Compliance via
Architecture.
We don't need complex legal loopholes to explain how we handle your data.
We simply don't have it.
GDPR & CCPA
Data Sovereignty: Under GDPR, moving data across borders requires legal safeguards. With Mojodocs, your data never crosses a border because it never leaves your device.
Right to Erasure: There is no database to delete from. Closing the browser tab is the ultimate hard delete.
HIPAA
PHI Handling: Protected Health Information (PHI) requires encryption in transit and at rest.
Since Mojodocs doesn't transmit PHI, "in transit" encryption is moot. The data resides in your device's memory, inheriting the security of your local machine (e.g., FileVault, BitLocker).
SOC-2 Type II
Vendor Risk: Traditional vendors need SOC-2 to prove they manage your data safely.
Mojodocs reduces the scope of a vendor assessment. We are a software provider, not a data processor. Our "architecture" is static code delivery.
Why GDPR is inherently satisfied
The core premise of GDPR is user consent and data minimization. Most companies struggle because they collect data by default. Mojodocs is built on a Zero-Data architecture. We physically cannot collect your files. Therefore, we are compliant by default—not by policy, but by physics.
Why HIPAA is easier with Local-First
HIPAA compliance is usually about securing the "chain of custody." When you use a cloud tool, you extend that chain to a third party (us). With Mojodocs, the chain never extends. You are processing the file on the same device where it was created/stored. If your laptop is HIPAA compliant, using Mojodocs on it keeps it compliant.
What "SOC-2 Compatible" means
It means our architecture naturally aligns with the Security and Confidentiality principles of SOC-2. Since we treat all user input as ephemeral (temporary) RAM data, we eliminate the risks associated with data retention, backup failures, and unauthorized database access.