mojo

Privacy Policy

Effective date: April 27, 2026

This Privacy Policy explains how Mojo (“we”, “us”, or “our”) collects, uses, and shares information when you use our AI knowledge assistant available at app.ask-mojo.com. We respect your privacy and only collect what we need to provide and secure the service.

1. Information We Collect

Account information

When you sign up with email and password, we collect your name and email address. When you sign in with Google, we use Google’s OAuth flow to receive your name, email address, profile picture URL, and Google account ID. We use the minimum scopes necessary (openid, email, profile) and we do not request access to your Gmail, Drive, Calendar, or Contacts.

Content you submit

We store the questions you ask, the chat sessions you create, any text snippets or images you attach to a question, and the answers Mojo generates for you. We also store memory facts that Mojo extracts from your conversations to personalize answers (visible and editable under Settings).

Usage and technical data

We log query metadata to operate the service, including timestamps, the channel you used (web app, MCP client, API, or embeddable widget), request latency, the number of cards retrieved, and a confidence score. We use authentication cookies and a small amount of local browser storage (e.g., theme preference, sidebar state, last sign-in method) to keep you signed in and to remember your UI choices.

2. How We Use Information

  • To authenticate you and operate Mojo’s features;
  • To process your questions and generate AI answers grounded in our knowledge base;
  • To enforce plan limits, prevent abuse, and protect the security of our users;
  • To analyze aggregate usage so we can improve answer quality and performance;
  • To send transactional emails about your account (e.g., email verification, security notices). We will not send marketing emails without your separate consent.

3. Sub-processors & Sharing

We use trusted infrastructure providers to deliver the service. They process data on our behalf under contractual confidentiality and data-protection commitments:

  • Supabase — authentication and PostgreSQL database (your account, chat history, memory facts, usage logs).
  • Anthropic (Claude) — large language models used to generate answers and process attached text and images. Anthropic does not train its foundation models on data sent through its API.
  • OpenAI— text embedding models used to convert your questions and our knowledge base into vectors for semantic search. Inputs to the OpenAI API are not used to train OpenAI’s models.
  • Vercel — hosting for the web application frontend.
  • Render — hosting for our backend API and MCP server.
  • Google — authentication via Sign in with Google when you choose that option.
  • Resend — transactional email delivery (e.g., email verification).

We do not sell your personal information. We do not use your content to train third-party foundation models. We may disclose information if we are legally required to do so or to protect the rights, safety, and property of our users or the public.

4. Google User Data

Mojo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google account information only to authenticate you and create and operate your Mojo account. We do not transfer Google user data to third parties except as necessary to provide or improve the service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you. We do not use Google user data for advertising and we do not allow humans to read your data unless we have your consent, for security purposes such as investigating abuse, to comply with applicable law, or where the data has been aggregated and anonymized.

5. Data Retention

We keep your account data while your account is active. Chat sessions and memory facts persist until you delete them or delete your account. Usage logs are retained for up to 24 months for security, billing, and analytics, after which they are deleted or de-identified. You can delete chats, memory facts, and your entire account at any time from the app (Settings) or by contacting support@niklaspedde.com.

6. Security

We use industry-standard safeguards including TLS for data in transit, encryption at rest for sensitive credentials, role-based access controls, and regular dependency updates. No system is perfectly secure; if you become aware of a vulnerability, please report it to support@niklaspedde.com.

7. Your Rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict the processing of your personal data, and to object to certain processing or withdraw consent. To exercise these rights, email us at support@niklaspedde.com. You also have the right to lodge a complaint with your local data protection authority.

8. International Transfers

Our sub-processors may process your data outside your country of residence, including in the United States. Where required, transfers are protected by appropriate safeguards such as the EU Standard Contractual Clauses.

9. Children

Mojo is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (for example, by email or via the app) before they take effect. The “Effective date” at the top of this page tells you when the current version became active.

11. Contact

Questions or requests? Email us at support@niklaspedde.com.