1. Information We Collect

When you use Mornate, we collect the following categories of information:

Account data: email address, username, display name, avatar URL, date of birth (used only for 13+ age verification), and hashed password (bcrypt — we never store your password in plain text). If you sign in with Apple or Google, see Section 4 for OAuth-specific details.
User content: alarm settings, squad/team memberships, chat messages (squad and direct), voice messages, dream journal entries, reminder notes, and event titles.
Device data: FCM push notification token (used to deliver push notifications to your device).
Usage data: wake logs, streak history, badges, and challenge progress.
Diagnostic data: crash reports and performance metrics collected via Sentry (anonymized — only an internal user ID is sent, never your email or username).

2. How We Use Your Information

We use your information to provide and improve Mornate's services, including synchronized alarms, team features, and streak tracking. We do not sell your personal data to third parties.

3. Third-Party Services

Mornate uses the following third-party services to operate. Each service receives only the minimum data necessary for its function:

Firebase Cloud Messaging (Google LLC) — delivers push notifications to your device. Only your FCM device token is stored and shared with this service.
Privacy policy: policies.google.com/privacy
Sentry (Functional Software Inc., EU region) — crash and performance monitoring. Only an anonymized internal user ID is sent — no email address, username, or IP address. Data is retained for 30 days.
Privacy policy: sentry.io/privacy
Resend (Resend Inc.) — transactional email delivery (password reset, email verification). Only your email address is processed by this service.
Privacy policy: resend.com/legal/privacy-policy

4. OAuth / Social Sign-In Data

Mornate offers Sign in with Apple and Sign in with Google as optional sign-in methods alongside email and password. When you choose to sign in with one of these providers, we receive only the minimum data required to create or authenticate your account.

Sign in with Apple

When you authenticate with Apple, we collect:

Apple user ID (the sub claim) — a stable identifier issued by Apple.
Email address — either your real email or an Apple-generated relay address (@privaterelay.appleid.com) if you choose Hide My Email. Mornate sends transactional email (verification, security notices) to this relay address; Apple privately forwards it to your real inbox and we never see your real email.
Name — only on your first sign-in, and only if you choose to share it. Optional.

Sign in with Google

When you authenticate with Google, we collect:

Google user ID (the sub claim) — a stable identifier issued by Google.
Email address — always verified by Google.
Name — your given and family name as set on your Google account.
Profile photo URL — optional; used as your default avatar if you do not upload one.

Purpose, Retention, and Sharing

Purpose: account creation, authentication, and core App Functionality. We do not use OAuth data for advertising or profiling.
Retention: the user ID and email are retained until you delete your Mornate account. OAuth access and refresh tokens are not stored on our servers.
Third-party sharing: none. Apple and Google are used solely as identity providers; we do not share your Mornate data back to them.
Account linking: if you already have an email/password account and later sign in with the same email via Apple or Google, we will ask you to confirm the link with your existing credentials before merging the accounts. We never auto-link based on email alone.
Revocation: when you delete your Mornate account, we also revoke the OAuth grant with Apple and Google so they no longer share data with us.

5. Data Retention

We retain your data for the following periods:

Account data: retained until you delete your account.
Chat messages: retained until deleted by you, or upon account deletion.
Refresh tokens: automatically deleted after expiry (daily cleanup, maximum 7 days).
Crash reports (Sentry): 30 days.
Server operational logs: 14 days with daily rotation.

6. Data Storage and Security

Your data is stored securely using industry-standard encryption. We implement appropriate technical and organizational measures to protect your personal information.

7. Sharing of Information

We share limited information with your team members (display name, wake-up status) as part of the app's core functionality. We do not share your data with advertisers.

8. Your Rights

Under GDPR (Articles 15–17) and KVKK (Article 11), you have the following rights regarding your personal data:

Access, rectification, and erasure: you can request a copy of your data, correct inaccuracies, or request deletion at any time.
Account deletion: go to Settings → Delete Account inside the app. Deletion is immediate and cascades to all your data — messages, alarms, logs, and all associated content.
Data export: email us at [email protected] to request a copy of your data.
Withdraw consent: you may withdraw consent at any time by deleting your account.
Right to complain: you may lodge a complaint with your local data protection authority — in Türkiye: KVKK Kurumu; in EU member states: your national DPA.

9. Age Requirement

Mornate requires users to be at least 13 years old. We do not knowingly collect personal data from anyone under 13. If you are a parent or guardian and believe a child under 13 has created an account or provided us with personal data, please contact us immediately at [email protected] — we will delete the data without delay.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page.

11. Contact Us

If you have questions about this privacy policy, please contact us at [email protected].

Privacy Policy