Legal
Privacy policy
Last updated: 13 May 2026
mosc is an independent price-tracking mobile app. This policy explains, in plain terms, what data we collect about you, why, who we share it with, and how you stay in control.
In short: mosc does not sell your data, takes no affiliate commission, and does not use your information for advertising. Your data is used only to make the app work.
1. Who are we?
The mosc app is published by:
- Mathieu Guffens, independent entrepreneur based in Belgium.
- Contact: mathieu@mosc.app
For any question about your personal data, write to this address — Mathieu Guffens acts as the data controller and GDPR point of contact.
2. What data do we collect?
When you use the mosc app, we collect:
2.1 Account data
- Your email address (when signing up with email)
- An encrypted password (never stored in plain text — handled by Firebase Auth)
- Or, if you sign in via Facebook: a Facebook identifier and your associated email
- Your language (FR / EN / NL)
2.2 Usage data
- The list of items you track in your mosc cart (product URLs)
- The list of e-shops you've marked as favourites
- A push notification token (FCM) to send you price-drop alerts — only if you enabled notifications
2.3 Technical data (anonymous)
- Cloud Functions logs (errors, response times) without any direct user identifier
What mosc does NOT collect: your full name, postal address, phone number, profession, contacts, geolocation, or any advertising cookie. No analytics (Google Analytics, Facebook Pixel, etc.) is embedded in the app or the website.
3. What is your data used for?
| Data | Purpose | Legal basis |
|---|---|---|
| Email + password | Identify you on each login | Contract performance |
| Facebook identifier | OAuth sign-in | Consent (at click time) |
| Cart items | Track their prices and notify drops | Contract performance |
| FCM token | Send push notifications | Consent (app setting) |
| Language | Show the app in the right language | Legitimate interest |
4. Shared catalogue — how does it work?
To make price tracking accurate and offer rich history as soon as a product is added, mosc shares items across users. This means:
- If you add a product already tracked by another user, you immediately get its full price history.
- Conversely, your tracking enriches the history for future users.
Important: only the product itself (URL, prices, image) is shared. Your identity — the fact that you track that item — stays strictly private and invisible to other users.
5. Who do we share your data with?
mosc relies on technical sub-processors to operate. We only share your data with those strictly necessary:
- Google Firebase (Google Ireland Ltd, EU + United States) — hosting, authentication, push notifications, cloud functions. Data stored primarily in Europe (europe-west1 region); some technical processing transits via the United States (Google Cloud) under EU Standard Contractual Clauses.
- Apple Inc. and Google LLC — solely for downloading the app via the App Store / Google Play.
- Mailjet (Sinch) (EU) — sends emails from the website contact form.
- Meta / Facebook — only if you use Facebook sign-in (OAuth).
None of these third parties is allowed to use your data for their own purposes (advertising, resale, commercial profiling).
6. How long do we keep your data?
- As long as your account is active, your data is kept to let you use the app.
- If you delete your account (in-app: Settings → Delete my account), your profile, item references, and favourites are deleted within 30 days.
- The global item catalogue (URLs, historic prices) is kept even after your deletion, as it is shared across all users and constitutes the core value of mosc.
- Technical logs are automatically purged after 90 days.
7. Your rights
Under GDPR, you have the following rights:
- Access: obtain a copy of the data we hold about you.
- Rectification: correct inaccurate data.
- Erasure (right to be forgotten): request deletion of your data.
- Portability: receive your data in a structured format.
- Restriction: ask to temporarily suspend processing.
- Objection: object to processing based on legitimate interest.
- Consent withdrawal: at any time, without affecting past lawful processing.
To exercise these rights, email mathieu@mosc.app. We respond within 30 days. Most rights can also be exercised directly in the app (profile editing, account deletion).
8. Security
Passwords are stored in hashed form by Firebase Auth. Exchanges between the app and our servers are encrypted over HTTPS / TLS. No data access is granted outside of the publisher (Mathieu Guffens). We follow standard security best practices (least privilege, secrets in dedicated managers, no password logging).
9. Minors
mosc is not intended for children under 16. If you are a parent or guardian and believe your child has given us data, contact us and we will delete it.
10. Changes to this policy
This policy may be updated to reflect technical or legal changes. The update date is shown at the top. Substantial changes will be notified directly in the app.