Privacy Policy

Last updated: February 23, 2026

Plain English: When you sign in, your quiz results are saved securely so you can revisit and track changes in yourself over time. Your data is yours — we will never sell it, and you can request deletion at any time. If you have questions, reach us via the contact links at the bottom of this page.

Full policy text follows.

1. Who We Are

KIWIMU MBTI Lab is a personality discovery service operated by Moon Island Dessert. For privacy-related inquiries, please contact us via LINE or Linktree (see Section 10).

2. What Data We Collect

We collect the following when you use our service:

Account information (when you log in via Google): name, email address, and a unique account identifier (UID). This is used solely to identify your session and associate your quiz records with your account.
Quiz results: your MBTI type, dimension scores, and associated analysis. Stored only when you are signed in; results taken without signing in remain local to your device and are not uploaded.
Login metadata: timestamp and authentication method, used for account security and audit purposes.

We do not collect sensitive personal data (financial data, health data, government IDs) and do not engage in automated decision-making with legal effects.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our processing is based on:

Consent — you choose to create an account and save your results. You may withdraw consent at any time by deleting your account.
Legitimate interests — improving the quality and accuracy of the service, and maintaining security.

4. How We Use Your Data

To display and preserve your quiz results and analysis across sessions and devices.
To enable long-term personality tracking (comparing results over time).
To improve service quality through anonymized, aggregated analytics.
If you follow our LINE account, to send occasional updates or offers (you may unsubscribe at any time).

We will never use your data for advertising profiling, sell it to third parties, or disclose it without your consent (except as required by law).

5. Data Storage and Security

Authentication and account data are managed by Google Firebase, which implements industry-standard security controls.
All data in transit is encrypted via HTTPS / TLS.
Images are served and stored via Cloudinary.
We retain your data only while your account is active. If you delete your account or request erasure, we will remove your data within 30 days, except where retention is required by applicable law.

6. International Data Transfers

Our service infrastructure (Firebase, Cloudinary) may process data outside your country of residence. Google's infrastructure complies with the EU–US Data Privacy Framework and uses Standard Contractual Clauses (SCCs) where applicable. By using this service, you acknowledge this international processing.

7. Third-Party Services

We use the following third-party services, each with their own privacy policies:

Google Firebase — authentication & database: Privacy Policy
Cloudinary — image storage: Privacy Policy

8. Cookies

We use session cookies to maintain your logged-in state, so you can return to your saved records without re-authenticating. You may disable cookies in your browser settings, but this will prevent the account and tracking features from functioning.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the data we hold about you.
Rectification — request correction of inaccurate data.
Erasure ("right to be forgotten") — request deletion of your data.
Restriction — request that we limit processing of your data.
Portability — request your data in a machine-readable format.
Objection — object to processing based on legitimate interests.
Withdraw consent — at any time, without affecting the lawfulness of prior processing.

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell personal information. You will not be discriminated against for exercising your rights. To exercise your rights, contact us using the links in Section 10.

EEA residents also have the right to lodge a complaint with your local data protection supervisory authority.

10. Children's Privacy

This service is not directed at children under 13. If you are under 18, please use this service with the consent and supervision of a parent or guardian. If we become aware that we have inadvertently collected data from a child under 13 without verified parental consent, we will delete it promptly.

11. Changes to This Policy

We may update this policy to reflect changes to our practices or applicable law. Significant changes will be announced on the website. Continued use of the service after changes take effect constitutes your acceptance of the revised policy.

12. Contact Us

For any privacy-related requests or questions, please reach us through:

LINE Official Account: https://lin.ee/r19wTnY
Linktree: https://linktr.ee/moon_moon_dessert