Privacy Policy
Last updated: February 21, 2026
Mora is built on one conviction: your thoughts are private. This policy explains precisely what data we handle and how — written plainly, not buried in legalese.
The short version
Mora is a private journaling app. Everything you write stays on your device — encrypted, local, and under your control. We do not collect your journal entries, your personal information, or your usage patterns. We have no servers that store your data. We run no analytics on you. Your words are yours alone.
What we don't collect
Mora does not collect, transmit, or store any of the following:
- Journal entries, moods, tags, or writing streaks
- Photos or voice recordings you attach to entries
- Your name, email address, or any account credentials
- Device identifiers, IP addresses, or location data
- Usage analytics, session data, or behavioral telemetry
- Crash reports or diagnostic data sent to Mora
There are no user accounts. There is no login. There is no backend database that stores anything you write.
Data stored on your device
Mora stores the following data locally in a SQLite database on your device:
- Journal entries — content, mood, hashtags, word count, date, and any attached photo or audio file references
- Folders — names, colors, and icons you create to organise your entries
- Settings — your chosen theme, font, reminder time, privacy preferences, and other in-app options
- Streak and insight data — entry counts, word totals, and streak milestones calculated entirely on-device
Your encryption key is stored in the iOS Keychain (or the Android Encrypted Shared Preferences), separate from your journal data. This means even if someone accessed your device storage directly, the data would be unreadable without the key.
Encryption and security
All sensitive data in the Mora database is encrypted using AES-256-CBC before it is written to disk. This includes entry content, mood, hashtags, and previews. Your encryption key is a 256-bit randomly generated value unique to your device, never shared with us.
Mora also supports the following optional security features:
- Biometric lock — Face ID or Touch ID (with device passcode fallback) to protect the app on open
- Auto-lock entries — individual entries can require authentication to view
- Screenshot prevention — optionally block screen capture and screen recording
- Decoy mode — a triple-tap on the lock screen displays scrambled dummy content to protect your privacy in sensitive situations
- Privacy cipher — optionally scrambles text in entry lists or throughout the app so content is unreadable to onlookers
Permissions we request
Mora requests the following device permissions only when you use the relevant feature:
- Face ID / Touch ID — to protect your journal with biometric authentication
- Microphone — to record voice journal entries, which are saved locally on your device
- Photo library — to attach photos from your camera roll to journal entries
- Camera — to take photos directly within the app and attach them to entries
- Notifications — to send optional daily writing reminders at a time you choose. Reminders are handled entirely on-device and are suppressed automatically if you have already journaled that day
None of the data accessed through these permissions is transmitted off your device by Mora.
Backups and exports
Mora gives you full ownership of your data through manual export tools. You can export your journal as:
- Encrypted backup (.mora file) — a password-protected file you create yourself, encrypted with a PBKDF2-derived AES-256 key (100,000 iterations). You control the password. Mora never sees it.
- Plain text — a readable file with your entries, dates, and moods
- PDF — a formatted document of your journal
All exports are initiated by you and shared through your device's native sharing sheet (Files app, email, iCloud Drive, etc.). Mora has no access to where you send them or what you do with them.
If you uninstall Mora, all data stored in the app sandbox is permanently deleted from your device. There is no cloud copy to recover from. We strongly recommend creating an encrypted backup before uninstalling.
Optional tips and purchases
Mora includes an optional Tip Jar — a way to support development if you find the app valuable. Tips are completely optional and are not required to access any app feature.
Tip purchases are processed by RevenueCat and your device's app store (Apple App Store or Google Play). When you make a tip:
- Payment is handled entirely by the app store and RevenueCat — Mora never receives your payment details
- RevenueCat may collect limited purchase transaction data as part of their payment infrastructure — see the RevenueCat Privacy Policy for details
- Your total lifetime tipped amount is stored locally on your device only
Tips are subject to the standard refund policies of the App Store or Google Play. Mora does not issue refunds directly.
Children's privacy
Mora is not directed at children under 13. We do not knowingly collect any personal information from children. Because Mora collects no personal information from any user, there is no data about children for us to hold, use, or share.
Changes to this policy
If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of Mora after any changes constitutes acceptance of the updated policy.
Contact
If you have questions or concerns about this Privacy Policy or how Mora handles data, please reach out at privacy@mora.app.