User Privacy Policy

Switch to french version
Copyright © 2026, moka.care, all rights reserved
Respect for privacy is a fundamental right and one of the core values of moka.care. We build strong and lasting relationships with our clients, partners, users, and team members, based on mutual trust.

Ensuring the security and confidentiality of the personal data of users of our websites and other applications is therefore a priority for us. When you use the www.moka.care website (the “Website”), our Moka.care platform (the “Solution”), as well as our features integrated into Slack and Microsoft Teams, we may collect personal data about you. The purpose of this policy is to inform you about how we process this data.
1. Purpose of this privacy policy and identity of the data controller
When you use the Website, our Solution, and the services subscribed to by your employer, personal data relating to you is processed. In this context, Moka Care, a simplified joint-stock company (SAS) registered with the Paris Trade and Companies Register under number 883 203 887, with its registered office at 6 rue Saint Sabin, 75011 Paris (hereinafter “Moka Care”), acts as the data controller.
2. Description of the services

The Solution is a support platform for employees and collaborators of our clients that allows them to book appointments with coaches and psychologists (the “Practitioner”).

We offer the following services:

  • Individual support sessions with a Practitioner
  • Group sessions facilitated by a Practitioner
  • Access to digital content and programs
  • Access to a training program through e-learning modules available directly via an integration with Slack or Microsoft Teams (the “Félix Tool”)

Your employer may also subscribe to our psychosocial risk audit services (“RPS Audits”). In this context, you may be asked to:

  • Complete a digital questionnaire
  • Take part in one or more interviews with a Practitioner

3. What personal data do we collect?

Personal data is data that makes it possible to identify an individual directly or by combining it with other data.

We collect data that falls into the following categories:

  • Identification data: last name, first name, work email address, age range, gender, photo
  • Professional data: position, company, team, length of service
  • Appointment-related data: dates and times of appointments, the Practitioner involved, selected themes, keyword chosen by the Practitioner to describe mood
  • Connection data: IP address, connection logs

When creating an account on our Solution, you may log in using a third-party authentication service. In this case, certain personal data such as your name, surname, and email address may be retrieved from these services. By choosing this option, you agree that the service will provide this data to us.

As an exception, when logging into the Solution via SSO technology, Moka Care will not access or collect your account password.

We may also collect data relating to your physical and or mental health:

  • As part of an orientation or support call: this data is collected only with your explicit consent, obtained via the checkbox available when you create your account.
  • As part of RPS Audits: this data is collected only with your explicit consent, obtained via the checkbox at the bottom of the RPS Audit questionnaire.

Mandatory data is indicated when you provide your data. It is necessary in order to provide you with our services.

4. Legal bases, purposes, and retention periods
Purposes Legal basis Retention periods
Provide our services available on the Solution (individual support, group sessions, digital content) Performance of the contract entered into between the User and Moka Care. For the lifetime of the account. Inactive account for 2 years → deletion. Probative archiving: 5 years.
Provide our RPS Audit services Consent 1 year from collection, then anonymized retention.
Provide access to the Félix tool Performance of the contract For the duration of use. Inactivity for 2 years → deletion.
Create a clients/prospects file Legitimate interest Clients: for the duration of the contractual relationship. Prospects: 3 years from the last contact.
Process your order, customer management (contracts, orders, invoices) Performance of the contract For the duration of the contractual relationship. Probative archiving (excluding bank details): 5 years.
Send newsletters, solicitations and promotional messages Legitimate interest 3 years from the last contact.
Respond to your information requests Legitimate interest Time necessary to process the request.
Comply with legal obligations Legal and regulatory obligations Invoices: 10 years. Transaction data (excluding bank details): 5 years.
Manage data subject rights requests Legal and regulatory obligations Identity document: deleted after verification. Right to object to prospecting: 3 years.
5. Who are the recipients of the data?

