Back to Home

Privacy Policy

Last updated: April 2, 2026

Introduction

At MokuHub LLC ("Company", "we", "us", or "our"), we take your privacy seriously. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our products and services, including MokuBot - AI Agent for NetSuite (our Chrome Extension) and MokuField (our field service management platform), collectively referred to as the "Service".

This Privacy Policy applies to all users of our Service, regardless of location. If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, additional protections apply to you as described in the "Your Rights Under GDPR" section.

Data Controller

MokuHub LLC is the data controller responsible for your personal data. You can contact our data protection team at:

MokuHub LLC

Email: legal@mokuhub.com

Address: 0105, Georgia, Tbilisi, Chugureti district, Mikheil Tsinamdzgvrishvili street, N 52, attic

Definitions

Account - A unique account created for You or Your organization to access our Service.

Personal Data - Any information relating to an identified or identifiable natural person.

Customer Data - All data that You or Your Authorized Users submit to the Service, including work orders, NetSuite data, and operational data.

Processing - Any operation performed on Personal Data, whether or not by automated means.

Service - MokuBot (Chrome Extension and backend services) and MokuField (field service platform), including all associated websites, APIs, and mobile applications.

Legal Bases for Processing

We process your Personal Data only when we have a valid legal basis under applicable data protection law. The legal bases we rely on are:

Contract Performance (GDPR Art. 6(1)(b))

Processing necessary to provide you with our Service, manage your account, process payments, and deliver the features you signed up for.

Applies to: Account management, subscription billing, service delivery, customer support.

Consent (GDPR Art. 6(1)(a))

Processing based on your explicit, freely given consent. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Applies to: Marketing emails, analytics cookies, non-essential tracking.

Legitimate Interests (GDPR Art. 6(1)(f))

Processing necessary for our legitimate interests, provided these are not overridden by your rights. We conduct balancing tests to ensure fairness.

Applies to: Service security, fraud prevention, abuse detection, product improvement, aggregated analytics.

Legal Obligation (GDPR Art. 6(1)(c))

Processing required to comply with applicable laws and regulations.

Applies to: Tax records, financial reporting, legal compliance, responding to lawful requests from authorities.

Information We Collect

Account Data

When you create an account, we collect:

  • Email address (from Google sign-in)
  • Display name (from Google sign-in)
  • Profile photo URL (from Google sign-in)
  • Company/organization information (if provided)

Legal basis: Contract performance

Usage Data

We automatically collect:

  • IP address
  • Browser type and version
  • Pages visited and time spent on our website
  • Device identifiers and diagnostic data
  • Feature usage and interaction patterns within the application
  • Token usage counters (for rate limiting)

Legal basis: Legitimate interests (service improvement, security)

Security Data

For abuse detection and platform security, we may collect:

  • Device fingerprint (hashed combination of browser characteristics)
  • IP addresses associated with login events
  • User-Agent strings
  • Login timestamps

Legal basis: Legitimate interests (fraud prevention, abuse detection). We have conducted a balancing test and determined that our interest in preventing account abuse does not override your privacy rights, given that we hash device data and do not use it for tracking or advertising purposes.

MokuBot-Specific Data

When using MokuBot (Chrome Extension):

  • Your queries and prompts sent to the AI
  • NetSuite page context (read from your active browser tab)
  • Email marketing consent preference

Important: Your queries and page context are transmitted to AI providers for real-time processing only and are not stored on our servers. Chat history is stored locally in your browser.

