|
|
 |
 |
|
Mocha Messenger Privacy Policy
Last updated: April 6, 2026
|
This Privacy Policy explains how MochaChat Contributors handle information in connection with Mocha Messenger, Mocha Passport, the Notification Server, the Switchboard, Mocha-operated download and support pages, public service-status pages, and pre-release testing workflows.
|
1. Information we collect
The current Mocha services can collect and store account details such as usernames, display names, internal user ids, password hashes and salts, administrator flags, session tokens, refresh tokens, contact lists, aliases, blocked-user entries, pending contact requests, presence details, personal messages, moderation actions, public service-status entries, and update feed metadata.
The Windows client can also store local settings such as remembered sign-in addresses, protected saved passwords, personal message preferences, contact sorting and local group assignments, receive-folder choices, proxy settings, notification preferences, and message-font options.
|
2. How we use information
Mocha uses this information to create and authenticate accounts, operate contacts and privacy controls, synchronize presence, route messages and conversations, deliver activity alerts, publish update feeds, support moderation tools, power public service-status pages, and maintain the reliability and security of the service during development.
|
3. Conversations, files, and activity alerts
The current service stack processes live message payloads, typing notifications, invitations, join and leave events, and file-transfer control traffic. General server-side message history is not intentionally archived in the core service stack, but Passport may temporarily store short activity alerts for offline delivery and then remove them after the recipient polls for them.
|
4. Sharing and disclosure
Information is shared only as needed to run the Mocha services, including between Passport, the Notification Server, the Switchboard, and the deployed infrastructure that hosts them. Moderation data, administrative announcements, and public service-status posts may also be visible to administrators or published to users when those features are used.
|
5. Retention
Retention depends on the record type. Account, contact, block, and moderation records remain until changed, deleted, or expired. Refresh tokens remain until revoked or expired. Public service-status messages remain until administrators update or remove them. Local client settings and downloaded files remain on your device until you remove them.
|
6. Your choices
You can manage contacts, blocked users, remembered sign-in settings, local file locations, and other client-side preferences from the Messenger client. Mocha Passport also exposes account and privacy services that can be expanded into more self-service website controls over time.
|
7. Security
The current implementation hashes passwords with PBKDF2-SHA256, issues signed session tokens, protects saved Windows credentials with platform facilities, uses TLS for core service connections, and redacts passwords and authentication tokens from the in-memory protocol monitor used by the current Windows client.
|
8. Contact
For support, bug reports, moderation questions, or privacy requests during this pre-release period, use the official Mocha Discord server at discord.gg/D5kTDnGkXs.
|
|
|
|
