Privacy Policy

Last updated: June 13, 2026 · Effective: June 13, 2026

1. Who we are

Mosso is operated by DataNaat, based in Mexico City, Mexico. You can reach us at info@datanaat.com for any privacy-related question, request, or complaint.

2. Information we collect

2.1 Information you provide

Mosso does not require you to create an account, sign in, or provide personal information to play. There are no name, email, phone, location, photo, or contact-list inputs. During onboarding you may type a display name — this stays only on your device and is never uploaded.

You may optionally sign in with Google (Settings) to back up your progress and carry it to another device. This is never required to play.

2.2 Anonymous identity and synced progress

When you first open Mosso, the app automatically creates an anonymous account for you on our backend (powered by Supabase). This account is identified by a randomly-generated ID. It is not linked to your real name, email, phone, device serial number, or any personal identifier.

Mosso assigns this anonymous account a random public display name (from a curated multicultural name pool) and a random country/region. These are purely cosmetic and are shown to other players only when your scores appear in their results screens. They are not your real name or location.

To keep your progress safe and enable global comparisons, the following is synced to your anonymous account:

Your individual results appear to other players only through your random display name and country flag in aggregated, anonymized comparisons (e.g., "the average solve time today was 2:34") — never linked back to you personally.

2.3 Information stored on your device

Mosso stores your full gameplay state locally on your device using Hive, an on-device database (settings, audio/language preferences, daily progress, and other UI state). The app is offline-first: it works without a network and never blocks on it.

2.4 Diagnostics

In release builds we collect crash and error reports through Google Firebase Crashlytics to find and fix problems. A report contains the error and a technical stack trace plus standard diagnostics such as device model, operating-system version, and app version. It contains no name, email, or anything you type. We do not run a behavioral-analytics tracking suite.

2.5 Push notifications

If you opt in to daily reminders, Mosso requests permission to send push notifications and stores a Firebase Cloud Messaging (FCM) token alongside your anonymous account so we can notify you about new daily puzzles. The token is not personally identifying and is regenerated periodically by your device. You can revoke notification permission at any time from your device's system settings or from Mosso's Settings screen.

3. Third-party services

3.1 Supabase

We use Supabase as our backend for anonymous account creation, progress sync, and the global comparison ("rivals") system. Supabase processes data on servers operated by Amazon Web Services in the United States and Europe. Their privacy policy is at supabase.com/privacy.

3.2 Google Firebase

We use Firebase Crashlytics for crash diagnostics and Firebase Cloud Messaging to deliver push notifications. Firebase is governed by Google's privacy policy at firebase.google.com/support/privacy.

3.3 Google AdMob

We use Google AdMob to show advertising. Mosso uses ads in two ways:

All Mosso ads use Google's strictest family-safe content filter ("G — General Audience"). In regions that require it we ask for advertising consent (Google UMP). AdMob may collect a non-personally identifying advertising identifier and approximate location to serve relevant ads. You can reset or limit ad tracking from your device's system privacy settings. AdMob is governed by Google's privacy policy at policies.google.com/privacy.

4. Children's privacy

Mosso is suitable for all audiences but is not specifically directed at children under 13. We do not knowingly collect personal data from children under 13. We do not require sign-in, do not use behavioral advertising targeted at children, and our ads use Google's strictest family-safe filter.

If you are a parent or guardian and believe your child has provided personal information, please contact us at info@datanaat.com and we will respond promptly.

5. Your rights and choices

Depending on where you live (for example, the EU under GDPR or California under CCPA), you may have the right to access, correct, delete, or restrict processing of your data, and to withdraw consent for notifications or advertising.

You can act on these directly in the app:

Because your account is anonymous and its ID is not shown in the app, the most reliable way to delete server-side data is the in-app Delete account flow above. If you can no longer open the app, email info@datanaat.com and we will help you.

6. Data retention

7. Data security

Local gameplay data is stored in an on-device database. Data in transit between Mosso and our backend is encrypted via HTTPS/TLS. Supabase and Firebase apply industry-standard encryption to data at rest. We follow industry-standard practices but no system is 100% secure; if you believe your data has been compromised, contact us at info@datanaat.com.

8. International data transfers

Mosso is operated from Mexico. Supabase processes data on servers in the United States and Europe. Firebase and AdMob process data on Google's global infrastructure, which may include the United States, the European Union, and other regions. By using Mosso you consent to these international transfers.

9. Changes to this policy

If we update this Privacy Policy, we will change the "Last updated" date above. For significant changes (such as adding a new third-party service), we will notify you inside the app before the changes take effect.

10. Contact