Store Log in with Discord

Privacy policy

Last updated: April 30, 2026

Scope and GDPR

This notice is a general description of how we handle data. It is not a GDPR privacy statement, and we do not claim full compliance with the GDPR, UK GDPR, or materially similar laws today.

If those laws apply to you in a way that would obligate us to rights, documentation, or mechanisms we do not yet provide, you must not use the Service. See the “Regional restriction” section in our Terms of service.

What we do

Moka helps you track online orders by connecting mail accounts you add. We search linked mailboxes for order confirmation and shipping messages from supported retailers and show consolidated order details in one place.

Data we access

  • Email. For accounts you configure (such as Gmail over IMAP), we connect solely to locate order-related mail from supported retailers. We do not scan your mail for unrelated purposes.
  • Order details. Information extracted from retailer messages—for example order numbers, line items, dates, totals, tracking numbers, and courier references—is stored under your tenant account so the product can show your orders and run updates you request.
  • Sign-in and billing eligibility. You authenticate with Discord. We keep the identifiers and tokens our service needs for your session and to tie mail and order data to your account. Access to paid features may be checked against Whop membership; purchase information is governed by Whop’s policies.

Data storage

Data is hosted in infrastructure we operate or contract for (for example PostgreSQL). Mail credentials used for IMAP are encrypted at rest and decrypted only server-side while running imports or scheduled fetch work you trigger. Connections use HTTPS. Job and delivery records are persisted so you don’t lose history between sessions unless you delete them.

Data sharing

We don’t sell or rent personal data about you or your orders. We share information only where needed to operate the product (such as processors that host servers or backups under contract), where you direct us (for example mail providers when we connect mail), or where we must comply with law. We don’t serve ads based on mailbox contents.

Deletion

You can remove integrations and tenant-owned data via in-product controls (for example Settings and account management). Disconnecting an integration removes associated credentials from our records to the extent technically feasible; deleting your account deletes or anonymizes tenant-held data according to product rules in effect at that time.

Security

We use HTTPS for transit and layered access controls behind sign-in. No service can guarantee absolute security—you should protect your Discord account and revoke mail access when you stop using this product.

Related

This policy should be read together with our Terms of service.

Contact

For questions about this policy, reach out via our Discord community when an invite or support path is linked from the app. You can also use our Contact page for other notices.