Privacy Policy

1. Introduction

This Privacy Policy explains how Mosha ("we", "us", "our") collects, uses, and protects information about you when you use the Service. By using Mosha, you agree to this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information you provide

• Account data. When you sign in with Google, we receive your name, email address, and profile picture from Google.
• Chat prompts. The text prompts you submit to generate motion graphics are stored so you can revisit your chat history.
• Payment data. Billing and payment information is processed by Stripe. We store only a Stripe customer ID and subscription metadata — we never see or store your raw card details.

Information collected automatically

• Usage data. We log actions such as AI generation requests, exports, and point transactions for billing accuracy and fraud prevention.
• Session data. Standard session tokens are stored to keep you signed in across requests. These are server-side and not accessible to third-party scripts.
• Analytics. We may collect aggregated, anonymised analytics (page views, feature usage) to improve the product.

3. How We Use Your Information

• To deliver the core Service (AI generation, Remotion rendering, export);
• To manage your account, subscription, and points balance;
• To process payments and send billing receipts via Stripe;
• To detect and prevent fraud, abuse, or Terms of Service violations;
• To improve and develop the Service based on usage patterns;
• To contact you with important account or service updates (not marketing unless you opt in).

4. Third-Party Services

We use the following third-party services, each of which has its own privacy policy:

Your prompts are sent to the Zenmux / MiniMax AI API for processing. Please avoid including personally sensitive information in your generation prompts.

5. Data Retention

• Account and chat data is retained for as long as your account is active. You may request deletion at any time (see Section 7).
• Exported video files on Cloudflare R2 are automatically deleted 3 hours after generation.
• Billing records may be retained for up to 7 years for tax and compliance purposes.
• Server logs are retained for up to 90 days for debugging and security purposes.

6. Security

We use industry-standard practices to protect your data: HTTPS for all traffic, server-side session management, secrets management via environment variables, and access controls on our database. However, no system is completely secure and we cannot guarantee absolute security.

7. Your Rights

You have the right to:

• Access the personal data we hold about you;
• Correct inaccurate data;
• Delete your account and associated data — contact us and we will process your request within 30 days;
• Export your chat history and profile data in a machine-readable format (available on request);
• Object to processing where it relies on legitimate interests.

To exercise any of these rights, email us at [email protected].

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with their data, please contact us and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after the effective date constitutes acceptance.

10. Contact

Questions or concerns about this Privacy Policy? Email us at [email protected].