Legal basis: Contract performance (providing the AI service you signed up for)

MokuField-Specific Data

When using MokuField (field service platform):

  • Work orders, customer records, and operational data
  • Real-time GPS location (during active work orders)
  • Location history (for route planning and mileage reporting)
  • Photos and digital signatures for work documentation
  • Phone number, job title, and country of residence

Legal basis: Contract performance; Consent (for location tracking)

How We Use Your Personal Data

We use your data for the following purposes:

  • Service delivery: To operate, maintain, and provide the features of the Service
  • Account management: To manage your account, subscription, and billing
  • AI processing: To route your queries to AI model providers and return responses (MokuBot)
  • Security: To detect and prevent fraud, abuse, and unauthorized access
  • Communications: To send transactional emails (account confirmations, security alerts, billing receipts)
  • Marketing: To send promotional content (only with your explicit consent; you may opt out at any time)
  • Analytics: To understand usage patterns and improve the Service (with consent for non-essential analytics)
  • Legal compliance: To comply with applicable laws, regulations, and legal processes

Third-Party Service Providers (Subprocessors)

We share your data with the following third-party service providers who process data on our behalf. Each provider is bound by data processing agreements:

AI Processing

OpenRouter

Purpose: AI model routing and API gateway for MokuBot

Data processed: User queries, NetSuite page context (transient, not stored)

Privacy Policy: openrouter.ai/privacy

Anthropic

Purpose: AI model provider (Claude) for generating responses

Data processed: User queries routed via OpenRouter (transient)

Privacy Policy: anthropic.com/privacy

Google AI (Gemini)

Purpose: AI model provider for generating responses

Data processed: User queries routed via OpenRouter (transient)

Privacy Policy: policies.google.com/privacy

Infrastructure & Storage

Google Cloud Platform (Firebase / Firestore)

Purpose: Cloud infrastructure, database, authentication, hosting

Data processed: Account data, usage counters, login events, consent records

Data location: europe-west1 (Belgium)

Privacy Policy: policies.google.com/privacy

Amazon Web Services (AWS)

Purpose: Cloud infrastructure for MokuField

Data processed: MokuField operational data

Privacy Policy: aws.amazon.com/privacy

OVH

Purpose: Hosting and infrastructure services

Privacy Policy: ovhcloud.com/privacy-policy

Communications & Marketing

Brevo

Purpose: Transactional and marketing email delivery, CRM

Data processed: Email address, name, subscription status, email engagement

Privacy Policy: brevo.com/legal/privacypolicy

Payments

Dodo Payments

Purpose: Subscription billing and payment processing

Data processed: Billing information, payment method details, subscription status

Privacy Policy: dodopayments.com/privacy

Analytics

Google Analytics

Purpose: Website usage analytics and service improvement

Data processed: Anonymized usage data, page views, device information

Note: Only activated with your consent for analytics cookies

Privacy Policy: policies.google.com/privacy

Mapping (MokuField)

Google Maps

Purpose: Mapping, geocoding, and route optimization for field service

Data processed: Location data, addresses

Privacy Policy: policies.google.com/privacy

We will notify users of any material changes to our list of subprocessors via email or a notice on our Service. You may object to a new subprocessor by contacting us within 30 days of the notification.

Multi-Tenant Data Protection

Technical Measures

  • Row-Level Security: Database-level enforcement (PostgreSQL RLS) for MokuField
  • Document-level isolation in Firestore for MokuBot
  • Tenant Identification: Every data request is automatically scoped to your organization
  • Access Controls: Role-based permissions within your organization

Your organization's data is never visible to other customers. We implement technical controls to prevent any cross-tenant data access.

Email Communications

Transactional Emails

We send transactional emails necessary for the operation of the Service (account verification, security alerts, billing receipts, service notifications). These are sent under the legal basis of contract performance and do not require separate consent.

Marketing Emails

With your explicit consent, we may send marketing emails about product updates, tips, and offers. We use Brevo as our email platform.

