Home › Trust & security
Trust & security

Where your data lives, who touches it, how it's protected

MOJAQ is built EU-first. Here is the honest, specific version: our infrastructure, subprocessors, retention, security measures and how to reach us. No hand-waving.

EU-ONLY STORAGEGDPR-NATIVEONE DPAENCRYPTED BACKUPS

Where your data is stored

All MOJAQ services and all stored customer data run on dedicated infrastructure in Helsinki, Finland (Hetzner). Stored customer data does not leave the European Union. Backups are encrypted and kept within the EU.

Full precision, because it matters. Two paths involve non-EU parties and we will not pretend otherwise: (1) Cloudflare terminates TLS and provides CDN/DDoS protection, so traffic passes through its edge in transit, but no customer data is stored there. (2) The optional AI gateway forwards your API calls to whichever provider you configure. If you point it at a US provider, that specific call leaves the EU by your choice; if you point it at an EU provider, it does not. Everything else, analytics, errors, logs, uptime, render, flags, realtime, forms, webhooks, is EU-only.

Subprocessors

ProviderPurposeLocationCustomer data at rest?
Hetzner Online GmbHDedicated server hosting (all products + storage)Germany / Finland (EU)Yes, encrypted, EU-only
Cloudflare, Inc.TLS termination, CDN, DDoS protection, bot challengeGlobal edge (US entity)No, in transit only
ResendTransactional / account email deliveryUS entityAccount email address only

We do not sell data, and there are no advertising or analytics trackers in the data path. A signed Data Processing Agreement is available, and you can generate an organization-specific data-residency report from your dashboard.

Data retention

Security measures

Reliability, honestly

During the open beta MOJAQ runs in a single EU region (Helsinki). We keep encrypted off-site backups, run external self-monitoring, and test restores, but we do not offer a formal uptime SLA yet, and we say so plainly. If you need contractual guarantees or multi-region redundancy today, tell us and we will be straight with you about where we are.

Reporting a vulnerability

Found a security issue? We want to hear about it. Email [email protected] (see /.well-known/security.txt). Please give us reasonable time to fix before disclosure, and we will keep you updated.

Legal