses (SCCs) — Art. 46 GDPR |
⚠️ Note on third-country transfers: Anthropic PBC, Resend Inc., and Vercel Inc. are based in the United States. Transfers to these processors are protected by Standard Contractual Clauses (SCCs) approved by the European Commission under GDPR Article 46. No transfer takes place on the basis of your consent — SCCs are the sole safeguard.
We do not sell your data. We do not share your data with your employer beyond the anonymous aggregates described in Section 5.
🏢 Relationship with your employer: Your employer (the company that provides you access to MoodieFlow) acts as a separate data controller for its own HR and employment records. MoodieFlow processes your personal data as an independent controller under this policy. A data processing agreement (DPA) is in place between MPF App Oy and each employer-customer, governing the limited aggregated data described in Section 5. Your employer cannot instruct MPF App Oy to access or disclose your individual data.
| Data type | Retention period |
|---|---|
| Account data (email, role) | Until you delete your account |
| Mood logs | 12 months from date logged |
| Chat sessions and messages | 12 months from date of session |
| Journal entries | 12 months from date saved |
| AI memory notes | Until deleted by you, or 24 months after your last active session, or account deletion — whichever comes first |
| Anonymous feedback | 12 months from date submitted |
| Technical / security logs | 30 days |
When the retention period expires, data is deleted automatically. You may also request deletion at any time — see Section 8.
Under GDPR, you have the following rights. Contact us at info@moodiempf.com to exercise any of them. We will respond within 30 days.
Request a copy of all personal data we hold about you.
Export all your data in machine-readable JSON format directly from Account → Export my data.
Employees can permanently delete their account and all associated data from Account → Delete account — immediate and irreversible. HR leaders of active company accounts must contact us at info@moodiempf.com; we will process the request within 30 days as required by Art. 17.
Withdraw consent at any time by deleting your account. Does not affect prior processing.
Ask us to correct inaccurate personal data we hold about you.
Ask us to restrict processing of your data in certain circumstances.
You have the right to object at any time to processing based on our legitimate interest (Art. 6(1)(f)) — e.g. security logging. We will stop unless we demonstrate compelling legitimate grounds that override your interests.
We do not make decisions that produce legal or similarly significant effects on you through solely automated means. AI-generated insights are aggregated, anonymised, and reviewed in a human context by HR — no automated decision-making with individual effect takes place.
All sensitive data (mood labels, chat messages, journal entries, AI memory notes) is encrypted at rest using AES-256-GCM with keys unique to each user account. Keys are never stored — they are derived on demand from a server-side secret. Data is transmitted over HTTPS (TLS 1.2+) at all times.
Access to the platform is protected by JWT authentication, bcrypt-hashed passwords (cost factor 12), and mandatory multi-factor authentication (TOTP) for administrative access.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Finnish supervisory authority within 72 hours of becoming aware of the breach (Art. 33 GDPR). Where the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay (Art. 34 GDPR).
The MoodieFlow mobile app does not use cookies. The app does not contain advertising SDKs, cross-app tracking, or third-party analytics. The only network requests made by the app are to our own API server and to Anthropic (for AI responses).
This website (moodiempf.com) uses no analytics or tracking cookies. The waitlist form sends your email address to our server and stores it in our database for up to 90 days for follow-up purposes, after which it is automatically deleted. This page loads the Inter typeface from Google Fonts (fonts.googleapis.com / fonts.gstatic.com). This causes your browser to send your IP address to Google's servers in the United States. Google acts as a separate data controller for this request; please refer to Google's Privacy Policy. If you prefer not to have your IP address transmitted to Google, you can disable web fonts in your browser settings — the page remains fully readable with system fonts.
MoodieFlow is intended for use in a workplace context and is not directed at individuals under the age of 16. We do not knowingly collect data from minors. If you believe a minor has submitted data, contact us at info@moodiempf.com and we will delete it promptly.
If we make material changes to this policy, we will notify you in the app and update the "Last updated" date at the top of this page. Where a change affects processing that is based on your consent, we will ask you to actively confirm your consent before you continue using the service — we will not treat continued use as acceptance. For changes that do not affect consent-based processing (e.g. clarifications or new sub-processors), we will give you advance notice and you may contact us at info@moodiempf.com to object before the change takes effect.
If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Finnish data protection supervisory authority:
Office of the Data Protection Ombudsman
Tietosuojavaltuutetun toimisto
PO Box 800, FI-00531 Helsinki, Finland
tietosuoja@om.fi ·
tietosuoja.fi