Mochabug AB – Privacy Policy

Effective Date: 2025-10-01 Last Updated: 2025-10-01

Company: Mochabug AB
Organization Number: 559418-8640 Address: Roslagsgatan 4, 113 55 Stockholm, Sweden Email: privacy@mochabug.com
Website: https://www.mochabug.com

1. Introduction

Mochabug AB (“Mochabug”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal data.

This Privacy Policy explains how we handle personal data when you:

Visit our website
Create an account and use our Service
Contact us for support or inquiries
Interact with our marketing communications

This Policy applies to Mochabug’s cloud-based automation and integration platform (the “Service”) and our website.

Your Rights: Under the General Data Protection Regulation (GDPR), you have specific rights regarding your personal data, which we describe in detail below.

2. Data Controller

Mochabug AB is the data controller for personal data we collect directly from you (account information, contact details, etc.).

When you use our Service to process data through automations and integrations, you are the data controller and Mochabug acts as a data processor. Our obligations as a processor are detailed in our Data Processing Agreement (DPA).

Contact our Data Protection Officer:
📧 privacy@mochabug.com
🏢 Mochabug AB, Roslagsgatan 4, 113 55 Stockholm, Sweden

3. Personal Data We Collect

3.1 Account and Identity Information

When you create an account, we collect:

Full name
Email address
Company name and role (optional)
Password (encrypted)
Account preferences and settings

3.2 Payment Information

For paid subscriptions:

Billing name and address
VAT/Tax identification number (if applicable)
Payment method details (processed by our payment provider; we do not store full credit card numbers)
Transaction history

3.3 Service Usage Data

When you use our Service:

Log data (IP addresses, browser type, device information)
API usage and activity logs
Workflow and automation configurations
Integration credentials (encrypted)
Performance and diagnostic data
Plugin code and execution logs

3.4 Customer Data

Data you submit, process, or store through our Service (“Customer Data”) is controlled by you. We process this data only according to your instructions and our DPA. Customer Data may include:

Data from connected third-party services
Workflow inputs and outputs
Files and documents processed through the Service

3.5 Communications

Support ticket content and correspondence
Feedback and survey responses
Marketing communication preferences

3.6 Website Visitors

Cookies and similar tracking technologies
Website navigation and interaction data
Marketing campaign performance data

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

Data Category	Legal Basis	Purpose
Account Information	Contract Performance	To provide and manage your account
Payment Information	Contract Performance	To process payments and subscriptions
Service Usage Data	Legitimate Interest	To operate, secure, and improve the Service
Customer Data	Contract Performance	To deliver the Service per your instructions
Communications	Consent / Legitimate Interest	To provide support and send relevant updates
Marketing Data	Consent	To send promotional communications (opt-in)
Security Logs	Legal Obligation / Legitimate Interest	To detect fraud and ensure security

Legitimate Interest: We rely on legitimate interest to improve our Service, prevent abuse, and maintain security. You have the right to object to processing based on legitimate interest.

Consent: For marketing communications, we obtain your explicit consent. You may withdraw consent at any time by clicking “unsubscribe” or contacting us.

5. How We Use Your Personal Data

5.1 Service Delivery

Create and manage your account
Authenticate and authorize access
Process and execute your automations and workflows
Store and secure your configurations and data
Provide customer support and respond to inquiries

5.2 Service Improvement

Monitor Service performance and reliability
Analyze usage patterns to improve features
Develop new functionalities
Conduct research and analytics (using aggregated, anonymized data)

5.3 Security and Compliance

Detect and prevent fraud, abuse, and security incidents
Enforce our Terms of Service and Acceptable Use Policy
Comply with legal obligations
Respond to lawful requests from authorities

5.4 Communication

Send service notifications and updates
Provide technical support
Send marketing communications (with your consent)
Request feedback and conduct surveys

5.5 Billing and Administration

Process payments and issue invoices
Manage subscriptions and renewals
Maintain accounting records

We do not sell or rent your personal data. We share data only in the following circumstances:

6.1 Service Providers (Data Processors)

We engage trusted third-party service providers who process data on our behalf:

Provider Type	Purpose	Location
Cloud Infrastructure	Hosting and storage (AWS, Google Cloud, Azure)	EU/EEA/US
Payment Processors	Payment processing (Stripe, etc.)	EU/US (adequacy decision)
Email Services	Transactional and marketing emails	EU/US
Analytics Providers	Service analytics and monitoring	EU/US
Support Tools	Customer support ticketing	EU/US

All processors are contractually bound by Data Processing Agreements and required to protect your data according to GDPR standards.

6.2 Legal Requirements

We may disclose personal data when required by law or in response to:

Court orders or legal processes
Lawful requests from government authorities
Protection of our rights, property, or safety
Investigation of Terms of Service violations

6.3 Business Transfers

If Mochabug is involved in a merger, acquisition, or sale of assets, personal data may be transferred. We will notify you and ensure the new entity honors this Privacy Policy.

We may share data with third parties when you explicitly consent, such as when integrating third-party services into your workflows.

7. International Data Transfers

Mochabug is based in Sweden (EU/EEA). We primarily process and store data within the EU/EEA.

