Legal

Privacy Policy

Effective May 18, 2026

We respect your privacy. This page explains, in plain language, what data Mosra collects, why we collect it, who we share it with, and the controls you have.

Contents

1. Scope2. Data we collect3. How we use your data4. AI features5. Cookies and similar technologies6. Third-party processors7. Data retention8. Your rights9. International transfers10. Children11. Security12. Changes to this policy13. Contact

1. Scope

This Privacy Policy explains how MosraTech Inc. ("Mosra", "we", "us") processes personal data when you visit mosra.app or use the Mosra web, desktop, and mobile applications ("Services").

It applies to visitors, registered users, and people invited to view presentations or take a quiz assignment.

2. Data we collect

We collect only what is needed to operate the Services:

  • Account data: email address, display name, password hash, profile picture (if you upload one).
  • Content you create: presentations, quizzes, classes, uploaded media, and chat with AI assistants.
  • Usage data: device type, browser, IP address, pages visited, features used, and crash reports.
  • Participant data: when you take a quiz assignment, we store your nickname or email, answers, and score for the duration of the assignment and any saved report.

3. How we use your data

We use data to provide and improve the Services, including:

  • Authenticating you and syncing your work across devices.
  • Rendering presentations and tallying quiz responses in real time.
  • Sending transactional email (password resets, receipts, session invites).
  • Detecting abuse, debugging, and improving reliability.
  • Sending product updates if you have opted in.

We do not sell personal data. We do not train third-party AI models on your content.

4. AI features

When you use AI features (slide generation, chat, image generation), your prompts and the relevant content are sent to our AI providers (currently Anthropic and OpenAI) under enterprise zero-retention agreements. Providers process the data only to return a response and do not retain or train on it.

You can disable AI features in account settings at any time.

5. Cookies and similar technologies

We use a small number of cookies and localStorage entries:

  • Essential — authentication session, CSRF token, color scheme, language. Always on.
  • Analytics — anonymized usage analytics to understand which features are used. Off by default in regions that require consent; you can change this in the cookie banner.
  • Preferences — remembered choices such as which side panel was last open in the editor.

6. Third-party processors

We share data with a limited set of vetted processors:

  • Cloudflare — hosting, DDoS protection, edge caching.
  • Anthropic / OpenAI — AI inference (zero retention).
  • Resend — transactional email delivery.
  • PostHog (self-hosted) — product analytics.

We don't process payments yet — Mosra is in open beta and entirely free. When paid plans launch, our payment processor will be added here in advance.

Each processor is bound by a Data Processing Agreement and processes data only on our instructions.

7. Data retention

Account and content data is retained while your account is active. If you delete your account, we erase your content within 30 days, except for invoices and audit logs we are legally required to keep (up to 7 years).

Quiz attempt data is retained for as long as the assigning teacher keeps the report; participants may request earlier deletion via that teacher.

8. Your rights

Depending on where you live, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent to optional processing at any time.

Email privacy@mosra.app to exercise any of these rights. We respond within 30 days.

9. International transfers

Mosra is operated from Vietnam with infrastructure on Cloudflare's global network. When data is transferred outside your country, we rely on Standard Contractual Clauses and equivalent safeguards.

10. Children

Students under 13 (or the equivalent age in your country) may use Mosra only through a teacher or parent account. Teachers are responsible for obtaining parental consent and for the content shared with their classes. We do not knowingly collect personal data directly from children outside this arrangement.

11. Security

We encrypt data in transit (TLS 1.2+) and at rest. Access to production systems is restricted to a small number of engineers and audited. We run regular vulnerability scans and patch quickly.

No system is perfectly secure. If you believe you have found a vulnerability, please email security@mosra.app.

12. Changes to this policy

We will post material changes on this page and, where appropriate, notify you by email. The "Effective" date at the top reflects the latest revision.

13. Contact

Data controller: MosraTech Inc., Hanoi, Vietnam.

For privacy questions: privacy@mosra.app.

For security reports: security@mosra.app.

Questions?

Email privacy@mosra.app or use our contact form.