Privacy Policy

Who Controls Your Information

Haro LLC operates Mojo White and is the controller for account, product, privacy-rights, billing-administration, and support data unless a separate agreement says otherwise.

Mojo White is not directed to children under 16. If a parent or guardian believes a child under 16 provided personal information, they may contact help@mojowhite.com to request deletion.

When a business customer uses Mojo White under a separate written agreement, Haro LLC may process some information as a processor or service provider for that customer. This public Privacy Policy applies to Mojo White's general consumer and product operations unless a separate agreement says otherwise.

Information We Collect

• Account information: email address, authentication records, account status, role, preferences, and subscription state.
• Content: uploaded documents, scans, images, extracted text, transcripts, generated audio, prompts, assistant conversations, podcast jobs, and related metadata.
• Usage, security, and operational diagnostic data: word counts, plan limits, product interactions, device/browser metadata, security events, crash and hang diagnostics, abuse-prevention signals, and service logs.
• Billing data: plan, invoice, payment, chargeback, refund, Stripe metadata, and Apple App Store transaction metadata.
• Local data: offline drafts, cached scans, and app-managed local storage that remains on the device unless synced or uploaded.

Sources of Information

• You: account details, uploads, scans, imports, prompts, preferences, support messages, research choices, export requests, and deletion requests.
• Your device and browser: app version, operating system, browser, language, region signals, session identifiers, consent choices, diagnostics, and security events.
• Connected services: Google Drive, Dropbox, Apple, Stripe, WorkOS, and similar services may send the account, import, billing, entitlement, or authentication data needed for the feature you choose.
• Service providers and security tools: hosting, logs, analytics, fraud-prevention, bot-prevention, malware-scanning, and abuse-monitoring providers may produce operational records.

User Content and Sensitive Information

Mojo White content can include documents, scans, images, extracted text, assistant messages, podcast inputs, generated scripts, generated audio, citations, and project metadata. This content may contain personal, sensitive, confidential, copyrighted, educational, financial, health, biometric, or other regulated information depending on what you choose to upload or generate.

Mojo White does not require users to upload sensitive information. If you choose to do so, you are responsible for ensuring that you have the rights, authority, notices, consents, and legal basis required for that processing.

Unless a feature clearly says otherwise, Mojo White is not designed to host regulated medical records, payment card numbers outside Stripe-hosted checkout, government identifiers, student education records, attorney-client files, or other information requiring a specialized compliance agreement.

How We Use Information

• Provide OCR, parsing, text-to-speech, podcast generation, assistant responses, imports, playback, account access, and subscriptions.
• Maintain security, prevent abuse, enforce quotas, investigate reliability issues, and comply with legal obligations.
• Improve reliability and product experience using aggregated or de-identified metrics where appropriate.
• Send transactional notices, support replies, privacy-rights responses, billing notices, and service updates.
• Operate cookie choices, privacy settings, marketing opt-outs, do-not-sell/share requests, data exports, and deletion workflows.
• Measure conversion, retention, feature reliability, crash/error patterns, fraud risk, and abuse trends, subject to the Cookie Policy and processed opt-out requests.
• Support account export, deletion, research opt-in/out, refunds, disputes, chargebacks, tax, accounting, and legal-response workflows.

How We Share Information

We share information with service providers and subprocessors only as needed to operate, secure, support, improve, and enforce Mojo White, or where you direct us to connect an integration.

We may disclose information to comply with law, respond to valid legal process, protect safety, prevent fraud or abuse, enforce agreements, investigate security incidents, complete a business transaction, or with your consent.

We do not sell customer documents, extracted text, prompts, generated audio, or account content. We do not disclose such content to advertisers for behavioral advertising.

AI Processing and No-Training Commitment

Mojo White may send only the data needed for the requested feature to AI, OCR, TTS, and infrastructure providers listed in the Subprocessors page.

Mojo White does not sell customer content and does not use customer documents, extracted text, prompts, or generated audio to train Mojo White or third-party provider models as part of normal product use.

The no-training promise depends on provider API terms, DPAs, and account settings. Haro LLC relies on provider terms that restrict model training for ordinary API/business use and treats DPA or equivalent provider records as part of the vendor-review file.

Providers may retain limited logs for abuse monitoring, security, reliability, legal compliance, or billing according to their own terms. Mojo White prefers enterprise/API provider settings that prohibit model training by default and documents exceptions through legal or privacy review.

Some AI features use tool calls against your own Mojo White documents or metadata. Those tool calls are limited to the account context needed for the requested assistant response, but you should still review outputs before reliance.

Retention

Server-side uploaded files, extracted text, generated audio, transcripts, and similar content are generally deleted after 30 days unless a listed exception applies.

Research Program participation may allow longer retention of anonymized or de-identified research snapshots as described in the Research Program terms.

Billing, security, fraud-prevention, operational diagnostic issue metadata, legal, backup, and tax records may be retained for longer periods where needed for operation, compliance, dispute resolution, and audit.

Raw crash diagnostics, device hashes, and native session denominator rows are kept up to 30 days. Grouped non-content stability issue metadata may be retained up to 365 days so Mojo White can track versions where issues were introduced, fixed, or regressed.

Deleted content is removed from active service systems according to the retention rules, but encrypted backups may retain copies briefly until backup rotation completes.

Retention Details

• Account records: kept while the account is active and then deleted or anonymized after account deletion, subject to legal, security, tax, and billing exceptions.
• Documents, scans, extracted text, podcast files, assistant context, and generated audio: generally deleted from active systems after the product retention period or account deletion, unless you save, export, regenerate, participate in research, or a legal/security hold applies.
• Security, abuse, bot-prevention, access logs, and operational diagnostic issue metadata: kept long enough to protect the service, investigate incidents, enforce terms, track fixed/regressed app versions, and preserve evidence. Raw per-device stability events are kept up to 30 days.
• Billing and transaction records: kept as required for tax, accounting, chargeback, refund, audit, and platform obligations.
• Backups: encrypted backup copies rotate out on the backup schedule and are not used for ordinary product access after active deletion.
• Local/offline data: cached files, drafts, and downloads on your device may remain until you delete them, clear app/browser storage, or uninstall the app.

Your Controls and Rights

• Access: request a copy of personal information associated with your account.
• Deletion: delete your account and associated server-side data, subject to legal and security exceptions.
• Correction: update account details and preferences.
• Export: use available product controls or contact help@mojowhite.com for a data export.
• Opt out or restrict: manage marketing preferences, cookie choices, do-not-sell/share requests, and legally available opt-out rights.

Verification, Authorized Agents, and Appeals

For privacy, export, correction, and deletion requests, Mojo White may verify account control, request the account email, require session authentication, or ask for information reasonably necessary to match the request to an account.

Authorized-agent requests may require proof of authorization and direct verification with the account holder unless applicable law provides otherwise.

If a request is denied, limited, or only partially completed because of legal, security, fraud, account-matching, or technical reasons, you may contact help@mojowhite.com to appeal where applicable law provides an appeal right.

Automated Decisions

Mojo White may use automated systems to detect spam, bot activity, malware risk, quota abuse, suspicious authentication, payment fraud, policy violations, or unsafe AI requests.

Mojo White does not intend to use automated processing to make decisions that produce legal or similarly significant effects about employment, credit, housing, education, insurance, public benefits, medical care, or eligibility for essential services.

US State Privacy Rights

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Florida, and other states may have access, deletion, correction, portability, opt-out, appeal, or sensitive-data rights where applicable thresholds and laws apply.

Mojo White routes state privacy requests through help@mojowhite.com and tracks request receipt, verification, deadline, response, and outcome for operational compliance.

Contact

Privacy requests may be sent to help@mojowhite.com. Haro LLC may ask for information reasonably needed to verify the request and match it to an account.