GDPR Compliance Policy - Mood Ticker

Effective Date: November 1, 2025

Last Updated: November 1, 2025

This GDPR Compliance Policy applies specifically to users located in the European Union (EU) and European Economic Area (EEA) and supplements our main Privacy Policy.

1. Data Controller Information

Data Controller:
Mood Ticker
Contact: moodticker@moodticker.net
Location: United States

2. Legal Basis for Processing Personal Data

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Consent (Article 6(1)(a))

• Email communications for account management and support
• Optional data collection (first name)
• Marketing communications

Contract Performance (Article 6(1)(b))

• Account creation and management
• Subscription billing and payment processing
• Provision of core app services
• Customer support

Legitimate Interests (Article 6(1)(f))

• App security and fraud prevention
• Service improvement and optimization
• Technical functionality and performance
• Legal compliance and dispute resolution

3. Categories of Personal Data We Process

Identity Data

• Email address (required)
• First name (optional)
• Account credentials

Usage Data

• Daily mood selections
• App interaction patterns
• Login frequency and duration

Technical Data

• IP address
• Device information
• Browser type and version
• Operating system

Communication Data

• Support communications
• Email preferences

4. Data Retention Periods

• Active accounts: Data retained while account remains active
• Locked accounts: When a gift subscription expires without renewal, the account is locked immediately. All user data (moods, friends, contest history) is preserved for 14 days as a grace period. If the user pays within 14 days, the account unlocks and all features restore. If no payment within 14 days, the account and all associated data are permanently deleted.
• Deleted accounts: All data permanently deleted immediately
• Legal requirements: Some data may be retained longer to comply with legal obligations
• Monthly Linkup Contest Data: Contest participation records (linkups, standings, winner data) retained for one (1) year for verification and record-keeping, then automatically deleted (1 year + 1 day cutoff). See our Contest Rules for complete details.

5. Your Rights Under GDPR

As an EU/EEA data subject, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how it's processed.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure/Right to be Forgotten (Article 17)

You can request deletion of your personal data when:

• Data is no longer necessary for original purpose
• You withdraw consent and no other legal basis exists
• Data has been unlawfully processed
• Deletion is required for legal compliance

Account deletion is available by scrolling to the bottom of the app home page and clicking 'delete account.'

Right to Restrict Processing (Article 18)

You can request we limit processing of your data in certain circumstances.

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling (though Mood Ticker does not engage in automated decision-making that produces legal or significant effects).

6. How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:
Email: moodticker@moodticker.net
Subject Line: "GDPR Rights Request"

Include in your request:

• Your full name and email address
• Specific right you wish to exercise
• Details of your request
• Proof of identity (if required)

Response Time: We will respond within one month of receiving your request.

7. Data Transfers Outside the EU

Your personal data may be transferred to and processed in the United States, which may not provide the same level of data protection as EU law.

Safeguards for International Transfers:

• We implement appropriate technical and organizational measures
• Data processing agreements with third-party processors
• We rely on your explicit consent for data transfers
• Standard Contractual Clauses (SCCs) where applicable

8. Data Protection Officer (DPO)

While Mood Ticker is not required to appoint a Data Protection Officer, all data protection inquiries should be directed to:
Contact: moodticker@moodticker.net

9. Consent Management

Obtaining Consent

• Clear, affirmative action required
• Separate consent for each processing purpose
• Easy to withdraw consent
• Record of consent maintained

Withdrawing Consent

You can withdraw consent at any time by:

• Updating preferences in your account settings
• Contacting us at moodticker@moodticker.net
• Using unsubscribe links in emails

Note: Withdrawing consent does not affect the lawfulness of processing before withdrawal.

10. Data Security Measures

We implement appropriate technical and organizational measures including:

• Data encryption in transit and at rest
• Access controls and authentication
• Regular security assessments
• Employee training on data protection
• Incident response procedures

11. Data Breach Notification

To Supervisory Authority

We will notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach.

To Data Subjects

We will notify affected individuals without undue delay when the breach is likely to result in high risk to rights and freedoms.

12. Children's Data (Under 16)

• We do not knowingly collect data from children under 13
• Users aged 13-16 require parental consent
• Enhanced protections apply to all minor users
• Special procedures for deletion requests involving minors

13. Automated Processing and Profiling

Current Status: Mood Ticker does not engage in automated decision-making or profiling that produces legal or similarly significant effects.

