Mooth Privacy Policy

1. Who we are

Mooth is operated by HelixGuard, LLC. We are the data controller for the personal information described in this Privacy Policy. This policy explains how we collect, use, store, and protect your personal information and the content you upload when you use Mooth.

2. Information we collect

• Account information: email and password, stored as an irreversible hash.
• Google account information: when you choose Google sign-in, we receive basic profile data such as your name, email address, and Google account identifier needed to authenticate your account.
• Profile information: content you fill in under About you, when provided.
• Google Workspace and Gmail content you explicitly authorize: if you connect Google services such as Gmail, we process the message content, metadata, labels, and related account data needed to perform the feature you request.
• Integration authorizations: access credentials for third-party services you connect, such as GitHub, GitLab, or Feishu, encrypted at rest.
• Conversation content: chats with the agent, uploaded files, and generated documents.
• Access logs and usage data for security audit, troubleshooting, and product improvement.

3. How we use your information

• Provide the service: help the agent understand your business context, generate targeted suggestions, and maintain continuity across sessions.
• Google sign-in and Google-connected workflows: authenticate your account, search authorized Gmail threads, summarize content, draft replies, and organize follow-up actions you request.
• Integration calls: call third-party APIs within the scope you authorize.
• Security audit: detect abuse and prevent account compromise.
• Product improvement: use aggregated, de-identified statistics to improve the product.

4. What we explicitly do not do

• We do not use your code, documents, or conversations to train AI models.
• We do not sell your data or transfer it to third-party marketing organizations.
• We do not access third-party services without your authorization, and you can revoke authorization at any time.

5. Data storage, retention, and transfers

• We store data on commercial cloud infrastructure and apply security controls in transit and at rest.
• Content you delete is removed immediately and purged from backups within 30 days. All data is removed within 30 days after account deletion.
• Where data is processed across borders, we apply safeguards consistent with applicable data protection laws.

6. Third-party services

Mooth relies on large language model APIs, cloud infrastructure, Google OAuth and Google APIs (for sign-in and any Gmail or Google Workspace features you explicitly enable), GitHub / GitLab OAuth, and Feishu OpenAPI to operate. Each call only processes data within the scope you authorize and what the service requires.

7. Your rights and cookies

• You can view, correct, export, or delete relevant data from your account settings.
• You can revoke third-party authorizations at any time.
• Essential cookies are used for login sessions, security checks, and language preference.