Privacy
Privacy Policy
Last updated June 22, 2026. This policy describes how Moxie Docs, a jackalope.dev product, handles data for GitHub repository documentation, search, generated docs, and AI-ready context.
Who we are
- + Moxie Docs is a jackalope.dev product and acts as the controller of the account, billing, and site data described in this policy.
- + For repository content and generated docs that you connect to a workspace, we act as a processor handling that data on your behalf and under your instructions.
- + You can reach us about any privacy matter at contact@moxiedocs.com.
What we collect
- + Account and workspace details such as name, email, company, role, and connected repositories.
- + GitHub App installation data, repository metadata, source files, existing documentation, tests, package manifests, and pull request events needed to index and maintain docs.
- + Generated documentation, summaries, bookmarks, highlights, notes, Friday Recaps, MCP context, and automation settings created in the product.
- + Billing and subscription status from Stripe. We do not store full payment card numbers.
- + If you connect Slack, the workspace and channel identifiers plus an encrypted bot token and incoming-webhook URL needed to post notifications to the channel you choose. We request only the chat:write and incoming-webhook scopes and do not read or store your Slack messages, channels, files, or member profiles.
- + Contact requests, optional analytics events, logs, and security events needed to operate and improve the service.
How we use data
- + To authenticate users, connect GitHub repositories, index codebases, generate searchable documentation, and produce AI-ready context.
- + To create Friday Recaps, suggest documentation updates, and open Cleanup PRs only when authorized by workspace settings.
- + To provide support, answer security questions, prevent abuse, debug service issues, and manage billing.
- + To improve product quality, reliability, onboarding, and documentation workflows.
Legal bases for processing
- + Where the EU/UK GDPR applies, we process data to perform our contract with you (providing and securing the service and managing billing).
- + We rely on our legitimate interests to operate, debug, prevent abuse, and improve the service in ways that do not override your rights.
- + We rely on your consent for optional analytics in regions that require it, and you can withdraw consent at any time.
- + We process some data to comply with legal obligations, such as tax, accounting, and security requirements.
Repository content and generated docs
- + Repository content is used to provide the Moxie Docs workspace for the connected customer. It should be treated as confidential workspace data.
- + Generated docs, summaries, gap reports, and MCP context may include derived descriptions of private source code. Access should be limited to authorized workspace users.
- + Moxie should not be used to index secrets, credentials, regulated health data, payment card data, or other sensitive data unless a written agreement explicitly covers that use.
- + AI prompts should be assembled from the smallest useful source and documentation context for the job. Generated outputs may include derived descriptions of repository content.
- + We do not use your private repository content to train third-party or foundation models, and we do not sell customer data.
Sharing and processors
- + We use infrastructure and product providers such as Supabase, Stripe, GitHub, Cloudflare, OpenAI or other AI providers, PostHog, Google Analytics, Resend, Slack (for workspaces that connect it), and email tooling to run the service. The current list, with the purpose and data each one handles, is published on the subprocessors page.
- + We do not sell customer repository content. We share data only as needed to operate the product, comply with law, protect the service, or with your direction.
- + Enterprise agreements may include additional security terms, data processing terms, and retention commitments.
International data transfers
- + Our providers are primarily based in the United States, so operating the service may involve transferring data across borders, including from the EU, EEA, UK, and Switzerland.
- + Where required, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms to protect transferred data.
- + You can request more detail about transfer safeguards at contact@moxiedocs.com.
Cookies and optional tools
- + Essential cookies and storage keep sign-in, security, billing, workspace selection, privacy preferences, and core product features working.
- + Google Analytics and PostHog are optional analytics tools that help us understand how Moxie Docs is used. PostHog also includes session replay, which records interactions such as page views and clicks with input fields masked, and product surveys. In regions that require prior consent, including the EU, EEA, UK, and Switzerland, we load them only after you allow optional analytics. Elsewhere they are on by default and you can turn them off at any time by choosing Essential only.
- + You can reopen Privacy choices from the site footer to change your preference. Choosing Essential only stops optional analytics scripts from loading and disables them on your next page load.
- + Moxie Docs is not intended to run advertising pixels or sell/share repository content for cross-context behavioral advertising.
Security and retention
- + Secrets and privileged service credentials must remain server-side. Workspace access should be role-based and limited to authorized users.
- + Repository indexes, generated docs, logs, and backups are retained only as long as needed for the product, support, legal, security, or billing purposes.
- + If you connect Slack, the stored Slack credentials (bot token and webhook URL) are revoked and deleted when you disconnect the integration in Moxie Docs or uninstall the app from your Slack workspace.
- + You can request deletion or export help by contacting contact@moxiedocs.com.
Your choices and rights
- + You can delete generated repository data, pause automation, manage workspace access, cancel billing, or delete your account from product settings where your role allows it.
- + Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to the processing of your personal data, and to withdraw consent.
- + We do not sell your personal data or share it for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights.
- + To exercise a right, email contact@moxiedocs.com; we may need to verify your identity and may decline where security or legal limits apply.
- + If you are in the EU, EEA, UK, or Switzerland, you may also lodge a complaint with your local data protection authority.
Children's privacy
- + Moxie Docs is a business tool that is not directed to children and is not intended for use by anyone under 16.
- + We do not knowingly collect personal data from children; if you believe a child has provided data, contact us and we will delete it.
Changes to this policy
- + We may update this policy as the product, providers, and legal requirements evolve.
- + We will update the date above and, for material changes, provide reasonable notice through the service or by email.
- + Continued use of the service after an update means you accept the revised policy.