Privacy Policy

1. Who we are

Moko Sales ("we", "our", "us") is an AI-powered sales call coaching product operated by Mokoapp (mokoapp.net). This Privacy Policy applies to the Moko Sales web application, APIs, and all related websites and services (collectively, the "Service").

For the purposes of the EU General Data Protection Regulation (GDPR), Mokoapp is the data controller for personal data we collect directly from you (e.g. account registration). When you or your company upload call recordings for analysis, your company is typically the data controller and Mokoapp acts as the data processor on your company's behalf.

2. Data we collect

We collect different categories of data depending on how you interact with the Service:

2.1 Account data

When you create an account, we collect your name, email address, and a hashed password. If you join or create a company, we also store your company name, team membership, and role (e.g. admin, sales rep).

2.2 Call data

Audio recordings you upload, the transcripts generated from those recordings, AI-generated scores, coaching feedback, objection analysis, and any notes or tags you add. This data is associated with your company account and is used solely to provide the Service.

2.3 Usage data

Information about how you interact with the Service: pages visited, features used, actions taken (e.g. uploading a call, viewing a report), session duration, and timestamps. We use this data to improve the Service and provide support.

2.4 Technical data

IP address, browser type and version, device type and operating system, referring URL, and server logs. This data is collected automatically and is necessary for security, fraud prevention, and operational stability.

2.5 Payment data

If you subscribe to a paid plan, billing information (such as invoice addresses) is collected. Payment card details are processed directly by our payment processor and are not stored on our servers.

2.6 Communication data

When you contact us (e.g. via email or the contact form), we collect the content of your message, your email address, and any attachments you provide, in order to respond and resolve your inquiry.

3. How we use your data

We process your personal data for the following purposes:

• Providing the Service: transcribing and analyzing call recordings, generating scores and coaching feedback, displaying dashboards and reports.
• Account management: authenticating users, managing roles and permissions, associating users with companies.
• Billing and invoicing: generating invoices, processing payments, tracking subscription status.
• Communication: sending transactional emails (verification codes, password resets, invoice notifications) and, if you opt in, product updates and tips.
• Improvement and analytics: analyzing usage patterns to improve features, fix bugs, and optimize performance.
• Security: detecting and preventing fraud, abuse, and unauthorized access.
• Legal compliance: complying with applicable laws, regulations, and legal processes.

4. Legal basis for processing (EEA/UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data on the following legal bases:

Purpose	Legal basis
Providing the Service and managing your account	Performance of a contract (Art. 6(1)(b) GDPR)
Billing and invoicing	Performance of a contract (Art. 6(1)(b) GDPR)
Sending transactional emails	Performance of a contract (Art. 6(1)(b) GDPR)
Product updates and marketing emails	Consent (Art. 6(1)(a) GDPR)
Usage analytics and product improvement	Legitimate interest (Art. 6(1)(f) GDPR)
Security and fraud prevention	Legitimate interest (Art. 6(1)(f) GDPR)
Legal compliance	Legal obligation (Art. 6(1)(c) GDPR)

5. Third-party services and sub-processors

We use trusted third-party service providers to operate the Service. These providers process data on our behalf under data processing agreements:

• AI providers (e.g. OpenAI): to transcribe and analyze call recordings and generate coaching feedback. Call audio and transcript content is sent to these providers under their data processing terms. We do not use your call data to train general-purpose AI models.
• Email provider (e.g. Resend): to send verification codes, invoices, notifications, and optional marketing emails.
• Hosting and infrastructure: to store and process data securely in data centers located in the EU and/or EEA-adequate jurisdictions.
• Payment processing: to handle subscription payments and billing securely.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

6. International data transfers

Some of our sub-processors (e.g. AI providers) may process data outside the EEA. When this occurs, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or the provider's participation in an adequacy framework. You may request a copy of the relevant transfer mechanism by contacting us.

7. Cookies and similar technologies

We use cookies and similar technologies for the following purposes:

• Essential cookies: authentication tokens (access and refresh tokens), session identifiers, and CSRF protection. These are strictly necessary for the Service to function.
• Functional cookies: remembering your preferences (e.g. language, dashboard layout).

We do not use third-party advertising or tracking cookies. You can manage cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.

8. Data retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account data: retained for as long as your account is active. After account deletion, personal data is deleted or anonymized within 30 days, except where retention is required by law.
• Call data: retained for as long as your company account is active. Your company admin can delete individual call records at any time. On company account deletion, call data is permanently deleted within 30 days.
• Usage and technical data: retained for up to 12 months for analytics and security purposes, then aggregated or deleted.
• Invoices and billing records: retained for the period required by applicable tax and accounting laws (typically 5–10 years).

9. Your rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure ("right to be forgotten"): request deletion of your personal data, subject to legal retention requirements.
• Restriction: request that we limit how we process your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format and transfer it to another controller.
• Objection: object to processing based on legitimate interests, including direct marketing.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@mokoapp.net. We will respond within 30 days (or the applicable statutory period). If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection supervisory authority.

10. Data security

We implement industry-standard technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Access controls and role-based permissions for internal systems.
• Regular security reviews and monitoring.
• Secure password hashing (bcrypt).

No system is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law, without undue delay.

11. Automated decision-making

Our Service uses AI to analyze call recordings and generate scores and feedback. This analysis is intended as a coaching tool and does not produce legal or similarly significant effects on individuals. You can review, question, and override any AI-generated scores or feedback within the Service. If you have concerns about automated processing, contact us.

12. Children

Moko Sales is a business-to-business service and is not intended for use by individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we may also notify you by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact us

If you have questions about this Privacy Policy, want to exercise your data rights, or need to report a concern, contact us:

Email: hello@mokoapp.net
Website: mokoapp.net