Some service providers may be located outside the EU/EEA (e.g., United States). When we transfer data internationally, we ensure adequate protection through:

EU-US Data Privacy Framework (for US-based processors certified under the framework)
Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission

You may request information about specific safeguards by contacting privacy@mochabug.com.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this Policy:

Data Type	Retention Period
Account Information	Duration of account + 30 days after termination
Customer Data	Duration of account + 30 days (unless you request earlier deletion)
Payment Records	7 years (Swedish accounting law requirement)
Usage Logs	90 days (security logs: up to 12 months)
Marketing Data	Until consent is withdrawn or 24 months of inactivity
Support Communications	3 years after last interaction

After the retention period, data is securely deleted or anonymized. Backup copies may persist for up to 90 days during routine backup cycles.

9. Data Security

We implement industry-standard technical and organizational measures to protect your data:

Technical Measures:

Encryption in transit (TLS 1.3) and at rest (AES-256)
Multi-factor authentication (MFA) options
Regular security audits and vulnerability assessments
Intrusion detection and prevention systems
Secure credential storage (hashed and salted passwords)
API access controls and rate limiting

Organizational Measures:

Employee confidentiality agreements
Role-based access controls
Security awareness training
Incident response procedures
Regular data protection impact assessments

Important: No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

As an EU/EEA data subject, you have the following rights:

10.1 Right of Access (Article 15)

Request a copy of the personal data we hold about you.

10.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

10.3 Right to Erasure / “Right to be Forgotten” (Article 17)

Request deletion of your personal data, subject to legal obligations.

10.4 Right to Restriction of Processing (Article 18)

Limit how we process your data in certain circumstances.

10.5 Right to Data Portability (Article 20)

Receive your data in a structured, machine-readable format for transfer to another service.

10.6 Right to Object (Article 21)

Object to processing based on legitimate interest or for direct marketing purposes.

Withdraw consent at any time for consent-based processing.

10.8 Right to Lodge a Complaint

File a complaint with your national data protection authority (in Sweden: Integritetsskyddsmyndigheten - IMY).

How to Exercise Your Rights:
Email privacy@mochabug.com with your request. We will respond within 30 days. You may need to verify your identity for security purposes.

11. Cookies and Tracking Technologies

We use cookies and similar technologies on our website and Service.

11.1 Strictly Necessary Cookies Only

Currently, we only use strictly necessary cookies that are essential for the Service to function. These cookies do not require your consent under GDPR Article 6(1)(f) (legitimate interest) as they are necessary for contract performance.

Strictly Necessary Cookies:

Session authentication – To keep you logged in securely
Security tokens – To prevent cross-site request forgery (CSRF) and other attacks
Load balancing – To distribute traffic and maintain performance

These cookies:

Are deleted when you close your browser (session cookies) or after a defined period
Do not track you across other websites
Cannot be disabled without affecting Service functionality

11.2 No Third-Party Tracking

We do not use:

Analytics cookies (e.g., Google Analytics)
Marketing or advertising cookies
Social media tracking pixels
Third-party cookies for profiling or tracking

11.3 Managing Cookies

You can control cookies through your browser settings. However, blocking or deleting strictly necessary cookies will prevent you from logging in and using the Service.

Browser Cookie Controls:

Chrome: Settings > Privacy and Security > Cookies
Firefox: Settings > Privacy & Security > Cookies
Safari: Preferences > Privacy > Cookies
Edge: Settings > Privacy > Cookies

11.4 Future Changes

If we decide to implement analytics or marketing cookies in the future, we will:

Update this Privacy Policy
Implement a cookie consent banner
Request your explicit consent before setting non-essential cookies
Provide granular control over cookie preferences

12. Third-Party Integrations

The Service allows you to connect third-party applications (e.g., Google Workspace, Salesforce, Slack). When you authorize these integrations:

You grant Mochabug permission to access data from those services according to the permissions you approve
Those third-party services have their own privacy policies
We process integration data only to deliver the Service functionality you configure
You can revoke integration permissions at any time through your account settings

Your Responsibility: As the data controller, you are responsible for ensuring lawful processing of data through third-party integrations.

13. Children’s Privacy

The Service is intended for business use and not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at privacy@mochabug.com and we will delete it.

14. Marketing Communications

We send marketing emails only with your consent. You may opt-in when creating an account or through our website.

14.2 Unsubscribe

Every marketing email includes an “unsubscribe” link. You can also contact privacy@mochabug.com.

14.3 Transactional Emails

Service-related emails (account notifications, security alerts, billing notices) are necessary for Service delivery and cannot be unsubscribed from without closing your account.

15. Data Processing Agreement (DPA)

When you use the Service to process personal data (Customer Data), a DPA governs our obligations as a data processor. The DPA is available at Data processing agreement and covers:

Scope and purpose of processing
Data security measures
Sub-processor list and approval
Data subject rights assistance
Data breach notification procedures
Audit rights and compliance
Data deletion upon termination

16. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes:

We will update the “Last Updated” date
We will notify you via email or Service notification
Continued use of the Service after changes constitutes acceptance

We encourage you to review this Policy periodically. Historical versions are available upon request.

17. Contact Us

For privacy questions, data subject requests, or concerns:

📧 Email: privacy@mochabug.com
🏢 Mail: Mochabug AB, Roslagsgatan 4, 113 55 Stockholm, Sweden

Data Protection Authority (Sweden):
Integritetsskyddsmyndigheten (IMY)
Website: https://www.imy.se
Email: imy@imy.se

18. Definitions

Personal Data: Any information relating to an identified or identifiable natural person.

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: The entity that processes personal data on behalf of the data controller.

GDPR: General Data Protection Regulation (EU) 2016/679.

Customer Data: Data that you submit, store, or process through the Service under your control.

By using Mochabug’s Service, you acknowledge that you have read and understood this Privacy Policy.

This Privacy Policy was last updated on 2025-10-01.