Privacy Policy
Last updated: April 2026. This policy explains how Moko Speak collects, uses, stores, and protects personal data when schools, trusts, and other organisations use the Service and when individuals access it on their behalf.
1. Who we are
Moko Speak (“we”, “our”, “us”) is an AI-assisted speaking-practice product operated by Mokoapp (mokoapp.net). This Privacy Policy applies to the Moko Speak websites, web application, APIs, and related services (collectively, the “Service”).
Controllers and processors. Depending on your situation: (a) your school, trust, or other subscribing organisation is usually the data controller for personal data about its staff and pupils that it enters into or generates through the Service; (b) Mokoapp acts as a processor when we process that data on the organisation’s instructions to deliver the Service; (c) Mokoapp may act as a controller for limited purposes such as account administration with organisation representatives, billing contacts, security logs, and responding to enquiries. If you are unsure who controls your data, ask your school or organisation.
2. Data we collect
Categories of data depend on how you use the Service:
2.1 Organisation and account data
Names, work email addresses, roles (for example teacher, administrator), organisation name, and authentication details (passwords stored using strong hashing). This identifies users who can sign in and manage access.
2.2 Practice session content
Video and/or audio recordings users submit for feedback, generated transcripts, AI-derived scores and coaching notes, timestamps, and optional titles or tags. Where pupils use the Service, this may include their voice and, if camera is used, their image. Content is processed to provide feedback and reports as configured by your organisation.
2.3 Usage data
Features used, session duration, approximate timestamps of actions, and similar analytics to run, secure, and improve the Service.
2.4 Technical data
IP address, browser type and version, device type, referring URL, and server logs for security, debugging, and stability.
2.5 Payment and procurement data
If you purchase a licence, we collect billing and contact details needed for invoices. Card payments are handled by a payment processor; we do not store full card numbers on our servers.
2.6 Communications
When you email us or use a contact form, we keep the content and contact details needed to respond.
3. How we use your data
We process personal data to:
- Provide the Service: transcribing and analysing practice sessions, generating feedback, displaying progress and exports for teaching staff.
- Manage access: authentication, organisation structure, and permissions.
- Billing: invoices, payment status, and contract administration.
- Communicate: service messages, security alerts, and—if you opt in—product updates.
- Improve and secure: troubleshooting, abuse prevention, and aggregated analytics.
- Comply with law: responding to lawful requests and meeting record-keeping duties.
4. Legal basis for processing (EEA/UK)
For individuals in the EEA or UK, typical bases include:
| Purpose | Legal basis |
|---|---|
| Delivering the Service under an organisation agreement | Performance of a contract; and/or legitimate interests of the organisation and Mokoapp in providing education technology (Art. 6(1)(b)/(f) GDPR) |
| Pupil data where the school instructs us | Processing on the school’s instructions as processor; the school’s lawful basis applies (often public task or legitimate interests in education) |
| Transactional email and security | Performance of a contract and/or legitimate interests (Art. 6(1)(b)/(f) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
Schools remain responsible for choosing and documenting appropriate grounds for pupil data under local law.
5. Third-party services and sub-processors
We use providers under appropriate agreements, for example:
- AI and speech providers: to transcribe and analyse recordings and generate feedback. Content may be sent according to their data-processing terms. We do not permit use of your organisation’s content to train public-facing models for other customers unless separately agreed.
- Email and notifications: to send operational messages.
- Hosting and infrastructure: to store and process data in secure environments.
- Payments: to process card or bank payments.
We do not sell personal data to third parties for their marketing.
6. International transfers
Some providers may process data outside your country. Where required, we use safeguards such as Standard Contractual Clauses or equivalent mechanisms. You may request further information via your organisation or by contacting us.
7. Cookies and similar technologies
We use cookies and local storage as needed for sign-in, session security, and preferences. We do not use third-party advertising cookies on the Service. You can control cookies through browser settings; disabling essential cookies may prevent login.
8. Data retention
Retention depends on your organisation’s settings and our agreement, subject to law:
- Account data: while the account is active; deleted or anonymised within a reasonable period after closure unless law requires longer retention.
- Practice content: as configured by the organisation (for example term-based deletion) or until deleted by authorised users; removed after account termination according to contract.
- Logs and analytics: typically retained for a limited period then aggregated or deleted.
- Billing records: as required for tax and accounting law.
9. Your rights
Depending on your location, you may have rights to access, rectify, erase, restrict, or object to processing, data portability, and withdrawal of consent where processing is consent-based. Pupils and parents should usually contact the school first, as the school often holds the relationship with us. You may also contact hello@mokoapp.net and we will work with your organisation where appropriate. EEA/UK users may lodge a complaint with a supervisory authority.
10. Data security
We use measures such as encryption in transit (TLS), access controls, secure password storage, and monitoring. No system is perfectly secure; we will notify affected users and regulators where required by law in the event of a serious breach.
11. Automated analysis
The Service uses automated processing (including AI) to analyse speech and, where enabled, visual cues. Output supports practice and teaching; it is not intended as a sole basis for high-stakes decisions about a child without human review. Organisations can configure how results are used in line with their policies.
12. Children
The Service is designed for use in educational settings under organisational supervision. We do not knowingly allow sign-up by young children outside a school-managed arrangement. If you believe a child’s data was collected without proper authority, contact us and the relevant school so we can address it promptly.
13. Changes to this policy
We may update this policy and will change the “Last updated” date. Material changes may be notified by email or through the Service. Continued use after updates indicates acceptance where permitted by law.
14. Contact us
Privacy questions or requests:
Email: hello@mokoapp.net
Website: mokoapp.net
Questions about your data?
We’re here to help with privacy or data requests.