Privacy & trust

Built for readers, engineered for compliance.

This policy explains how Moreh Books collects, uses, shares, and protects information across the catalog, book clubs, UploadThing-powered tools, and TRPC APIs.

Ask privacy team Review terms

Encryption: TLS 1.3
Data centers: 3 regions
DPA coverage: EU · UK · US

Security layered in

We encrypt data in transit and at rest, rotate keys, and isolate production workloads from test environments.

Device-level privacy

Reader streaks, annotations, and downloaded files stay on-device unless you opt in to cloud backup.

Minimal analytics

We capture aggregated engagement trends—never the content of your books, chats, or annotations.

Compliance ready

SOC 2 controls are in flight, and our DPA aligns with GDPR, NDPR, and Ghana’s Data Protection Act.

Policy

1. Information we collect

We collect only what we need to deliver personalized libraries: account info, purchase history, device identifiers, and optional profile data like avatars or preferred genres.

Sensitive payment data is handled by PCI-compliant processors; Moreh Books never sees raw card numbers.
Audio recordings from Book Chat sessions are never used to train external models without consent.
We log anon telemetry (feature usage, crash diagnostics) to improve performance.

Policy

2. How data is used

Data powers recommendations, reading goals, support, author royalties, and fraud prevention.

We do not sell personal data or run third-party ad networks.
Club moderators only see usernames, not billing details.
Aggregated insights shared with authors never include private annotations or messages.

Policy

3. Sharing & third parties

We share limited data with vendors who help us run payment, storage, analytics, and support operations—and only under strict contracts.

UploadThing stores media securely with expiring URLs.
Supabase, Redis, and Stripe act as processors under our DPA.
Law enforcement requests are vetted for validity and must include proper documentation.

Policy

4. Your choices & controls

Privacy settings live inside your profile: export data, delete content, disable analytics, or request account closure at any time.

Account deletion removes identifiers within 30 days unless legal obligations require retention.
Email preferences include separate toggles for marketing, product updates, and community digests.
Workspace admins can configure retention policies for school deployments.

Detailed privacy controls

Your privacy rights

Export, delete, or audit your data at any moment.

Head to Settings → Privacy to trigger an export, submit a deletion request, or review previous data access logs. Our privacy team responds within 72 hours.

Open privacy settings Email DPO

Privacy & trust

Built for readers, engineered for compliance.

This policy explains how Moreh Books collects, uses, shares, and protects information across the catalog, book clubs, UploadThing-powered tools, and TRPC APIs.

Ask privacy team Review terms

Encryption: TLS 1.3
Data centers: 3 regions
DPA coverage: EU · UK · US

Security layered in

We encrypt data in transit and at rest, rotate keys, and isolate production workloads from test environments.

Device-level privacy

Reader streaks, annotations, and downloaded files stay on-device unless you opt in to cloud backup.

Minimal analytics

We capture aggregated engagement trends—never the content of your books, chats, or annotations.

Compliance ready

SOC 2 controls are in flight, and our DPA aligns with GDPR, NDPR, and Ghana’s Data Protection Act.

Policy

1. Information we collect

We collect only what we need to deliver personalized libraries: account info, purchase history, device identifiers, and optional profile data like avatars or preferred genres.

Sensitive payment data is handled by PCI-compliant processors; Moreh Books never sees raw card numbers.
Audio recordings from Book Chat sessions are never used to train external models without consent.
We log anon telemetry (feature usage, crash diagnostics) to improve performance.

Policy

2. How data is used

Data powers recommendations, reading goals, support, author royalties, and fraud prevention.

We do not sell personal data or run third-party ad networks.
Club moderators only see usernames, not billing details.
Aggregated insights shared with authors never include private annotations or messages.

Policy

3. Sharing & third parties

We share limited data with vendors who help us run payment, storage, analytics, and support operations—and only under strict contracts.

UploadThing stores media securely with expiring URLs.
Supabase, Redis, and Stripe act as processors under our DPA.
Law enforcement requests are vetted for validity and must include proper documentation.

Policy

4. Your choices & controls

Privacy settings live inside your profile: export data, delete content, disable analytics, or request account closure at any time.

Account deletion removes identifiers within 30 days unless legal obligations require retention.
Email preferences include separate toggles for marketing, product updates, and community digests.
Workspace admins can configure retention policies for school deployments.

Detailed privacy controls

Your privacy rights

Export, delete, or audit your data at any moment.

Head to Settings → Privacy to trigger an export, submit a deletion request, or review previous data access logs. Our privacy team responds within 72 hours.

Open privacy settings Email DPO

Built for readers, engineered for compliance.

Security layered in

Device-level privacy

Minimal analytics

Compliance ready

1. Information we collect

2. How data is used

3. Sharing & third parties

4. Your choices & controls

Detailed privacy controls

International transfers

Children & classrooms

AI and personalization

Export, delete, or audit your data at any moment.

Built for readers, engineered for compliance.

Security layered in

Device-level privacy

Minimal analytics

Compliance ready

1. Information we collect

2. How data is used

3. Sharing & third parties

4. Your choices & controls

Detailed privacy controls

International transfers

Children & classrooms

AI and personalization

Export, delete, or audit your data at any moment.