Legal documents Deutsch

Privacy Notice

Version: 8 Feb 2026

This Privacy Notice explains how Mojo Innovation AG (“Mojo”, “we”, “us”) processes personal data when you use evooia (the “Service”), including our website, web app, and mobile app.


1) Who we are

Provider: Mojo Innovation AG, Beethovenstrasse 41, 8002 Zurich, Switzerland
Contact: info@mojo-innovation.com


2) Roles: Controller vs Processor

evooia is used by professional and business customers (e.g., clinics, studios, agencies, self-employed professionals) and may involve patient/client data.

A) Patient/client data in the Service

For patient/client data processed within the Service (e.g., images, related metadata, messages/attachments, notes), our Customer (the practitioner/clinic/studio/agency) typically acts as Data Controller, and Mojo acts as Data Processor processing data on the Customer’s instructions (see our separate Data Processing Addendum (DPA)).

B) Provider operations

For data we process to operate our business and the Service (e.g., account administration, billing, security, support, product improvement), Mojo may act as Data Controller.


3) What data we collect and why

3.1 Account and administration (Practitioners / staff)

Data: name, email address, login/authentication data, account settings, support communications.
Purpose: create and manage accounts, provide support, secure the Service.
Legal basis (where applicable): performance of contract; legitimate interests (security, fraud prevention, service operation).

3.2 Images and related metadata (Patients/clients)

Data: images captured in the app, and related metadata generated by the Service (e.g., timestamps and technical metadata).
Purpose: enable core Service features such as secure storage, viewing, and workflow support.
Sharing control: patients/clients control whether and how their content is shared with Customer staff, subject to how the Customer configures the Service and applicable professional/legal requirements.
Legal basis (where applicable): performance of contract; where required for sensitive data, applicable legal basis under Customer's responsibility (explicit consent or healthcare-related basis).

3.3 Messaging (if enabled)

Data: message content (text, images, attachments), timestamps, sender/recipient identifiers.
Purpose: facilitate communication and coordination.
Legal basis (where applicable): performance of contract; where required for sensitive data, applicable basis under Customer’s responsibility.

3.4 Product analytics (PostHog)

Data: usage/event data (e.g., feature usage, page/screen events, device/app technical signals), which may include identifiers such as internal user IDs and/or pseudonymous identifiers.
Purpose: improve the Service, understand usage, fix issues, and improve stability.
Legal basis (where applicable): legitimate interests; consent where required (e.g., website analytics/cookies depending on jurisdiction and configuration).

3.5 Diagnostics

Data: crash reports and performance metrics (typically pseudonymized where possible).
Purpose: troubleshooting, stability, quality improvement.
Legal basis (where applicable): legitimate interests.

3.6 Payments (Stripe)

Data: billing/contact details and payment-related information handled by our payment processor.
Purpose: subscription billing, payments, receipts, fraud prevention.
Legal basis (where applicable): performance of contract; legal obligation (accounting).


4) Service providers (subprocessors / processors)

We use established service providers to operate the Service:

We require service providers to protect personal data and use it only to provide their services to us.


5) Cookies & tracking

Our website and web app may use cookies or similar technologies for:

You can manage cookies via your browser settings and, where available, our cookie/consent controls. Disabling certain cookies may affect functionality.


6) Where we process data

We use cloud infrastructure hosted in Switzerland (Microsoft Azure Switzerland).
Some service providers (e.g., PostHog in Frankfurt, EU) may process certain identifiers and metadata outside Switzerland depending on how those services operate.

Where required, we rely on appropriate safeguards for international data transfers.


7) Data retention

We retain personal data only as long as necessary for the purposes described above, or as required by law.

Typical retention approach:


8) Data security

We use appropriate technical and organizational measures designed to protect personal data, including encryption in transit and at rest (where supported), access controls, and backups. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.


9) Your rights

Depending on your location and applicable law, you may have rights such as:

For patient/client data processed on behalf of a Customer, requests may need to be handled through the Customer (as Controller).


10) Changes to this Privacy Notice

We may update this Privacy Notice from time to time. If changes are material, we will provide notice (e.g., in-app notice or email). Continued use of the Service after the effective date of an updated notice indicates acceptance where permitted by law.


11) Contact

Questions or requests: