Privacy
Subprocessors
Public named provider list for authentication, hosting, storage, payments, AI, OCR, TTS, imports, analytics, and security.
- Version
- v1.3
- Effective
- May 22, 2026
- Last updated
- May 22, 2026
Legal entity: Haro LLC. Product brand: Mojo White. For legal questions, contact help@mojowhite.com.
Last reviewed: May 22, 2026
This public disclosure provides transparency about subprocessors and service providers used to operate Mojo White. It is not an infrastructure diagram and does not include security-sensitive implementation details. Providers receive only the data needed for the relevant feature or service. Not every provider receives data from every user.
The Privacy Policy explains Mojo White's general privacy practices. For privacy-rights requests or questions about this disclosure, contact help@mojowhite.com.
| Provider | Function | Personal data categories | Last reviewed |
|---|---|---|---|
| WorkOS | Account access and authentication | Account identifiers, email address, authentication and security events | May 22, 2026 |
| Stripe | Billing and subscriptions | Billing contact information, subscription status, invoice and payment metadata | May 22, 2026 |
| Apple | App Store subscriptions and in-app purchase processing | App Store transaction identifiers, subscription status, renewal metadata, and account-token metadata used to connect purchases to your Mojo White account | May 22, 2026 |
| Vercel | Application hosting and reliability | Request metadata, device/browser metadata, application telemetry, operational logs | May 22, 2026 |
| Cloudflare Turnstile | Bot prevention and abuse control | Challenge tokens, IP-derived risk signals, device/browser metadata, and verification outcome metadata | May 22, 2026 |
| Neon | Application data storage | Account records, preferences, usage records, document metadata, extracted content records, deletion and retention records | May 22, 2026 |
| Google Cloud | Storage, document conversion, OCR, text-to-speech, and processing infrastructure | Uploaded content, extracted text, selected pages or images, generated audio, and operational metadata | May 22, 2026 |
| Upstash | Usage limits and abuse prevention | Usage counters, limited operational metadata, and abuse-prevention signals | May 22, 2026 |
| MaxMind | Country-level geolocation for analytics and abuse prevention | IP-derived approximate country or region metadata | May 22, 2026 |
| Anthropic, OpenAI, Groq, DeepInfra | AI, OCR, parsing, summarization, and content-processing providers | Document excerpts, extracted text, prompts, generated summaries, generated outputs, only when relevant features are used | May 22, 2026 |
| Microsoft Azure Speech | Text-to-speech provider | Text submitted for speech synthesis and voice-selection metadata, only when enabled | May 22, 2026 |
| Google Drive, Dropbox | User-selected import integrations | Files the user chooses to import and limited import/account metadata | May 22, 2026 |
| VirusTotal or malware-scanning provider | Security scanning and abuse prevention | File hashes and, where enabled and necessary, uploaded files or related security metadata | May 22, 2026 |
Public Provider Disclosure
This page is public and does not require login. Providers receive only the data needed for the relevant Mojo White feature, and not every provider receives data from every user.
The table is a transparency list, not a complete infrastructure diagram. Haro LLC may omit internal systems, professional advisors, or emergency providers where disclosure would create security risk, but the named providers below cover the ordinary service-provider categories used to run Mojo White.
How Providers Are Used
- Core infrastructure providers host the app, database, files, jobs, logs, and security controls.
- Authentication and payment providers process account access, subscriptions, invoices, refunds, chargebacks, App Store entitlements, and purchase reconciliation.
- AI, OCR, and text-to-speech providers process only the content needed for the feature selected by the user, such as document excerpts, extracted text, prompts, generated scripts, voice selections, or synthesis requests.
- Import providers process files and metadata only when the user chooses to connect or import from that provider.
- Analytics and reliability providers process analytics, operational telemetry, performance data, and aggregate interaction metrics unless an applicable opt-out has been processed.
- Security providers may process tokens, file hashes, suspicious files, IP-derived risk signals, or abuse indicators to protect Mojo White and users.
Data Minimization and Access
Provider access is limited by feature, purpose, role, and environment where Mojo White controls the integration. Not every provider sees every category of data, and not every user uses every provider-backed feature.
Haro LLC treats provider owner, purpose, data categories, region, DPA status, transfer safeguards, retention settings, incident contacts, and review dates as vendor-management records.
Provider Terms and Changes
Some third-party services are user-selected integrations governed by that provider's own terms. Mojo White is not responsible for a third-party provider's independent products, policies, outages, or account decisions.
Haro LLC may add, replace, suspend, or remove providers as the product evolves. Material changes that expand provider access to personal information will be reflected on this page and, where legally required, communicated through additional notice.
Change Notifications
Users may email help@mojowhite.com with the subject line Subprocessor Updates to request email notice when the named subprocessor list materially changes.
Where contractually feasible and legally appropriate, Haro LLC will provide at least 30 days' notice before adding a material new subprocessor category that expands access to personal information.
The public provider table includes a last-reviewed date so users can see when the named list was last checked.
International Transfers and DPAs
Providers may process personal information in the United States or other countries. For EU/UK data, Haro LLC relies on Standard Contractual Clauses, UK transfer addenda, adequacy-transfer records, or other valid safeguards where required.
Haro LLC uses DPAs or equivalent data-processing terms for providers that process personal information on Mojo White's behalf where such terms are available and appropriate.