Mojo Privacy Policy

Last updated: November 19, 2025

This Privacy Policy explains how Mojo (“Mojo,” “we,” “our,” or “us”) collects, uses, shares, and protects personal data when studios, instructors, and their end clients use the Mojo platform and related websites, booking pages, and mobile-friendly interfaces (collectively, the “Service”). We design Mojo for Pilates, yoga, fitness, and wellness businesses to manage class schedules, waitlists, memberships, reminders, and integrations such as Google Calendar, Mailchimp, SmartBill, and payment processors. This Privacy Policy applies to both (i) studio administrators and staff who create Accounts and (ii) end clients who book classes or interact with a studio through Mojo.

By accessing or using the Service, or by submitting personal data to us, you acknowledge that you have read and understood this Privacy Policy. If you represent a business, you must ensure your staff and clients are informed about how Mojo processes their data.

1. Data Controller and Contact

Mojo is the controller of the personal data described in this Privacy Policy unless stated otherwise. You may contact us at hey@usemojo.app for any privacy-related question or to exercise your rights. Our preferred language for privacy communications is English.

2. Personal Data We Collect

We collect the following categories of data, depending on how you use the Service:

• Studio and Instructor Data: account credentials, name, contact information, business name, industry, timezone, staff profiles, subscription details, billing contacts, communications with Mojo support, feedback, and marketing preferences.
• Client and Member Data: class bookings, waitlists, attendance status, memberships or package usage, cancellation history, preferences, and contact details provided by studios or by end clients themselves. Studios control the content entered in these fields.
• Payment-Related Data: limited billing metadata (for example, the last four digits of a card, expiration date, or payment status) returned by Stripe or other processors. Mojo does not store nor receive full card numbers.
• Communications Data: email or SMS reminders, confirmations, marketing campaigns sent through the Service, and delivery metrics (opens, clicks, bounces).
• Integration Data: connection tokens and metadata generated when you link Mojo to Google Calendar, Mailchimp, SmartBill, Sendinblue/Brevo, Email Octopus, or other third-party tools available in your account.
• Device and Usage Data: IP address, browser type, device identifiers, locale, access times, referring URLs, pages viewed, page response times, and feature usage, collected via first-party logs and analytics services (e.g., PostHog, Google Analytics) to secure and improve the Service.
• Support and Feedback Data: content of chats, tickets, or emails handled through channels such as Crisp, as well as voluntary testimonials or survey responses.

We obtain personal data directly from you, automatically through the Service, and from third parties that you authorize (for example, when importing contacts from another system).

3. How We Use Personal Data

We process personal data for the following purposes and legal bases (Article 6 GDPR):

• Provide and operate the Service (performance of a contract) – including account creation, calendar scheduling, waitlists, membership tracking, reminders, staff permissions, and integrations.
• Process transactions and billing (performance of a contract / legitimate interest) – to administer subscriptions, trials, invoicing, fraud monitoring, and accounting.
• Communicate with you (performance of a contract / legitimate interest) – to send enrollment confirmations, service announcements, support responses, incident notices, and product updates.
• Send optional marketing communications (consent / legitimate interest) – such as newsletters or campaign tips; you can opt out at any time.
• Enable integrations you request (performance of a contract / legitimate interest) – e.g., syncing bookings to Google Calendar, exporting contacts to Mailchimp, or generating invoices in SmartBill.
• Maintain security and prevent abuse (legitimate interest / legal obligation) – monitoring for suspicious activity, enforcing policies, and protecting the Service.
• Improve and develop the Service (legitimate interest) – analyzing usage, running experiments, training support teams, and enhancing features.
• Comply with legal obligations (legal obligation) – responding to lawful requests, tax requirements, and enforcing agreements.

4. Cookies and Similar Technologies

Mojo uses cookies, local storage, and similar technologies to remember preferences, authenticate sessions, analyze traffic, and guard against fraud. You may adjust cookie settings through your browser or operating system. Essential cookies are necessary to sign in, manage bookings, and secure the Service; disabling them may limit functionality.

5. Sharing and International Transfers

We share personal data only as necessary to provide the Service, comply with law, or fulfill a request. Categories of recipients include:

• Hosting and infrastructure providers (e.g., Fly.io, AWS, Cloudflare) for secure storage, networking, and content delivery.
• Payment and invoicing partners (e.g., Stripe, SmartBill) to process subscription fees and issue invoices.
• Communication tools (e.g., Sendinblue/Brevo, Email Octopus, Crisp) to send transactional or support messages you initiate.
• Analytics and monitoring providers (e.g., PostHog, Google Analytics) to measure product performance.
• Optional integrations you enable, such as Google Calendar or Mailchimp.
• Professional advisors and authorities when required to comply with law, prevent fraud, or protect rights.

Where recipients are located outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions. Copies of relevant safeguards can be requested at hey@usemojo.app.

6. Retention

We retain personal data for as long as necessary to provide the Service, fulfill the purposes outlined above, comply with our legal obligations, resolve disputes, and enforce agreements. Studio owners may delete client records within the application. After termination or deletion, we archive limited information for legitimate business purposes (e.g., accounting records) and will securely delete or anonymize data once no longer needed.

7. Security

Mojo implements technical and organizational measures—including encryption in transit, role-based access controls, logging, and regular security reviews—to protect personal data. No online service is completely secure, so we encourage you to use strong passwords, enable available security features, and promptly report suspected incidents.

8. Your Rights

Subject to applicable law, individuals have the right to:

• Access personal data we hold about them;
• Request correction of inaccurate or incomplete data;
• Request deletion (“right to be forgotten”) or restriction of processing;
• Object to processing based on legitimate interests or direct marketing;
• Withdraw consent at any time, without affecting prior lawful processing;
• Receive data they provided to us in a structured, commonly used format and/or request transfer to another controller (data portability);
• Lodge a complaint with a supervisory authority, such as the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or their local regulator.

Requests can be sent to hey@usemojo.app. We may ask you to verify your identity before fulfilling a request. If you are an end client of a studio using Mojo, please contact that studio first; we assist our customers in responding to client requests.

9. Children

The Service is intended for adults managing or attending fitness and wellness services. We do not knowingly collect personal data from individuals under 18 years old. If you believe a minor has provided data without parental consent, contact us so we can delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect operational or legal changes. We will post the revised policy with an updated “Last updated” date and, when changes are material, provide notice via email or an in-app banner before they take effect. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

11. Contact

For questions, concerns, or to exercise your privacy rights, contact us at hey@usemojo.app. Please include the nature of your request and the country in which you reside so we can respond appropriately.