Mosiaq — The Puzzle Swap Marketplace
Privacy Policy
Last updated: June 2026
Mosiaq ("we", "us", "our") operates the Mosiaq mobile application (the "App"). This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account information. When you register, we collect your email address. You can sign up with an email address and password, or sign in with Google. Your account is authenticated via Supabase.
Profile information. Display name and preferred swap day. Optionally, your mailing address — required only when you act as a puzzle provider to generate a shipping label.
Puzzle listings and photos. Photos you upload of puzzles you list. These are stored in Cloudflare R2 object storage and may be processed by our computer vision service to verify piece counts.
Transaction data. Records of swaps you request or fulfil, Loop Points balances, and payment history. Payment card details are handled entirely by Stripe — we never see or store raw card numbers.
Device tokens. If you grant notification permission, we store a Firebase Cloud Messaging device token to send you push notifications about your swaps.
Usage data. Standard server logs (IP address, request timestamps, error traces) retained for debugging and security. We do not build advertising profiles from this data.
2. How We Use Your Data
| Data | Purpose |
|---|---|
| Account authentication; verification and password-reset emails (delivered via Resend) | |
| Mailing address | Generating USPS shipping labels when you ship a puzzle |
| Puzzle photos | Displaying listings; Gemini Vision piece-count verification |
| Transaction history | Matching, Loop Points accounting, dispute resolution |
| Device token | Push notifications for swap matches, shipping updates, and confirmations |
| Server logs | Security monitoring, bug diagnosis |
We do not sell your data. We do not use your data for advertising.
3. Third-Party Services
We share data with the following services to operate the App:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication | Email, JWT tokens |
| Google Sign-In | Authentication (optional OAuth login) | Email, basic Google profile |
| Stripe | Payments | Name, email, payment method (handled directly by Stripe SDK) |
| USPS Web Tools | Shipping labels, carrier pickup, and tracking | Provider name and mailing address |
| Firebase (Google) | Push notifications | Device token |
| Google Gemini | Puzzle photo verification | Puzzle photos (not linked to your account) |
| Cloudflare R2 | Image storage | Puzzle photos |
| Resend | Transactional email delivery | Email address |
| Grafana Cloud | Application monitoring | Anonymised metrics and logs |
Each of these services has its own privacy policy governing how they handle data passed to them.
4. Data Retention
- Account data is retained while your account is active and for 90 days after deletion, to allow dispute resolution on in-progress swaps.
- Puzzle photos are deleted when the associated listing is permanently removed.
- Server logs are retained for 30 days.
- Payment records are retained for 7 years as required by financial regulations.
5. Your Rights
You may at any time:
- Request a copy of your personal data
- Correct inaccurate data via the in-app profile editor
- Request deletion of your account and associated data (subject to the retention periods above)
To exercise these rights, contact us at the address below.
6. Children
The App is not directed at children under 13. We do not knowingly collect data from children under 13.
7. Changes to This Policy
We may update this policy. We will notify you via a push notification or in-app message when material changes are made. Continued use of the App after changes constitutes acceptance.
8. Contact
Questions or requests: privacy@mosiaq.com