Your Privacy Matters
Moomo AI (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Moomo AI application on iOS, the web, and any associated services (collectively, the “Service”). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.
1. Information We Collect
1.1 Account Information
When you sign in using Google OAuth through Firebase Authentication, we collect:
- Your name and email address
- Your profile picture URL
- A unique User ID (UID) assigned by Firebase Authentication
- Organization name (if provided by your Google account)
- Timestamps for account creation and last sign-in
1.2 Conversation & Usage Data
We collect information about how you use the Service to provide and improve it:
- Chat messages: Your conversations with the AI assistant, including text, message reactions, and timestamps
- Session metadata: Chat session titles, pinned status, creation and update timestamps
- AI model: The model used to generate responses (Q1)
- Language preferences: Your selected interface and response language
- Search queries: Searches performed through the AI or Workspace features
- Feature usage: Which features you interact with (voice, agent mode, document creation, news, etc.)
- Connected services: Which Google Workspace services (Gmail, Drive, Calendar) you have authorized
- Activity metrics: Total session count, message count, and search count
1.3 Files & Attachments
When you attach files to conversations:
- Images, PDFs, and documents you upload for AI analysis
- File metadata such as file name, size, and type
- Uploaded files are processed temporarily to generate AI responses and are not permanently stored on our servers
1.4 Voice Data
When you use voice interaction features:
- Voice input is processed using the Web Speech API (on web) or native iOS Speech framework (on iOS) directly on your device
- Voice audio is not recorded or stored by Moomo AI — transcription occurs locally on your device
- The transcribed text is sent to the AI models in the same manner as typed messages
1.5 Generated Documents
When you use the document and presentation creation tools:
- AI-generated presentations (PPTX) and documents (DOCX) are created in your browser or device locally
- These files are not uploaded to or stored on our servers
1.6 News Reading Data
When you use the news feature:
- Your selected news categories and search queries are sent to our news aggregation provider (NewsAPI)
- News articles are cached temporarily on your device for up to 5 minutes
- We do not send any personally identifiable information to the news provider
1.7 Device & Technical Information
- Browser type and version
- Device type (iOS or web)
- Operating system and version
- Screen resolution and viewport size
- IP address (collected automatically by Firebase services)
2. How We Use Your Information
| Purpose | Data Used |
|---|---|
| Provide AI Services | Conversation messages, file attachments, language preference, voice transcriptions |
| Personalize Experience | Language settings, model preferences, connected services, activity history |
| Authenticate Users | Email, name, profile picture, Firebase UID |
| Sync Across Devices | Chat sessions, messages, preferences via Firebase Realtime Database |
| Google Workspace Integration | OAuth tokens to access Gmail, Drive, and Calendar on your behalf |
| Analytics & Improvement | Anonymized feature usage, error logs, performance metrics |
| Customer Support | Account information, error logs, activity data (when applicable) |
We do not use your data for advertising, sell your personal information to third parties, or use your conversations to train AI models.
3. AI Data Sharing Disclosure
Important: Data Shared with AI Providers
Moomo AI transmits certain data to third-party AI providers to generate responses. Before your first interaction, the app displays a consent dialog requiring your explicit permission. You may decline, in which case AI features will not be available.
3.1 What Data Is Shared
When you send a message, the following data may be transmitted to AI providers:
- Message text: Your messages and up to the last 20 messages of conversation history in the active session
- File contents: Text extracted from images, PDFs, or documents you attach
- System prompt context: Your language preference and contextual settings (time of day, mood preference)
We do not send your email address, name, profile picture, account credentials, or any other personally identifiable information to AI providers.
3.2 Who Receives Your Data
| AI Provider | Model Used | Moomo Name | Privacy Policy |
|---|---|---|---|
| Google (Gemini AI) | Gemini 2.5 Flash | Q1 | Google Privacy |
3.3 How Data Is Transmitted
- All requests are encrypted via HTTPS/TLS
- Gemini API requests are routed through a secure Firebase Cloud Function proxy with Web Search tool integration
- Conversation history is limited to 20 messages per session to minimize data exposure
- No data is shared for advertising, marketing, or AI model training purposes
3.4 Your Consent
Before any data is sent to AI providers, the app displays a consent dialog that:
- Clearly explains what data will be shared
- Identifies which third parties will receive the data
- Requires your explicit acceptance before any data is transmitted
- Allows you to decline — AI features will be disabled, but other app features remain available
This consent process complies with Apple's App Store Review Guideline 5.1.1(i) and applicable data protection regulations.
4. Third-Party Services
4.1 Google Firebase
We use Firebase services provided by Google for core application functionality:
- Firebase Authentication: Secure sign-in and user identity management
- Firebase Realtime Database: Real-time sync of chat sessions, messages, and user preferences across devices
- Firebase Cloud Functions: Server-side processing and API proxying
- Firebase Hosting: Web application delivery
- Firebase Analytics: Anonymized usage tracking and performance monitoring
4.2 Google Workspace APIs
With your separate, explicit authorization, we may access the following Google services on your behalf:
- Gmail (read-only): Search and retrieve emails — subject, sender, date, and message content
- Google Drive (read-only + file access): Search files, view file metadata and content
- Google Calendar (read-only): View events, search calendar entries, retrieve upcoming schedules
Access is granted via incremental OAuth scope authorization — we only request permissions for services you choose to connect. You can revoke access at any time through your account settings or Google Account Permissions.
