Moral Pulse

Privacy Policy

Effective Date: June 8, 2026

Thank you for using Moral Pulse. This Privacy Policy explains what information we collect, how we use it, and the choices you have. Please read it carefully. Your use of Moral Pulse is also subject to our Terms of Service.

[Heading1] 1. Introduction

Moral Pulse is operated by Krafty Thinking, LLC (“we,” “our,” or “us”), based in the United States. If you have questions about this policy, contact us at: [email protected].

[Heading1] 2. Information We Collect

We collect information you provide directly, information generated by your use of the app, and limited technical data from your device.

[Heading2] 2.1 Account & Identity

[Heading2] 2.2 Optional Profile Data

[Heading2] 2.3 Behavioral & Activity Data

[Heading2] 2.4 Subscription & Payment Data

[Heading2] 2.5 Device & Notification Data

The following is collected only if you grant notification permissions:

[Heading2] 2.6 Derived & Aggregate Statistics

Statistics such as your total votes cast, quiz attempts, and correct answers are computed on demand by querying your stored individual vote and quiz records — they are not cached or stored separately. The underlying individual records (votes, quiz attempts) are stored in our database and are what make these statistics possible.

Regional vote breakdowns shown in the app are aggregated across all users and are not individually identifiable.

[Heading2] 2.7 Analytics & Diagnostics

We use the following service providers to understand product usage and to detect and fix technical problems. Neither is used to personalize the content shown to you, to serve advertising, or to make automated decisions about you.

PostHog (product analytics) — collects pseudonymous usage events (screens viewed, features used, in-app actions) linked to your user ID, used to understand aggregate usage patterns and improve the app. PostHog does not receive your password or payment details.

Sentry (crash and performance diagnostics) — collects crash reports, error traces, device and operating-system information, and limited technical data (which may include your IP address) when the app encounters an error, used solely to diagnose and fix problems.

For users in the EU/EEA and UK, these services are enabled only where permitted under applicable law and our consent practices (see Section 7.7).

Server logs — our backend API, hosted on Railway (see Section 4.1), automatically generates standard server logs when you use the app, which include your IP address, the request made, and a timestamp. These logs are used solely for security, rate limiting, and diagnosing technical problems, and are retained only for a limited period.

[Heading2] 2.8 What We Do Not Collect

We do not use advertising SDKs, we do not request Apple’s App Tracking Transparency (ATT) permission, and we do not collect or use advertising identifiers (such as IDFA). Other than the product-analytics and diagnostics providers described in Section 2.7, we do not use third-party tracking or analytics platforms. We do not use your data to serve third-party advertising, and we do not use your behavioral data to personalize the content shown to you or to make automated decisions that produce legal or similarly significant effects.

[Heading1] 3. How We Use Your Information

We use the information we collect to:

We do not sell your personal information and do not use it to serve third-party advertising. We use product-analytics and diagnostic data only in aggregate to understand usage and fix problems; we do not use your behavioral data to personalize the content shown to you or to make automated decisions about you.

[Heading1] 4. How Your Information Is Shared

We share your information only in the following circumstances:

[Heading2] 4.1 Service Providers

We share data with third-party processors who help us operate the app:

These providers are contractually bound to process your data only as directed by us and in accordance with applicable law.

[Heading2] 4.2 Public Profile Data

The following profile fields are visible to any authenticated user of the app: display name and bio. Your display name and current streaks are also visible on your public profile. Featured (winning) Community Debate submissions are displayed publicly alongside your display name and remain viewable after the voting week concludes. Do not include information in these fields or submissions that you wish to keep private. Location, gender, and birth year (if provided) are not publicly visible and are used only for aggregate statistical and demographic breakdowns.

[Heading2] 4.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

[Heading2] 4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent in-app notice before your data is transferred and becomes subject to a different privacy policy.

[Heading1] 5. Data Retention

We retain your personal data for as long as your account is active. Individual activity records — including Daily Debate votes, Community Debate votes, quiz attempts, and Dilemma Room session votes — are retained indefinitely with no automatic expiry. They are deleted when you delete your account. For EU/UK users who withdraw GDPR consent: withdrawal stops future vote processing, but votes cast prior to withdrawal are retained under the standard retention policy above and are not deleted upon withdrawal.

You may request deletion of your account and all associated data at any time (see Section 7). Upon account deletion, we will remove your data from our active systems — including both our application database and Supabase Auth — within 30 days. Residual copies in our encrypted backups are purged within 90 days of deletion. Please note that Supabase, as a third-party data processor, may retain data in its own infrastructure backups on its own schedule, as governed by our data processing agreement with Supabase. Some data may be retained beyond these periods where required by applicable law.

Aggregate, anonymized statistics (e.g., total votes by region) may be retained indefinitely as they cannot be used to identify you.

[Heading1] 6. Data Security

We implement industry-standard security practices including:

No method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to contact us immediately at [email protected] if you suspect unauthorized access to your account.

[Heading1] 7. Your Rights and Choices

[Heading2] 7.1 Access and Correction

You can view and update your profile information (display name, bio, location, gender, and birth year) at any time from within the app.

