Privacy Policy
Last updated:
1. Introduction
Welcome to Moth (“we,” “our,” or “us”), published by Inolab. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the “Service”).
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.
2. Interpretation and Definitions
2.1 Interpretation
Capitalized terms used throughout this document carry the specific meanings defined below, whether appearing in singular or plural form.
2.2 Definitions
- Account means a unique account created for you to access our Service or parts of our Service.
- Application refers to Moth, the mobile application provided by us.
- Device means any smartphone, tablet, or similar electronic equipment used to access the Service.
- Personal Data is any information that relates to an identified or identifiable individual.
- Reading Data means the information you record within the Service about your reading activity, including books in your library, reading sessions, streaks, completion status, ratings, notes, captured quotes, and challenge progress.
- Service refers to the Application and all related features and content.
- Service Provider means any third-party company or individual employed by us to facilitate the Service, perform services related to the Service, or assist in analyzing how the Service is used.
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.
- You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
3. Information We Collect
3.1 Information You Provide Directly
When you create an account or use our Service, you may provide us with:
- Account Information: Email address and display name used during registration.
- Profile Information: Profile picture, if you choose to add one.
- Reading Data: Books added to your library (including title, author, and cover metadata pulled from third-party book data providers), reading sessions recorded by the in-app timer, reading streaks, completion status, ratings, and notes you choose to save.
- Captured Quotes: The text of quotes you save from the books you are reading. When you use the quote capture feature to photograph a page, text recognition (OCR) is performed entirely on your device using on-device text recognition. The underlying photograph is not transmitted to our servers or to any third party. Only the resulting text that you confirm and save is synced to your account.
- Reading Challenges: Goals you set and the progress you make toward them.
- Share Cards: Completion cards, weekly mini-wraps, and other visual recaps are composed on your device from your Reading Data. We do not store the rendered images on our servers unless you explicitly save them to your account for cross-device access.
- Purchase Information: Records of your subscription tier, entitlement status, and transaction history. Payment details (card numbers, billing addresses) are processed and stored by the Apple App Store, the Google Play Store, and our subscription management partner, and are never stored on our servers.
3.2 Information from Third-Party Authentication
If you choose to sign up or log in using a third-party authentication provider, we may receive the following information:
- Google Sign-In: Name, email address, and profile picture.
- Apple Sign-In: Name and email address (you may choose to hide your email using Apple’s private relay service).
We only request the minimum information necessary for account creation. We do not access your contacts, photos, posts, or other data from these authentication providers beyond what is listed above.
3.3 Information Collected Automatically from Your Device
When you use our Service, we may automatically collect:
- Device Information: Device type, model, operating system and version, screen resolution, language, and unique device identifiers.
- Usage Data: Features used, timer activity, number of books and quotes added, sessions, screens viewed, and interaction patterns.
- Log Data: IP address, access times, app crash reports, and error logs.
- Network Information: Connection type (Wi-Fi or cellular) for optimizing sync performance.
3.4 Device Permissions
The Service may request the following device permissions:
- Camera: Used to capture photos of book pages so that on-device OCR can extract quote text. Images are not uploaded to our servers.
- Photo Library: Used to let you pick an existing photo for quote capture or set a custom profile picture.
- Notifications: Used to remind you about your reading streak, weekly wrap availability, and challenge progress. You can disable notifications at any time in your device settings.
You may grant or revoke each of these permissions at any time in your device settings.
4. How We Use Your Information
We use the information we collect for the following purposes:
- Provide and Maintain the Service: To operate core features including the reading timer, streaks, stats dashboard, quote library, reading challenges, and share card generation.
- Sync Your Reading Data: To keep your library, sessions, quotes, and progress consistent across your devices and recoverable if you reinstall the app.
- Account Management: To create, authenticate, and manage your account.
- Personalize Your Experience: To surface relevant stats, suggest goals, and tailor the app experience to your reading habits.
- Process Transactions: To manage subscription purchases, apply entitlements (such as watermark removal and premium templates), and deliver free trials where available.
- Security and Fraud Prevention: To protect against abuse, unauthorized access, and fraudulent activity, including enforcement of our Terms of Service.
- Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve the overall quality and performance of our Service.
- Customer Support: To respond to your inquiries, troubleshoot issues, and provide assistance.
- Communications: To send you important updates about the Service, including changes to features, policies, or terms.