Future Changes: Should we implement such processing, we will:

• Provide explicit notice
• Obtain necessary consent
• Implement appropriate safeguards
• Provide meaningful information about the logic involved

14. Third-Party Processors

Current Processors

• Stripe (payment processing)
• SendGrid (email delivery)

Processor Requirements

All processors must:

• Provide sufficient guarantees of GDPR compliance
• Process data only on our instructions
• Implement appropriate security measures
• Assist with data subject requests
• Notify us of any data breaches

15. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

Lead Supervisory Authority for Mood Ticker:
Since Mood Ticker is US-based, EU users may contact their local supervisory authority for GDPR complaints. A list of EU supervisory authorities is available at: edpb.europa.eu

16. Contact Information

For all GDPR-related inquiries:
Email: moodticker@moodticker.net
Subject: "GDPR Inquiry"

Response Commitment:

• Rights requests: Within 1 month
• General inquiries: Within 5 business days
• Breach notifications: Within 72 hours (to authorities)

17. Monthly Contest - Special Provisions

Contest Prizes Have No Monetary Value

Important Clarification: All Monthly LinkUp Contest prizes (including Premium subscription access, Gift Premium Access Links, Winner's Circle access, and all associated features) are digital benefits within the MoodTicker™ platform and have ABSOLUTE ZERO (0) monetary value. These prizes:

• Cannot be sold, traded, or exchanged for cash or any monetary equivalent;
• Have no resale value, market value, or financial worth of any kind;
• Cannot be redeemed for gift cards, credits, or any form of payment;
• Are strictly for entertainment, recognition, and platform access purposes;
• Create no tax obligations or reporting requirements.

Gift Premium Access Links - Shareable Exception

Important Note: While most prizes cannot be transferred, Gift Premium Access Links are specifically designed to be shared with friends and family who are NOT already MoodTicker™ subscribers. Gift Links:

• Can and should be shared with non-subscriber friends or family members;
• Will not work for existing MoodTicker™ members;
• Provide a great way to introduce loved ones to the app;
• Still have zero monetary value and cannot be sold or exchanged for money;
• Are the only prize component that can be transferred to others.

Other prizes (Premium subscription access, Winner's Circle access) remain non-transferable and cannot be given, sold, traded, transferred, assigned, or bequeathed to any other person, account, or entity under any circumstance.

Winner's Circle Access - Subscription Requirement

Important: Lifetime Winner's Circle access is contingent upon maintaining an active MoodTicker™ subscription. Winner's Circle access will be suspended if your subscription lapses or expires, and will be restored upon subscription renewal. "Lifetime" refers to the duration of your active subscription status, not perpetual access regardless of subscription status.

Error Correction and Data Accuracy Rights

While you have the right to rectification of inaccurate personal data under GDPR Article 16, this right does NOT extend to contest scores, rankings, or reward calculations that are corrected due to technical errors, glitches, or system malfunctions.

MoodTicker™ reserves the right to:

• Correct any technical errors affecting contest scoring, rankings, or point calculations;
• Adjust Zerkit or LinkUp totals to reflect accurate values;
• Recalculate contest rankings based on corrected data;
• Revoke erroneously granted rewards or access;
• Make retroactive corrections at any time when errors are discovered.

No Right to Erroneous Data: You have no legal right, claim, or entitlement under GDPR or any other law to contest scores, rankings, rewards, or access that resulted from technical errors, glitches, or system malfunctions. Error corrections do not trigger rights to erasure, compensation, or damages.

Contest Data Processing Basis

Contest-related data processing is based on:

• Contractual Necessity (Article 6(1)(b)): Contest participation is part of the platform service you subscribed to;
• Legitimate Interests (Article 6(1)(f)): Maintaining fair competition, preventing fraud, and ensuring accurate contest results.

No Refunds for Contest Issues

Subscription Fees Non-Refundable: Your subscription fee is paid for platform access, not for contest participation or the guarantee of any specific contest features, functionality, or outcomes. Under GDPR, you have no right to a refund arising from:

• Technical errors, glitches, or system malfunctions affecting contest results;
• Changes to contest rules, scoring methodology, or reward structure;
• Loss of points, rankings, rewards, or contest eligibility;
• Contest suspension or termination;
• Platform downtime or unavailability;
• Any discrepancy between expected and actual contest outcomes.

Limitation of GDPR Rights in Contest Context

The following GDPR rights are limited or do not apply to contest-related data corrections:

• Right to Rectification (Article 16): Does not prevent error corrections to contest scores, rankings, or calculations;
• Right to Erasure (Article 17): Does not apply to contest data retained for fraud prevention, legal compliance, or establishing/defending legal claims;
• Right to Data Portability (Article 20): Contest scores and rankings are not portable as they are calculated platform-specific metrics;
• Right to Object (Article 21): Contest participation is voluntary; objection requires ceasing participation.

Contest Data Retention

Contest participation records (LinkUps, Zerkits, standings, winner data) are retained for one (1) year for verification, fraud prevention, and record-keeping, then automatically deleted. This retention period is necessary for:

• Fraud detection and prevention (legitimate interest);
• Verification of contest results and winner eligibility;
• Establishing, exercising, or defending legal claims;
• Compliance with legal obligations.

18. Updates to This Policy

We may update this GDPR policy to reflect:

• Changes in law or regulation
• New processing activities
• Technology changes
• Business developments

Notification: Material changes will be communicated via email and in-app notification at least 30 days before taking effect.

Last Updated: November 1, 2025
Next Review Date: November 1, 2026