Skip to content
होमWebऐप सेटदस्तावेज़परिचय
🌐 Auto English 简体中文 繁體中文 Español Français Русский العربية Português Deutsch 日本語 한국어 हिन्दी

प्रभावी तिथि: 2026-08-05 · संस्करण: 2.0

Privacy Policy for Moraya

Moraya is a local-first Markdown editor and knowledge workspace: your writing, your keys, your AI — on your device. This Privacy Policy explains what data Moraya handles, where it lives, and which third parties are involved — across every platform we ship.

By using Moraya, you agree to the practices described in this policy.

Summary

1. Scope and Platforms

This policy covers the Moraya product family:

PlatformDistributionSource code
Moraya Desktop (macOS, Windows, Linux)Direct download, HomebrewOpen source (Apache-2.0)
Moraya Web (PWA at app.moraya.app)BrowserProprietary
Moraya Mobile (iOS, Android)App Store, Google PlayProprietary
@moraya/core (shared editor engine)npmOpen source (GPL-3.0)

Sections below are marked with the platforms they apply to. Visiting our website (moraya.app) or GitHub repositories is governed by those services’ own policies.

2. What Moraya Does NOT Collect

3. Local Data Storage (all platforms)

Moraya is local-first. Without any account or configuration:

Local logs (if any) stay on your device and are never transmitted unless you choose to share them when reporting a bug.

4. Optional Cloud Account: Picora (Desktop, Web, Mobile — opt-in)

Moraya works fully without an account. You may optionally connect a Picora account (api.picora.me) for cloud features:

Picora is operated as a separate service with its own privacy policy, available at picora.me.

5. End-to-End Encryption (Web, Mobile — opt-in)

When you enable encryption on Moraya Web or Mobile:

6. AI Features — Bring Your Own Key (all platforms — opt-in)

Moraya’s AI assistance is disabled until you configure a provider and your own API key.

We do not store, log, or have any ability to access your AI conversations.

7. Bring Your Own Cloud Storage (opt-in)

Files stored with these providers are governed by their respective policies. Moraya keeps no copies.

8. Voice Features (Desktop cloud transcription — opt-in; Mobile — on-device)

9. Publishing and Git (Desktop, Web — opt-in)

10. MCP Servers (Desktop, Web — opt-in)

Moraya can connect to Model Context Protocol (MCP) servers to extend AI capabilities:

11. Mobile Device Permissions (Mobile — each opt-in at the OS level)

12. Account, Subscription and Billing (Web, Mobile — opt-in)

If you subscribe to a paid plan:

13. Your Rights and Data Control

14. App Updates (Desktop)

Update checks download release information and installers directly from GitHub Releases. No identifying information, version pings, or usage data are sent by Moraya.

Documents may embed images, videos, or iframes from remote URLs. When rendered, those resources load directly from their source, and the external site may see your request metadata (IP address, user agent). Links you click open outside Moraya; external sites have their own policies.

16. Open Source and Auditability

17. Security

Sensitive credentials are kept in OS-native secure storage (Desktop) or browser storage scoped to your device (Web/Mobile); all external communication is authenticated on-device before it leaves your machine. No method of storage or transmission is 100% secure — please protect your device, your passphrase, and the API keys you configure. Report vulnerabilities to [email protected].

18. Children’s Privacy

Moraya is not intended for users under 13 (16 in the EU). We do not knowingly collect personal information from children; contact us if you believe a child has provided data through a Picora account.

19. Changes to This Policy

We will post updates on moraya.app and, for material changes affecting account holders, notify in-app and by email at least 30 days before they take effect. The English version of this policy is authoritative; translations are provided for convenience.

Thank you for using Moraya.