← Back 🎭 annomuss

Privacy Policy

1. What We Collect

To use Annomuss, we collect:

• Email address — used only for login OTP. Never shown to other users.
• Anonymous name — this is what others see. You choose it. We store it.
• Gender — used only for random chat matching. Optional.
• Posts, moods, goals — content you create on the platform.
• IP address — stored temporarily for rate limiting and abuse prevention.
• Last active time — shown as "recently active" — never exact.

2. What We Never Collect

• Your real name, phone number, or address
• Device contacts or camera/microphone (without explicit permission for video calls)
• Browsing history or cross-site tracking
• Precise location (only city-level, if you use Mood Map and opt in)

3. How We Use Your Data

• Email — only to send login OTPs and critical account notifications
• Anonymous name — to identify you within the platform
• Mood logs — to show your personal streak and history (never shared publicly without consent)
• Posts — shown to other users as you intended (anonymous)
• Usage patterns — to improve the platform (aggregated, never individual-level)

4. Who Can See Your Content

• Your posts — visible to all Annomuss users by your anonymous name only
• Your confessions — fully anonymous, no name attached
• Your mood logs — private by default. Only aggregate community data shown
• Your messages — only visible to you and the recipient
• Your email — never visible to other users, ever

5. Data Storage & Security

• Data stored on MongoDB Atlas (encrypted at rest, AWS infrastructure)
• All connections use HTTPS/TLS encryption
• Passwords/PINs are hashed with bcrypt (never stored plain)
• JWTs expire after 7 days — re-login required
• Reports and moderation records are retained permanently for safety

6. Data Retention

• Stories — auto-deleted after 24 hours
• OTP codes — deleted immediately after use or expiry (5 minutes)
• Account data — kept until you request deletion
• Deleted accounts — anonymized immediately (email replaced, name replaced)
• Reports/moderation records — kept permanently for platform safety

7. Your Rights

• Delete account — available in Security settings. Takes effect immediately.
• Change name — available once every 7 days in Security settings
• Block users — blocks all content and interaction from that user
• Data export — email us to request a copy of your data

8. Third-Party Services

• MongoDB Atlas — database hosting (AWS, encrypted)
• Render — server hosting
• Netlify — frontend hosting
• Gmail SMTP — OTP delivery only
• Cloudinary — media storage (if used for image uploads)

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

9. Children's Privacy

Annomuss is not intended for users under 13 years of age. If we discover an account belongs to someone under 13, we will delete it immediately.

10. Changes to This Policy

We may update this policy as the platform evolves. Significant changes will be announced in the app. Continued use after notification constitutes acceptance.