DeskMochi.aiTerms of Use

Privacy Policy

Last updated: March 31, 2026

1. Introduction

DeskMochi is a product of WhySoNice LLC ("we," "us," or "our"). DeskMochi is a desktop AI companion application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use DeskMochi's desktop application, website (deskmochi.com), and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and a hashed password. We use Supabase for authentication — we never store your password in plain text.

2.2 Chat Conversations

When you chat with Mochi, your messages are sent to our API and forwarded directly to third-party AI providers (Google Gemini, Anthropic Claude, or OpenAI) based on your selected provider. We do not permanently store your chat messages on our servers. Conversations exist only in memory during your session and are automatically cleared from the desktop app after 10 minutes of inactivity.

2.3 Screenshots

You may optionally attach screenshots to your messages. Screenshots are captured locally on your device using your operating system's native screenshot tools (macOS Screen Capture or Windows Snipping Tool). Screenshots are sent to our API and forwarded to the AI provider to process your request. We do not store screenshots on our servers. Only the most recent screenshot in a conversation is sent — older ones are replaced with text placeholders.

2.4 Usage & Billing Data

We track AI token usage (input/output token counts, model used, and associated cost) to manage your monthly usage budget and billing. This data is stored in our database and associated with your account.

2.5 Payment Information

Payments are processed by Stripe. We never see or store your full credit card number. We receive and store your Stripe Customer ID and subscription status. All payment processing is handled directly by Stripe in accordance with their Privacy Policy.

2.6 Third-Party Integrations (Notion)

If you connect your Notion account, we store an OAuth access token, workspace name, and your selected database reference. When you use the /notion command, your conversation is sent to Notion's API to create a page in your workspace. You can disconnect at any time, which deletes the stored access token.

2.7 Device & Technical Data

We collect minimal technical data: your timezone (to personalize responses), platform (macOS or Windows, for update delivery), and app version (for update checks). We do not collect device identifiers, IP addresses for tracking, or system telemetry.

2.8 Error Reports

We use Sentry for crash and error reporting. When an error occurs, Sentry may receive error messages, stack traces, and app version information. If you submit feedback via the /feedback command, your feedback text is sent to Sentry for our review.

2.9 Local Data

The desktop app stores preferences locally on your device (AI provider choice, skin preference, auto-start setting, update channel, and authentication tokens). This data never leaves your device except for authentication tokens used to communicate with our API.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your chat messages through AI providers and return responses
  • Manage your account, subscription, and usage budget
  • Process payments through Stripe
  • Deliver software updates
  • Diagnose and fix bugs and errors
  • Respond to your feedback and support requests
  • Save conversations to connected third-party services at your request

4. Third-Party Services

We share data with the following third-party services only as necessary to provide the Service:

  • AI Providers (Google, Anthropic, OpenAI) — Your chat messages and optional screenshots are sent directly to your selected AI provider to generate responses. No intermediary gateway is used. Each provider processes data under their own privacy policies.
  • Supabase — Hosts our authentication system and database (account data, usage logs). Data is stored in Supabase's cloud infrastructure.
  • Stripe — Processes all payments. Receives your email and payment details.
  • Sentry — Receives error reports and user-submitted feedback for debugging purposes.
  • Notion — If you connect Notion, your conversations are sent to Notion's API when you use the save command. This is user-initiated only.
  • GitHub — Used to check for and deliver application updates.
  • Meta Platforms (Facebook/Instagram) — If you consent to cookies, the Meta Pixel and Conversions API send website interaction data to Meta for advertising measurement purposes. See section 9 for details.

We do not sell, rent, or trade your personal information to any third party.

5. Data Retention

  • Chat messages: Not stored on our servers. Cleared locally after 10 minutes of inactivity.
  • Screenshots: Not stored on our servers. Processed in-memory only.
  • Account data: Retained while your account is active. Deleted upon account deletion.
  • Usage logs: Retained for billing and budget tracking purposes.
  • Connector tokens: Retained while the integration is connected. Deleted when you disconnect.
  • Error reports: Retained by Sentry per their data retention policies (typically 90 days).

6. Data Security

We implement industry-standard security measures to protect your data, including: HTTPS encryption for all API communication, secure token-based authentication, server-side rate limiting, CORS restrictions, and Content Security Policy headers. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

  • Access your personal data by contacting us
  • Delete your account and associated data
  • Disconnect third-party integrations at any time
  • Export your data by contacting us
  • Opt out of advertising cookies by declining consent or clearing local storage
  • Opt out of error reporting by contacting us

If you are a resident of the European Economic Area (EEA), United Kingdom, or California, you may have additional rights under GDPR or CCPA. Contact us to exercise these rights.

8. Children's Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will delete it promptly.

9. Analytics & Tracking

9.1 Cookie Consent

When you first visit our website, we ask for your consent before loading any tracking technologies. You can accept or decline. If you decline, no advertising cookies or pixels are loaded and no tracking occurs beyond what is strictly necessary for authentication.

9.2 Meta Pixel & Conversions API

If you accept cookies, we use the Meta Pixel and Meta Conversions API (CAPI) to measure the effectiveness of our advertising on Facebook and Instagram. These tools help us understand which ads lead people to visit our website and whether they take actions like downloading the app.

The Meta Pixel may collect: pages visited on our website, browser and device type, and actions taken (such as clicking the download button). Data is sent to Meta Platforms, Inc. and processed under their Data Policy. We do not use this data to build user profiles or for any purpose other than ad measurement.

The Conversions API sends a server-side copy of certain events (such as page views) to Meta. This improves measurement accuracy but does not collect additional personal data beyond what is described above. Where possible, data is hashed before transmission.

9.3 Opting Out

You can withdraw your consent at any time by clearing your browser's local storage for deskmochi.com (which resets the cookie preference) or by using your browser's cookie management settings. You can also opt out of Meta's advertising tracking through your Facebook Ad Preferences.

9.4 Other Tracking

Beyond the Meta Pixel (when consented), we do not use any other analytics pixels, behavioral tracking technologies, or third-party advertising trackers. The only other cookies used are those strictly necessary for authentication session management.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at [email protected].