Privacy Policy

Mora is a private journaling app. Everything you write stays on your device — encrypted, local, and under your control. We do not collect your journal entries, your personal information, or your usage patterns. We have no servers that store your data. We run no analytics on you. Your words are yours alone.

Mora does not collect, transmit, or store any of the following:

• Journal entries, moods, tags, or writing streaks
• Photos or voice recordings you attach to entries
• Your name, email address, or any account credentials
• Device identifiers, IP addresses, or location data
• Usage analytics, session data, or behavioral telemetry
• Crash reports or diagnostic data sent to Mora

There are no user accounts. There is no login. There is no backend database that stores anything you write.

Mora stores the following data locally in a SQLite database on your device:

• Journal entries — content, mood, hashtags, word count, date, and any attached photo or audio file references
• Folders — names, colors, and icons you create to organise your entries
• Settings — your chosen theme, font, reminder time, privacy preferences, and other in-app options
• Streak and insight data — entry counts, word totals, and streak milestones calculated entirely on-device

Your encryption key is stored in the iOS Keychain (or the Android Encrypted Shared Preferences), separate from your journal data. This means even if someone accessed your device storage directly, the data would be unreadable without the key.

All sensitive data in the Mora database is encrypted using AES-256-CBC before it is written to disk. This includes entry content, mood, hashtags, and previews. Your encryption key is a 256-bit randomly generated value unique to your device, never shared with us.

Mora also supports the following optional security features:

• Biometric lock — Face ID or Touch ID (with device passcode fallback) to protect the app on open
• Auto-lock entries — individual entries can require authentication to view
• Screenshot prevention — optionally block screen capture and screen recording
• Decoy mode — a triple-tap on the lock screen displays scrambled dummy content to protect your privacy in sensitive situations
• Privacy cipher — optionally scrambles text in entry lists or throughout the app so content is unreadable to onlookers

Mora requests the following device permissions only when you use the relevant feature:

• Face ID / Touch ID — to protect your journal with biometric authentication
• Microphone — to record voice journal entries, which are saved locally on your device
• Photo library — to attach photos from your camera roll to journal entries
• Camera — to take photos directly within the app and attach them to entries
• Notifications — to send optional daily writing reminders at a time you choose. Reminders are handled entirely on-device and are suppressed automatically if you have already journaled that day

None of the data accessed through these permissions is transmitted off your device by Mora.

Mora gives you full ownership of your data through manual export tools. You can export your journal as:

• Encrypted backup (.mora file) — a password-protected file you create yourself, encrypted with a PBKDF2-derived AES-256 key (100,000 iterations). You control the password. Mora never sees it.
• Plain text — a readable file with your entries, dates, and moods
• PDF — a formatted document of your journal

All exports are initiated by you and shared through your device's native sharing sheet (Files app, email, iCloud Drive, etc.). Mora has no access to where you send them or what you do with them.

If you uninstall Mora, all data stored in the app sandbox is permanently deleted from your device. There is no cloud copy to recover from. We strongly recommend creating an encrypted backup before uninstalling.

Mora includes an optional Tip Jar — a way to support development if you find the app valuable. Tips are completely optional and are not required to access any app feature.

Tip purchases are processed by RevenueCat and your device's app store (Apple App Store or Google Play). When you make a tip:

• Payment is handled entirely by the app store and RevenueCat — Mora never receives your payment details
• RevenueCat may collect limited purchase transaction data as part of their payment infrastructure — see the RevenueCat Privacy Policy for details
• Your total lifetime tipped amount is stored locally on your device only

Tips are subject to the standard refund policies of the App Store or Google Play. Mora does not issue refunds directly.

Mora is not directed at children under 13. We do not knowingly collect any personal information from children. Because Mora collects no personal information from any user, there is no data about children for us to hold, use, or share.

If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically. Continued use of Mora after any changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy or how Mora handles data, please reach out at privacy@mora.app.