Your rights:

  • Marketing emails require your opt-in consent
  • Every marketing email contains an unsubscribe link
  • You can withdraw consent at any time
  • Unsubscribe requests are processed within 48 hours

Data Retention

We retain your data only for as long as necessary for the purposes described in this policy:

MokuBot Data

  • Account data: Duration of your account plus 30 days after deletion request
  • Usage counters: Duration of your account (reset periodically per subscription terms)
  • Login events (security data): 12 months, then permanently deleted
  • Consent records: 3 years (legal compliance requirement)
  • Chat history: Stored locally in your browser only; we do not retain it

MokuField Data

  • Work orders: Subscription duration plus 30 days after termination
  • Location history: 90 days for active analysis, then archived for up to 2 years
  • Photos and signatures: Subscription duration
  • Audit logs: 2 years for compliance

After Account Termination

  • 30 days to export your data after termination
  • All Customer Data permanently deleted after 30 days
  • Backup copies purged within 90 days of deletion
  • Data required for legal obligations (tax, fraud records) may be retained longer as required by law

Data Protection & Security

We implement appropriate technical and organizational measures to protect your Personal Data:

  • Encryption of data in transit (TLS 1.2+)
  • Encryption of data at rest
  • Hashing of sensitive identifiers (device fingerprints are SHA-256 hashed)
  • Regular security assessments
  • Access controls and authentication (Google OAuth 2.0)
  • Principle of least privilege for internal access

Important: No method of transmission over the Internet is 100% secure. While we implement industry-standard security measures, we cannot guarantee absolute security.

International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. Our primary data storage is in the EU (Google Cloud europe-west1, Belgium), but some subprocessors operate in the United States and other countries.

When we transfer data outside the EEA/UK, we ensure adequate protection through one or more of the following mechanisms:

  • EU-US Data Privacy Framework: For transfers to US providers certified under the DPF
  • Standard Contractual Clauses (SCCs): EU Commission-approved contractual safeguards included in our data processing agreements with subprocessors
  • Adequacy decisions: Where the European Commission has determined that a country provides adequate data protection

You may request a copy of the safeguards we use for international transfers by contacting us at legal@mokuhub.com.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • If the breach is likely to result in a high risk to your rights, we will also notify you directly without undue delay
  • Notifications will include the nature of the breach, likely consequences, measures taken to address it, and your point of contact

Automated Decision-Making

We use automated processing for abuse detection (analyzing login patterns to identify potential account sharing violations). This may result in reduced service capacity for flagged accounts.

You have the right to contest automated decisions that significantly affect you, obtain human intervention, and express your point of view. Contact us at legal@mokuhub.com to exercise this right.

Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

  • Right of access (Art. 15): Request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): Request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing (Art. 18): Request that we limit how we use your data
  • Right to data portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent (Art. 7): Withdraw consent at any time, without affecting prior processing
  • Right to lodge a complaint: File a complaint with your local data protection authority

To exercise any of these rights, email us at legal@mokuhub.com. We will respond within 30 days. We may ask you to verify your identity before processing your request.

Your Rights Under CCPA/CPRA

If you are a resident of California, you have certain rights under the California Consumer Privacy Act:

  • Right to know: Request information about the data we collect
  • Right to delete: Request deletion of your personal information
  • Right to correct: Request correction of inaccurate personal information
  • Right to opt-out: Opt-out of the sale or sharing of your information
  • Right to non-discrimination: We will not discriminate against you for exercising your rights

Note: We do not sell personal information to third parties.

Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under 18. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us at legal@mokuhub.com and we will promptly delete such information.

Cookies and Tracking Technologies

We use cookies and similar technologies on our website. For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

You can manage your cookie preferences at any time through the cookie settings on our website. For EEA users, non-essential cookies are disabled by default and require your explicit consent.

Data Processing Agreement

For customers subject to GDPR or other data protection regulations who require a formal Data Processing Agreement (DPA), we offer one upon request. Please contact us at legal@mokuhub.com to obtain a copy.

Contact Us

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your rights, you can contact us:

MokuHub LLC - Data Protection

Email: legal@mokuhub.com

Address: 0105, Georgia, Tbilisi, Chugureti district, Mikheil Tsinamdzgvrishvili street, N 52, attic

Response time: Within 72 hours (data rights requests: within 30 days)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and where required by law, providing notice via email.

For material changes that affect how we process your data, we will provide at least 30 days' notice before the changes take effect. Your continued use of the Service after such modifications constitutes your acknowledgment of the modified Privacy Policy.

Back to Home