← MOGSTER

PRIVACY POLICY

Effective 2026-04-27

Who runs Mogster

Mogster is built and operated by Grgur Damiani, an individual developer based in Croatia. If you need to reach a human, email support@mogster.app.

What we collect

  • Email addresses — for the waitlist on mogster.app, and for account creation in the app.
  • Passwords — hashed by Supabase Auth. We never see the plaintext.
  • Date of birth — provided at signup so we can verify you meet our 16+ age requirement.
  • Selfie images you upload for aura rating, stored in Supabase Storage.
  • Aura history — scores, paths you chose, and timestamps, stored in Supabase Postgres.
  • Device and usage metadata that Supabase Auth captures (IP address, user agent, session timestamps).
  • Standard web analytics logged by Vercel — aggregate only, no individual tracking beyond what Vercel provides by default.

Why we collect it

To provide the service: authenticate users, generate aura ratings with AI, show leaderboards and battles, and notify you about launch updates if you joined the waitlist. That's it.

Who we share it with (subprocessors)

  • Supabase — auth, database, and storage — supabase.com
  • Google Gemini — the AI model that generates aura ratings and roasts — ai.google.dev
  • Upstash Redis — rate limiting — upstash.com
  • Railway — API hosting — railway.app
  • Cloudflare — domain DNS and email forwarding — cloudflare.com
  • Vercel — web hosting for mogster.app — vercel.com

We do not sell your data and we do not share it with third parties for advertising. The list above is the full set of subprocessors.

How long we keep it

While your account is active, plus 30 days after deletion (for backup rotation). Waitlist emails are kept until we notify you at launch or you unsubscribe, whichever comes first.

Your rights (GDPR, for EU users)

If you're in the EU, GDPR gives you the right to access the data we hold on you, rectify anything that's wrong, erase your data, request a portable copy, object to processing, and restrict processing in certain cases. To exercise any of these, email support@mogster.app. We'll respond within 30 days.

Your rights (CCPA, for California residents)

If you're a California resident, you have the right to know what data we collect, to have it deleted, and to opt out of the "sale" of personal information. We don't sell data, but the right exists regardless. Same contact: support@mogster.app.

Age restriction

Mogster is for users 16 and older. We ask for your date of birth at signup and require you to confirm you meet this age requirement. We don't knowingly collect data from anyone under 16.

If you discover a user under 16 has created an account — or you are a parent who has discovered your child has done so — email help@mogster.app and we'll review and remove the account. Misrepresenting age is a violation of our Terms and grounds for account deletion.

Content moderation

We screen uploaded images using AI-based safety classification (Google Gemini's built-in content filter) and screen generated roast text against an internal blocklist. Images that fail moderation are not retained — only a SHA-256 hash is logged for audit purposes. Moderation event logs are kept for up to 90 days (with personally identifiable fields stripped after 30 days), then deleted.

If you believe your content was incorrectly flagged, email help@mogster.app and we'll review.

Data location

Data is processed primarily in the EU (Supabase EU region) and in the US (Vercel edge, Cloudflare). By using Mogster you consent to data processing in both jurisdictions.

Changes to this policy

We'll update this page and bump the effective date when things change. If the changes are material — new subprocessors, new data types — we'll notify users by email.

Contact

support@mogster.app. Postal mail is not currently offered; email is the only contact channel.