The following may have access to your personal data:

  • Our company staff
  • Our subprocessors: hosting provider, CRM provider, email sending provider, cookie management tool, advertising networks
  • As part of the Félix Tool: Slack Technologies Limited (Dublin, Ireland) and Microsoft Ireland Operations Limited (Dublin, Ireland)
  • Our Practitioners, who act as independent data controllers
  • Audit and oversight services (statutory auditor), public authorities, legal auxiliaries, ministerial officers

The only data shared with your employer is anonymized data provided as statistics by topic. No details about identity or the content of appointments are shared.
6. Transfers outside the European Union

Your data is stored on the servers of Amazon Web Services (Germany and France).

As part of the tools used, your data may be transferred outside the EU, secured by:

  • European Commission adequacy decision (Article 45 GDPR)
  • Appropriate safeguards (Article 46 GDPR): standard contractual clauses, binding corporate rules, approved certification mechanism
  • Other appropriate safeguards described in Chapter V of the GDPR

7. What are your rights regarding your data?

You have the following rights:

  • Right to information: the subject of this policy
  • Right of access: access all of your data at any time
  • Right to rectification: correct inaccurate, incomplete, or outdated data
  • Right to restriction: obtain restriction of processing (Art. 18 GDPR)
  • Right to erasure: request deletion of your data and prohibit any future collection
  • Right to lodge a complaint with the CNIL (French data protection authority)
  • Right to define instructions regarding the retention, deletion, and communication of your data after your death
  • Right to withdraw consent at any time (Art. 7 GDPR)
  • Right to data portability: receive your data in a machine-readable format (Art. 20 GDPR)
  • Right to object to processing of your data
8. Contact point
  • Email : dpo@moka.care
  • Address : Moka Care, 6 rue Saint Sabin, 75011 Paris
9. Changes

We may amend this policy at any time. These changes will apply from the effective date of the amended version. We will inform you of any significant changes.

Effective date: 01/01/2026

Cookie management

1. What is a cookie?

When you browse the Website, information relating to your device and certain actions may be stored in text files called “cookies” placed in your browser. These cookies are mainly used to optimize your use of the Website.

2. Purposes of cookies
a. Technical cookies

Technical cookies ensure the Website functions properly and do not require your consent.

Strictly necessary cookies

Cookie name Purpose Duration
ForceFlashSite Display non-mobile version Session
hs Security Session
smSession Identify logged-in members 2 weeks
XSRF-TOKEN Security Session
TS* Security Session

Functional cookies

Cookie name Purpose Duration
svSession Unique visitor identification 18 months
SSR-caching Indicates how a site is rendered Session
smSession Identify logged-in members 2 weeks
b. Cookies requiring your consent

Audience measurement cookies

Cookie name Purpose Duration
_ga Distinguish users 2 years
_gid Distinguish users 24 hours
_gat Reduce request rate 1 minute
AMP_TOKEN AMP Client ID retrieval 30 sec – 1 year
__utma Distinguish users and sessions 2 years
__utmt Reduce request rate 10 minutes
__utmb New sessions/visits 30 minutes
__utmc urchin.js interoperability End of session
__utmz Traffic source / campaign 6 months
__utmv Custom variable data 2 years
3. Your cookie preferences
  • Technical cookies: placed without consent and necessary for the Website to function
  • Other cookies: require your express consent during your first visit. Your choices are stored for 6 months.
  • You may withdraw your consent at any time or configure your browser to enable and or disable cookies.
4. Cookie contact

For any questions: dpo@moka.care

Moka.Care n’est pas un service d’urgence.
En cas d’urgence, contactez le 15.
La certification qualité a été délivrée au titre de la catégorie d'action suivante :
ACTIONS DE FORMATION
Télécharger le certificat
logo accessibilitélogo accessibilité
A propos
SolutionsCas d'usageExpertiseNous connaîtreNous rejoindreRessourcesRejoindre le réseau de praticiens
Nous rencontrer
Notre newsletter
Nous contacter
Notre adresse :
6 rue St-Sabin
75011 Paris
Se connecter
Espace membreEspace praticien
CGUCharte de confidentialitéCharte de déontologieMentions légales