5. How We Share Your Information
We do not sell your personal information. We may share your information only in the following circumstances:
5.1 Service Providers
We use trusted third-party service providers to help us operate our Service. These providers are contractually obligated to protect your information and may only use it to perform services on our behalf:
- Convex: Database hosting for your account and Reading Data, including your book library, reading sessions, streaks, quotes, and challenge progress.
- Better Auth: Authentication infrastructure, used to securely manage sign-in sessions and access tokens for your account.
- Cloudflare: Backend orchestration via Cloudflare Workers and media storage via Cloudflare R2, used for profile pictures and cached book cover imagery.
- RevenueCat: Subscription and in-app purchase management. RevenueCat processes and manages your subscription status and entitlements.
- PostHog: Product analytics and usage tracking to help us understand how the app is used and improve the experience.
- Authentication Providers: Google and Apple, for secure account authentication.
- Book Data Providers: Third-party services that supply book metadata (title, author, cover, ISBN). When you search for or add a book, queries for that book are sent to these providers so we can return matching results.
5.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, prevent fraud, or respond to a government request.
5.3 Business Transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption: Data is encrypted in transit (TLS/SSL) and at rest.
- Access Controls: Our database is configured so that each user can only access their own data. Authentication tokens and API keys are securely managed by Better Auth.
- On-Device Processing: Sensitive operations such as text recognition for quote capture run entirely on your device, so photographs of book pages never leave your phone.
- Infrastructure Security: Our backend services leverage Cloudflare’s security infrastructure, including DDoS protection and rate limiting.
- Regular Assessments: We conduct ongoing security reviews of our systems and third-party integrations.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
7. Your Reading Data, Quotes, and Share Cards
Because the Service revolves around your reading life, we want to be transparent about how this information is handled:
- On-Device OCR: When you photograph a page to capture a quote, text recognition is performed locally on your device. The photograph itself is not transmitted to our servers or to any third party. Only the text you confirm and save is synced to your account.
- Sync: Your books, reading sessions, streaks, stats, quotes, and challenge progress are stored in Convex and associated with your account so that your data is available across your devices and recoverable if you reinstall the app.
- Share Cards: 9:16 completion cards, weekly mini-wraps, and other visual recaps are generated on your device from your Reading Data. When you choose to share a card outside the app using your device’s share sheet, the resulting image is handed off to the destination app or service you select, and its handling is governed by that destination’s own policies.
- Watermarks: Share cards generated on the free tier include a small Moth watermark. Upgrading to Premium removes the watermark. Watermarks do not contain personally identifying information about you.
- No Training Use: Your Reading Data, quotes, photographs, and share cards are not used to train artificial intelligence models.
- Deletion: When you remove a book, quote, challenge, or your account, the associated data is removed from our storage within 30 days.
8. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with the Service. Specifically:
- Account Data: Retained for the duration of your active account.
- Reading Data, Quotes, and Challenges: Retained while your account is active and accessible in the app.
- Usage and Analytics Data: Generally retained in anonymized or aggregated form for internal analysis.
- Transaction Records: Retained as required for financial record-keeping and legal compliance.
If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or legitimate business purposes.
9. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information and Reading Data.
- Data Portability: Request a copy of your data in a structured, machine-readable format.
- Restriction: Request restriction of processing in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw Consent: Withdraw consent at any time where processing is based on your consent.
To exercise any of these rights, please contact us using the details provided in Section 14. We will respond to your request within 30 days.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:
- The right to know what personal information we collect and how it is used.
- The right to request deletion of your personal information.
- The right to opt out of the sale or sharing of your personal information (we do not sell or share your personal information).
- The right to correct inaccurate personal data.
- The right to limit the use or disclosure of sensitive personal data.
- The right to non-discrimination for exercising your privacy rights.
To submit a request, please contact us using the details in Section 14. We will verify your identity before processing your request.
11. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal bases: performance of our contract with you, our legitimate interests (such as security and fraud prevention), compliance with legal obligations, or your consent.
You have the rights described in Section 9 above, plus the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
Your information may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.
12. Children’s Privacy
Our Service is not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you are a parent or guardian and you believe your child has provided us with Personal Data, please contact us immediately. If we become aware that we have collected Personal Data from a child without appropriate consent, we will take steps to remove that information from our servers.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy within the app and updating the “Last Updated” date at the top of this document. Where required by law, we will notify you via email or a prominent in-app notice before any significant changes take effect.
Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
- Email: [email protected]