Europe and UK Privacy Notice

Legal Bases

• Contract: account access, content processing, playback, subscriptions, support, and requested product features.
• Legitimate interests: security, abuse prevention, reliability, internal analytics, fraud prevention, and service improvement where those interests are not overridden by user rights.
• Consent: non-essential cookies/analytics where required, optional research participation, marketing communications, and optional feature consents.
• Legal obligation: tax, accounting, consumer-law, platform, and law-enforcement obligations.

Required GDPR Information

• Controller: Haro LLC, operating Mojo White.
• Purposes: account access, content processing, AI/TTS/OCR features, imports, subscriptions, support, security, fraud prevention, analytics, research where selected, legal compliance, and service improvement.
• Recipients: subprocessors and service providers listed on the Subprocessors page, connected providers you choose, legal authorities where required, professional advisors, and transaction counterparties if Haro LLC is involved in a merger, financing, sale, or restructuring.
• Storage periods: described in the Privacy Policy retention sections, with active-service deletion, backup rotation, billing/tax retention, security-log retention, and research exceptions.
• Requirement to provide data: account, authentication, billing, and content data may be necessary to provide requested features; if you do not provide it, the related feature may not work.

International Transfers

Mojo White is operated by Haro LLC and uses providers that may process data in the United States and other countries.

Where GDPR or UK GDPR requires transfer safeguards, Haro LLC relies on Standard Contractual Clauses, UK transfer addenda, adequacy decisions, or another valid mechanism documented in provider terms or DPAs.

Some providers may process data from multiple regions for security, support, abuse monitoring, or reliability. Haro LLC treats transfer locations and provider safeguards as part of vendor review.

Data Subject Rights

• Access, correction, deletion, restriction, portability, objection, withdrawal of consent, and complaint to a supervisory authority.
• Consent withdrawal does not affect processing that occurred before withdrawal.
• Requests may be sent to help@mojowhite.com and will be answered within the applicable statutory deadline where the request can be verified and matched to an account.

Special Categories, Children, and Research

Mojo White does not intentionally request special-category data. Such data may appear in user-provided documents, scans, prompts, transcripts, or audio if a user chooses to include it.

Mojo White is not directed to children under 16. If Haro LLC learns that an under-16 user has provided personal data, it may delete the account and related information subject to legal and security exceptions.

Research Program participation is optional, separately disclosed, and revocable for future participation. Haro LLC evaluates the appropriate legal basis for research activity by jurisdiction and program design.

Supervisory Authority and Complaints

EU/UK users may lodge a complaint with their local data-protection supervisory authority. We ask that you contact help@mojowhite.com first so we can try to resolve the issue.

If Haro LLC appoints an EU or UK representative, the representative's contact information will be published here or in an equivalent privacy notice.

EU Representative and DPO

Until an EU or UK representative is appointed, EU and UK users may direct privacy-rights requests to help@mojowhite.com.

If Mojo White is required to appoint an EU or UK representative, Haro LLC will publish the representative's contact information here or in an equivalent privacy notice.

Mojo White does not currently publish a DPO appointment. Privacy questions may be sent to help@mojowhite.com.

DPIA and Risk Review

Haro LLC evaluates higher-risk processing, AI features, synthetic-audio workflows, research processing, and new provider categories for privacy, safety, security, and data-transfer risks before or during rollout.

Where GDPR or UK GDPR requires a data-protection impact assessment or consultation with a supervisory authority, Haro LLC will document that review and apply appropriate mitigations before relying on the processing at issue.