[Heading2] 7.2 Account Deletion

You may delete your account at any time from the app’s settings. Deleting your account removes your profile and all associated activity data from our active systems within 30 days, and from our encrypted backups within 90 days. This action is irreversible.

[Heading2] 7.3 Notification Preferences

You can adjust or disable push notifications at any time from your in-app notification settings or from your device’s system settings.

[Heading2] 7.4 Location

Location is optional. You can clear your location from your profile settings at any time. Gender and birth year are also optional and can be updated or removed from profile settings at any time. For each demographic field you provide (location, gender, birth year), you can independently opt out of having that data included in aggregate breakdowns using the “Include in breakdowns” toggle in the About You section of your profile settings.

[Heading2] 7.5 Data Portability

You may request a copy of your personal data in a machine-readable format (JSON) at any time by contacting us at [email protected]. Your personal voting history is also accessible directly within the app via the My Votes screen. We will fulfill portability requests within 45 days (or within one month for EU/EEA and UK residents, as required by GDPR Article 12).

[Heading2] 7.6 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising purposes. To exercise any of your rights, contact us at [email protected]. We will respond within 45 days, as required by law. We will not discriminate against you for exercising any of these rights.

[Heading2] 7.7 EU and UK Residents (GDPR/UK GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following applies to you in addition to the rights described above. We process your personal data under the following legal bases: (a) Contract performance — processing necessary to create and maintain your account and deliver the features you use; (b) Legitimate interests — detecting abuse, improving the app, and ensuring platform integrity, where these interests are not overridden by your rights; (c) Consent — sending push notifications (which you may withdraw at any time via your notification settings); and (d) Explicit consent (Article 9(2)(a)) — for EU/UK users, processing of vote data (Daily Debate votes, Community Debate reactions, and Community Debate votes) that may constitute special-category data under GDPR Article 9 as data revealing political opinions or philosophical beliefs. This consent is requested before your first vote and may be withdrawn at any time from your Profile settings.

GDPR Article 9 and voting data: We treat vote data in Moral Pulse — including Daily Debate votes, Community Debate reactions, and Community Debate votes — as potentially constituting special-category data under GDPR Article 9, because it may reveal information about your political opinions, or religious or philosophical beliefs. Accordingly, we ask all new EU/UK users to confirm their residency at first login and, separately, to provide explicit consent before any vote data is processed. EU/UK users who decline consent may still browse and view the app but will not be able to cast votes or reactions until consent is given. You may withdraw consent at any time from the EU/UK Data Consent setting in your Profile. Withdrawing consent stops future vote processing; votes you have already cast are retained under the standard retention policy and are not deleted upon withdrawal. You may re-consent at any time from the same setting.

In addition to the rights described in this Section 7, you have the right to: (i) object to processing based on legitimate interests; (ii) restrict processing in certain circumstances; (iii) lodge a complaint with your local data protection authority. For EU residents, the relevant authority is your member state’s national supervisory authority; a full list is available at edpb.europa.eu. For UK residents, the relevant authority is the Information Commissioner’s Office (ICO), at ico.org.uk. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

[Heading2] 7.8 Do Not Track

Moral Pulse does not respond to browser or device “Do Not Track” signals, as there is no universally accepted standard for how mobile applications should respond to such signals. Because we do not use tracking SDKs or advertising identifiers, this has no practical effect on how your data is handled.

[Heading2] 7.9 Canadian Residents (PIPEDA / Québec Law 25)

If you are located in Canada, you have the right to access the personal information we hold about you, to request correction of inaccuracies, and to withdraw consent to processing (subject to legal or contractual restrictions). We process personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). If you are a resident of Québec, you also have rights under Law 25, including the right to data portability and the right to be informed of automated processing; we do not use your data for automated decision-making. Our privacy contact for Canadian inquiries is [email protected]. You may also lodge a complaint with the Office of the Privacy Commissioner of Canada or, for Québec residents, the Commission d’accès à l’information.

[Heading1] 8. Children’s Privacy

Moral Pulse is intended for users who are 18 years of age or older and is not directed to minors. We do not knowingly collect personal information from anyone under the age of 18. If you believe we have inadvertently collected personal information from a minor, please contact us at [email protected] and we will delete it promptly.

[Heading1] 9. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes to how we collect or use your personal data, we will notify you by email (at the address associated with your account) or by a prominent notice within the app at least 14 days before the changes take effect. For material changes to your data processing, we will seek your affirmative consent where required by applicable law. Non-material updates (such as clarifications or contact information changes) take effect upon posting.

[Heading1] 10. International Data Transfers

Moral Pulse is operated from the United States. If you are accessing the app from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where our servers and service providers are located. By using the app, you acknowledge that your data may be subject to U.S. law, which may differ from the laws of your country.

For users in the EEA or UK, transfers to our third-party processors are made on the basis of the following safeguards:

[Heading1] 11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us:

Moral Pulse Privacy Team

Email: [email protected]

Krafty Thinking, LLC

PO Box 90183

Nashville, TN 37209