Privacy Policy

Last updated: April 18, 2026

1. Data Controller

mokka.solutions ("we", "us", "our") is the data controller responsible for processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable German data protection law (BDSG).

Contact: privacy@mokka.solutions

2. Data We Collect

We collect the minimum data necessary to provide our services:

  • Email address — provided during account registration, used for authentication and essential communications.
  • Password — stored as an irreversible cryptographic hash (Argon2id). We never store or have access to your plaintext password.
  • IP address — logged for security purposes (fraud prevention, rate limiting) and consent records as required by GDPR.
  • Session data — technical identifiers used to keep you logged in.

3. Legal Basis for Processing

We process your data under the following legal bases (Art. 6 GDPR):

  • Consent (Art. 6(1)(a)) — You provide explicit consent when creating an account by agreeing to this Privacy Policy and our Terms of Service.
  • Contract performance (Art. 6(1)(b)) — Processing is necessary to provide the services you have requested.
  • Legitimate interest (Art. 6(1)(f)) — Security measures such as rate limiting and fraud prevention.

4. Data Retention

We retain your personal data only as long as necessary:

  • Active accounts — Data is retained for the duration of your account.
  • Deleted accounts — Personal data is soft-deleted immediately upon your request. Residual records required for legal compliance (e.g., consent logs) are retained for up to 3 years, then permanently deleted.
  • Security logs — IP addresses in session logs are retained for up to 90 days.

5. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15) — Request a copy of all personal data we hold about you. Use the "Export My Data" feature in your dashboard.
  • Right to rectification (Art. 16) — Request correction of inaccurate data.
  • Right to erasure (Art. 17) — Request deletion of your account and associated data. Use the "Delete My Account" feature in your dashboard.
  • Right to data portability (Art. 20) — Receive your data in a structured, machine-readable format (JSON).
  • Right to withdraw consent (Art. 7(3)) — Withdraw your consent at any time by deleting your account.
  • Right to lodge a complaint — You may file a complaint with your local data protection supervisory authority.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Argon2id password hashing
  • CSRF protection on all forms and API endpoints
  • Rate limiting to prevent brute-force attacks
  • Account lockout after repeated failed login attempts
  • HTTPS encryption for all data in transit

7. Third-Party Sharing

We do not sell, trade, or share your personal data with third parties. Data is processed solely on our own infrastructure.

8. Cookies

We use only essential session cookies required for authentication. We do not use tracking cookies, analytics cookies, or advertising cookies.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

For any questions regarding this Privacy Policy or your personal data, please contact:

Email: privacy@mokka.solutions