4.3 News Aggregation
- NewsAPI: Powers the news reading feature with articles across multiple categories. Only your search queries and category selections are sent; no personal information is transmitted.
4.4 Google Analytics
- We use Google Analytics to understand how users interact with the Service
- Data is aggregated and anonymized where possible
- You can opt out by using browser extensions such as the Google Analytics Opt-out Browser Add-on
5. Data Storage & Security
5.1 Where We Store Data
| Storage Location | Data Stored | Scope |
|---|---|---|
| Firebase Realtime Database | User profiles, chat sessions, messages, activity logs | Cloud (Google infrastructure) |
| Firebase Authentication | Authentication credentials and tokens | Cloud (Google infrastructure) |
| Browser Local Storage | OAuth tokens, preferences, model selection, news cache, connected services | Your device only |
| iOS UserDefaults | OAuth tokens, preferences, offline database cache | Your device only |
5.2 Security Measures
- All data in transit is encrypted using HTTPS/TLS
- Firebase provides industry-standard encryption at rest and in transit
- OAuth access tokens expire after 1 hour and are automatically refreshed with a 5-minute buffer
- Firebase Database security rules restrict data access to authenticated users and their own data
- The Gemini API proxy uses Firebase Cloud Functions with server-side API key management — API keys are never exposed to clients
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account profile | Retained while your account is active; deleted upon account deletion |
| Chat sessions & messages | Retained until you delete individual sessions or your account |
| Activity & error logs | Retained for up to 90 days |
| Analytics data | Aggregated and anonymized; retained for up to 14 months per Google Analytics policy |
| Uploaded files | Processed temporarily; deleted immediately after AI processing |
| Voice audio | Not stored — processed locally on your device in real time |
| Local storage data | Persists on your device until cleared by you or upon account deletion |
7. Your Rights & Choices
7.1 Access & Control
You have the right to:
- Access your data: View your profile, conversations, and activity within the app
- Export your data: Download your chat history in TXT or PDF format (iOS), or request a copy via email
- Delete conversations: Remove individual chat sessions at any time
- Modify preferences: Change language, AI model, and connected service settings
- Revoke Workspace access: Disconnect Gmail, Drive, or Calendar at any time from your account settings or Google Account Permissions
- Withdraw AI consent: Deleting your account revokes all AI data sharing consent
7.2 Account Deletion
You can permanently delete your account at any time:
How to Delete Your Account
iOS: Open the app → tap your profile picture → scroll down → tap “Delete Account” → confirm
Web: Click your profile picture → select “Account” → click “Delete Account” → confirm
Account deletion permanently removes:
- Your user profile from Firebase
- All chat sessions and messages
- All activity logs and usage data
- Your Firebase Authentication account
- All locally stored data on your device
This action is irreversible. If you need assistance, contact privacy@moomo.ai.
7.3 How to Exercise Your Rights
You can manage your data and privacy settings directly within the app, or contact us at privacy@moomo.ai. We will respond within 30 days.
8. Cookies & Local Storage
8.1 Essential Storage
- Authentication tokens: OAuth access and refresh tokens for session management
- Connected services flags: Track which Google Workspace services are authorized
- OAuth state parameters: Security tokens for the authentication flow
These cannot be disabled — they are necessary for the Service to function.
8.2 Preference Storage
- Language setting: Your preferred response language
- News cache: Temporarily cached news articles (expires after 5 minutes)
8.3 Analytics
- Google Analytics: Collects anonymized usage data including page views, feature interactions, and error events
- Firebase Analytics: Event-based tracking for login events, model selections, service connections, and feature usage
- You can manage analytics cookies through your browser privacy settings
9. Children's Privacy
Moomo AI is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@moomo.ai. We will take prompt steps to delete such information.
10. International Data Transfers
Your information may be transferred to and processed on servers located outside your country of residence, including the United States, where Firebase and our AI providers maintain infrastructure. These countries may have data protection laws that differ from those of your jurisdiction.
We rely on the following safeguards:
- Google's commitment to data protection under its Data Processing Addendum
- Encryption in transit and at rest for all stored data
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
- The updated policy will be posted on this page with a new “Effective Date”
- For material changes, we will provide notice through the app or via email
Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this page periodically.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:
Privacy Inquiries: privacy@moomo.ai
General Support: support@moomo.ai
We aim to respond to all inquiries within 48 hours.
At a Glance
We collect only what is needed to deliver the Service. Your conversations are shared with our AI provider (Google) only with your explicit consent. Your voice audio stays on your device. We use Firebase for secure, encrypted storage. You can export, delete, or manage your data at any time. We never sell your data.