Privacy Policy

Who We Are

Moji is operated by Frequency AI Ltd ("we", "us", "our"), a company registered in England and Wales (Company number 16990328), with its registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.

We are the data controller for your personal data. This policy explains what data we collect, why, how we use it, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Our Approach to Privacy

Moji is local-first by design. Your workspace is a directory on your device. Documents, spreadsheets, and presentations are files on your filesystem. Cloud sync is optional, encrypted, and under your control. We collect only what is strictly necessary to provide the service.

What We Collect

Account Data

When you create a Moji account, we collect your email address and display name via our authentication service. We support sign-in through third-party identity providers (such as Google and Apple). When you authenticate via these providers, we receive your name and email. We do not receive or store your password from these providers.

Workspace and Document Data

Your documents, spreadsheets, and presentations are stored as files on your local device. When you enable cloud sync, the following data is transmitted to and stored in our cloud infrastructure:

• Document content and version history
• Synchronisation state for real-time collaboration
• Workspace structure metadata (file names, directory hierarchy, timestamps)
• Document snapshots for recovery and version history
• Workspace membership and role assignments (owner, editor, viewer)

All synced data is encrypted in transit via TLS and at rest within our cloud infrastructure. Database access is restricted by security policies that enforce workspace membership. Only authenticated members of a workspace can access its data.

Collaboration and Presence Data

When you collaborate in real time, we process the following temporary data:

• Your cursor position and current document path (presence data)
• Real-time document edits broadcast to other workspace members

Presence data is ephemeral and not retained after your session ends.

File Assets

If you embed images or other assets in your documents, these are stored in cloud storage associated with your workspace. Assets are accessible only to authenticated workspace members.

Desktop Application

The Moji desktop application reads and writes files within your designated workspace directory on your local filesystem. When cloud sync is enabled, changes are synchronised automatically.

The desktop application stores minimal local configuration such as your workspace path and window dimensions. AI agent sessions and plans are stored locally within your workspace and are not synced to the cloud.

Waitlist Data

If you join our waitlist, we store your email address for the sole purpose of notifying you when access is available. Waitlist data is retained for a maximum of 24 months and is not shared with third parties.

What We Do Not Collect

• We do not use third-party analytics, tracking pixels, or advertising networks
• We do not use advertising cookies or third-party cookies of any kind
• We do not process, analyse, or mine your document content for any purpose other than delivering the sync service
• We do not sell, rent, or trade your personal data

Lawful Bases for Processing

We process your personal data under the following lawful bases:

• Contract: processing your account data and workspace data is necessary to provide the Moji service you have signed up for
• Legitimate interest: processing anonymised, aggregated usage data to maintain and improve the service, with safeguards to minimise impact on your rights
• Consent: storing your email on our waitlist, which you can withdraw at any time

AI Features

Moji supports AI agent integration. You may connect AI agents from your preferred provider to assist with document creation, editing, and analysis. When you use AI features:

• Agents access your workspace files via your local filesystem
• Your API keys for AI providers are stored locally on your device and are never transmitted to our servers
• Agent session history and plans are stored locally within your workspace directory
• We do not send your personal data to AI providers. Any data shared with agents is initiated by you through your prompts and workspace content

Your interactions with AI agents are governed by the respective privacy policies of the AI provider you choose. We recommend reviewing their policies before use.

Data Sharing

We share data only with trusted third-party service providers who assist us in operating the Service, under strict data processing agreements. These include providers of cloud hosting, database infrastructure, authentication, and content delivery services.

We may also disclose data when required by law, regulation, or valid legal process.

International Data Transfers

Your data may be processed in jurisdictions outside the United Kingdom, including the United States. Where such transfers occur, they are protected by appropriate safeguards including Standard Contractual Clauses (SCCs) or equivalent mechanisms recognised under UK GDPR.

Data Retention

• Account data: retained for the lifetime of your account
• Workspace data: retained while the workspace exists; deleted when the workspace owner deletes it
• Sync and version history: retained for the lifetime of the workspace
• Presence data: ephemeral; not retained after session ends
• Waitlist entries: retained for a maximum of 24 months
• Account deletion: all personal data is permanently removed within 30 days of account deletion

Your Rights

Under UK GDPR, you have the right to:

• Access your personal data and receive a copy
• Rectify inaccurate or incomplete personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Data portability: receive your data in a structured, machine-readable format
• Object to processing based on legitimate interest
• Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within one month as required by UK GDPR.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Cookies

Moji uses only essential cookies and local storage entries required for authentication and session management. We do not use advertising cookies, tracking cookies, or any third-party cookies.

Children

Moji is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email or a notice within the application at least 14 days before they take effect. Continued use of Moji after changes constitutes acceptance of the updated policy.

Contact

For privacy-related enquiries:
[email protected]

Frequency AI Ltd
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom