MOOD.ai Security & Data Protection

At MOOD.ai, trust is the foundation of workplace wellbeing. Security, privacy, and compliance are built into our platform from the ground up. This overview explains how we protect data, safeguard anonymity, and align with Australian and international standards. It is intended to give IT, Cybersecurity, and people & culture teams confidence in our approach.

1. About MOOD.ai

  • Workplace wellbeing platform enabling simple, anonymous mood check-ins.
  • Real-time, anonymised insights help organisations reduce burnout risk and meet new psychosocial safety requirements.
  • Founded by Adam Johnson (CTO) and Dr Nathan Jones (CEO).

2. How It Works

  • Employees receive a secure invite to download the MOOD.ai app.
  • They log anonymous check-ins – mood colour, feelings tags, psychological safety statement response.
  • Data is stored securely in Supabase (AWS Sydney) and processed via Vercel APIs.
  • HR/Admins access aggregated wellbeing insights in the MOOD.ai Hub.
  • No logins required for employees, and no individual check-ins are ever identifiable.

3. Information We Handle

  • Onboarding: Employee names and emails provided by the organisation for invites only.
  • Check-ins: Always anonymous – no personal identifiers attached.
  • Chats & Reflections: Stay on the employee’s device; never uploaded to MOOD.ai.

Data deletion: Employees can remove all app data instantly by uninstalling.

4. Hosting & Partners

We rely on trusted, certified providers:

  • Supabase (AWS Sydney) – Database + authentication (SOC 2, ISO 27001 certified).
  • Vercel – API hosting.
  • Resend – Secure transactional email.
  • OpenAI – AI chatbot (prompts anonymised, no storage).

5. Security & Compliance

  • Encryption: AES-256 at rest; TLS 1.2+ in transit.
  • Access controls: Supabase Row-Level Security (RLS) + RBAC.
  • Change management: Git-based workflow with staging environments.
  • Resilience: Daily backups, multi-AZ redundancy, disaster recovery testing.
  • Testing: Annual penetration tests and regular internal security reviews.
  • Compliance: Australian Privacy Principles, GDPR, OWASP secure coding practices.

6. Access & Personnel

  • Role-based access: only authorised admins can access the MOOD.ai Hub.
  • Staff vetting: all MOOD.ai employees undergo background checks.
  • Training: ongoing security awareness (phishing, social engineering).
  • MFA: supported and can be enforced on request.

7. Incident Response & Continuity

  • Documented incident management plan with clear escalation paths.
  • Commitment to notify affected customers within 24 hours of a relevant incident.
  • Business continuity plan tested; ~24h resilience window.
  • No significant security incidents to date.

8. Privacy & Data Protection

  • Reports only include anonymised, aggregated wellbeing insights.
  • No data export from the employee app.
  • You can also read our full Privacy Policy.

9. Physical Security

  • Data stored in AWS Sydney data centres (SOC 2, ISO 27001 certified).
  • Facilities protected with biometric access and 24/7 monitoring.

Our Commitment

MOOD.ai is built to help organisations care for their people while protecting their privacy. With robust security practices and anonymous insights, we enable compliance with new workplace safety laws and foster healthier, safer workplaces.

For our formal commitments, see our Privacy Policy and Terms of Use.
For availability and support standards, see our Service Level Agreement.

Contact Us

Questions? Reach out anytime:

Email: team@mood.ai
Website: www.mood.ai
Address: Bay 5-7 North, 2 Locomotive St, Eveleigh NSW 2015