Privacy Policy

1. What Information We Collect

We collect what you give us directly: name, email address, phone number (used only for one-time verification), city and country, business details if you list as a vendor, and payment information processed by Stripe (we never store complete card numbers ourselves; only the last four digits and a Stripe customer ID). On the Mojere mobile app, we additionally collect your push notification token so we can deliver alerts you've opted into, and — only when you explicitly grant permission — access to your camera or photo library (to add portfolio images and avatars) and your approximate location (to show vendors near you). Granting these is always optional and can be revoked from your device's system settings at any time.

We also collect what we observe automatically: browser or mobile device type and model, operating-system version, app version, IP address, pages or app screens you visit, vendors you click on, and timestamps. None of this observed data is sold or shared with advertisers, and we do not track your activity across other apps or websites.

2. How We Use Your Information

We use your data to: run the platform (match you with vendors, send notifications); improve Mojere (what's popular, what's broken); prevent fraud and security threats; comply with Canadian law (especially PIPEDA) and UK law (GDPR); and send you updates about our service. We send marketing emails only if you opt in. You can unsubscribe anytime (one click at the bottom of any email).

3. Who We Share Your Data With

We never sell your data. Full stop. We share it only when necessary: with vendors you contact directly (they need your name and the contact details you choose to share so they can respond to your inquiry); with the third-party service providers listed below, each under a written processing or confidentiality agreement; with Canadian or UK authorities if required by law; and, if Mojere is ever acquired, with the buyer who inherits your data under the same privacy commitments (you'll be notified of any major change of ownership).

The third-party processors we currently rely on are: Stripe, Inc. (payment processing and vendor payout accounts via Stripe Connect); Twilio, Inc., including its SendGrid product (transactional email delivery and SMS one-time codes for phone verification); Amazon Web Services, Inc. (application hosting and S3 storage for uploaded images); Functional Software, Inc. trading as Sentry (crash and error monitoring with personal data redacted before transmission); 650 Industries, Inc. trading as Expo (delivery of mobile push notifications via Apple's APNs and Google's FCM, plus over-the-air mobile app updates); and Apple Inc. and Google LLC (distribution of our mobile apps through the App Store and Google Play, and processing of any in-app payments those stores require). Each of these processors operates under their own published privacy policy, links to which are available on request from privacy@mojere.ca.

4. How We Protect Your Data

Your data is encrypted in transit using TLS 1.3 (bank-level encryption). Your password is hashed with bcrypt — we cannot read it even if we wanted to. On the website, authentication uses secure, httpOnly cookies; on the Mojere mobile app, your authentication tokens are stored inside your device's hardware-backed secure store (iOS Keychain or Android Keystore) and are accessible only to the Mojere app on the device that authenticated them. We rate-limit login attempts to prevent brute-force attacks and audit our security regularly. We are not perfect — no system is — but we take this seriously.

5. Cookies & Tracking

Essential cookies (authentication, session management) are necessary for Mojere to work, and you can't disable these without logging out. Analytics cookies help us understand user behavior (optional, manage in your browser settings). We don't use third-party tracking or sell data to advertisers. Ads on Mojere are contextual (based on category or location), not behavioral.

6. Your Rights (PIPEDA & GDPR Compliant)

Under Canadian law (PIPEDA) and UK law (GDPR), you have the right to: access all your personal data in a readable format; correct wrong information; delete your account and data (with a 30-day grace period to undo); opt out of marketing; know why we're collecting data; and file a complaint with your country's privacy authority. To exercise these rights, email privacy@mojere.ca.

7. How Long We Keep Your Data

While your account is active, we keep your data to operate the service. After you delete your account, we keep anonymized data (no names, no IDs) for analytics and legal compliance for up to 24 months. If the law requires us to keep something longer, we will (e.g., tax records in Canada for 6 years).

8. International Data Transfers

Mojere operates in Canada and the UK, so your data may be processed in both countries. If Mojere expands to other countries, we'll ensure European-standard protections (Standard Contractual Clauses or other safeguards). If you're in the EU and have concerns about international transfers, email privacy@mojere.ca.

9. Children & Minors

Mojere is for users 18+. We don't knowingly collect data from anyone under 18. If we discover a minor's account, we delete it immediately. If you know of a child using Mojere, report it to support@mojere.ca.

10. Mobile App-Specific Information

The Mojere mobile app for iOS and Android requests several device permissions and collects a small amount of device-derived data. We list each item below so you can verify it against the corresponding entry on the App Store privacy label and the Google Play Data Safety form.

Push notifications. When you tap "Allow notifications", your device generates a push notification token, which we store on our servers and associate with your account. We use it only to deliver alerts you have opted into (replies to your inquiries, booking confirmations, deposit reminders). The token is removed from our servers when you log out or revoke notification permission in your device settings.

Camera and photo library. Used only to upload portfolio images and avatars. The app reads no other photos and uploads nothing without an explicit tap. You can revoke access at any time in iOS Settings → Mojere or Android Settings → Apps → Mojere → Permissions.

Location. Coarse location only ("approximate" on Android, "while in use" on iOS), used to show vendors near you on the discovery screen. We never read location in the background. If you decline, the app falls back to the city stored on your account.

Phone number. Optional. If you choose to add and verify a phone number, we send a single one-time SMS code via Twilio. Once verified, we store only the verification timestamp and method — we do not use your phone number to send marketing SMS, and we do not share it with vendors unless you explicitly include it in a message.

Diagnostics. Crash reports and runtime errors from the app are sent to Sentry with personal data redacted (no email, name, or message bodies). This helps us fix bugs without seeing your conversations.

Account deletion. You can request permanent deletion of your account and associated data at any time by emailing privacy@mojere.ca from the address on your account, or from the in-app "Delete account" option (Settings → Account). We honour deletions within 30 days, after which only anonymised aggregates and records we are legally required to retain (such as transaction logs for tax purposes) remain.

11. Contact

For privacy inquiries, contact our Data Protection Officer at privacy@mojere.ca.