Moun — Privacy & Security Policy
Last updated: 07/13/2026
This Privacy & Security Policy explains how Zima LLC ("Zima," "we," "us," or "our") collects, uses, shares, and protects your information when you use the Moun mobile application and website at moun.app (the "Service"). It also describes the security measures we apply and the choices you have.
By using Moun, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.
1. Who We Are
Moun is a personal memory and productivity application that lets you capture notes by voice, text, and photo; set smart and location-based reminders; keep a searchable journal; and ask an AI assistant questions about your own saved content. The Service is operated by Zima LLC.
2. Information We Collect
We collect the following categories of information:
a) Account information. When you sign up — through Sign in with Google, Sign in with Apple, or an email address and password — we receive your email address, name, and a profile identifier so we can create and secure your account. When you use a third-party sign-in, we do not receive your password for that provider.
b) Content you create ("User Content"). This includes the notes, text, voice recordings and their transcriptions, images and photos, reminders, tasks, journal entries, and folders you create or upload in Moun. It also includes the messages you send to the in-app AI assistant.
c) AI-derived metadata. To make your content searchable and to let the assistant respond helpfully, Moun automatically generates metadata such as short context "hints," categories, extracted entities (for example, names, amounts, or dates you mention), text descriptions of images, and numerical vector representations ("embeddings"). This metadata is derived from your User Content and stored with your account.
d) Chat and search history. We store your conversations with the AI assistant and your search history within the app so the assistant can maintain context and give you more relevant, personalized responses over time. You can delete this history from within the app.
e) Location information. If you enable location-based reminders (geofencing) or place search, we process your device location to trigger reminders at the right place and to help you save locations. We store two kinds of places: (i) saved locations you register (for example, "Home" or "Work"), which we keep so you can view and manage the places you have set up; and (ii) temporary locations used for one-off reminders (for example, "remind me when I get to X place"), which are automatically deleted 48 hours after they are used. You control location access through your device's location permissions.
f) Calendar information (optional). If you choose to connect Google Calendar, we access your calendar events and related data to display and sync them within Moun, using the permissions (scopes) you grant. This is described in more detail in Section 6.
g) Device, usage, and diagnostic information. We collect limited technical information such as device type and identifier, operating system, app version, and language, along with product-interaction data (how features are used within the app) and diagnostic data (such as error and performance logs) to operate, secure, troubleshoot, and improve the Service.
h) Payment information. Subscriptions are processed by the Apple App Store or Google Play Store. Those platforms handle your payment details; we receive only confirmation of your subscription status, not your full payment card information.
3. How We Use Your Information
We use your information to:
Create, authenticate, and secure your account;
Store your notes, reminders, images, and other content and make them available across your sessions;
Transcribe your voice input into text;
Organize, classify, and index your content so you can search it using natural language;
Provide AI-assisted answers about your own saved content and personalize the assistant's responses to you;
Trigger time-based and location-based reminders;
Display and, where enabled, sync your calendar events;
Provide customer support and respond to your requests;
Understand how the Service is used, in aggregate, so we can improve it;
Maintain security, prevent fraud and abuse, and comply with legal obligations;
Operate, troubleshoot, and improve the Service.
We do not sell your personal information, we do not use your private content to serve third-party advertising, and we do not track you across other companies' apps or websites for advertising purposes.
4. Voice and AI Processing
Moun is a voice-first, AI-assisted product. To provide its core features, your content must be processed by software and, in some cases, by a trusted Third-Party Service (see Section 5). This means:
Voice you record may be transcribed to text so it can be saved, organized, and searched.
Text and image content may be sent to our AI provider to generate summaries, categories, searchable descriptions, embeddings, image understanding, and answers to your questions.
We send only the content reasonably necessary to perform the requested feature, and we route these requests through our secure backend rather than exposing service credentials on your device. Our AI provider processes your content only to perform the requested feature and does not use it to train generalized AI models.
5. Third-Party Service Providers (Sub-Processors)
We rely on the following providers to operate Moun. They process data only to provide their service to us and are bound by their own terms and privacy commitments:
Provider Purpose Supabase Cloud database, authentication, file storage, and backend functions (hosting of your account and content) Anthropic (Claude) AI reasoning, note organization, image understanding, and answering questions about your content PostHog Product analytics and diagnostics — understanding how the app is used and monitoring errors and performance to improve the Service Google (Sign-In, Calendar, Maps/Places) Authentication, optional calendar sync, and optional location/place search Unsplash Stock imagery used to illustrate organized notes (no personal content is shared to obtain these images) Apple App Store / Google Play App distribution and subscription billing
We may add, remove, or change providers as the Service evolves and will update this Policy accordingly.
6. Google User Data and Limited Use
When you sign in with Google or connect Google Calendar, Moun accesses Google user data only with the permissions (scopes) you explicitly grant, and only to provide features you have requested (such as authenticating your account and displaying or syncing your calendar events).
Moun's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
We only request the minimum Google scopes needed for the features you use.
We use Google user data solely to provide and improve the user-facing features that require it.
We do not transfer or sell Google user data for advertising, marketing, or any purpose unrelated to providing the Service.
We do not use Google user data to train generalized artificial intelligence or machine-learning models.
Humans do not read your Google user data except (a) with your explicit consent, (b) where necessary for security purposes (such as investigating abuse), or (c) to comply with applicable law.
If you connect Google Calendar, the access and refresh tokens that authorize this connection are stored securely on our backend and are protected by access controls. You can disconnect Google Calendar at any time from within Moun or by revoking Moun's access in your Google Account settings.
7. How We Share Information
We share information only in these limited situations:
With service providers / sub-processors listed in Section 5, to operate the Service on our behalf.
For legal reasons, when we reasonably believe disclosure is required to comply with a law, regulation, legal process, or lawful government request, or to protect the rights, safety, or property of users, the public, or Zima.
In a business transfer, such as a merger, acquisition, or sale of assets, in which case we will require the recipient to honor this Policy or notify you as required by law.
We do not sell your personal information.
8. Data Security
We take reasonable and appropriate technical and organizational measures to protect your information, including:
Encryption in transit. All communication between the app and our backend uses HTTPS/TLS encryption.
Encryption at rest. Your notes and associated media are encrypted at rest on our backend using AES-256 encryption, with encryption keys managed through a dedicated key-management service. Data stored in our cloud infrastructure is additionally encrypted at rest by our hosting provider.
Row-Level Security (RLS). Access controls are enforced at the database level so that each user can access only their own data. It is not possible for one user to read another user's content.
Credential isolation. Third-party API keys are stored as protected backend secrets and are never exposed in the app or on your device. The app never contacts AI providers directly — all such requests are routed through our secure backend.
Device-level protection for secure notes. When you lock a note or photo, access is protected using your device's biometrics (Face ID / fingerprint) or PIN, with keys held in the device's secure hardware store (Apple Keychain / Android Keystore).
Least-privilege access. We apply minimum-privilege defaults and monitor our infrastructure for security issues.
Honest limitations. No system is perfectly secure, and we cannot guarantee absolute security. Although your notes are encrypted at rest, Moun does not use end-to-end or "zero-knowledge" encryption. This means that your content is stored in a form that our systems — and, for operational and support purposes, authorized personnel — can technically access, and that content is processed by the Third-Party Services described above.
Please do not store highly sensitive information — such as passwords, government identification numbers, or full financial account numbers — in Moun, especially in unprotected notes. Moun is a personal memory tool, not a specialized secure vault.
9. Data Retention
We keep your information for as long as your account is active or as needed to provide the Service. Temporary locations used for one-off reminders are automatically deleted 48 hours after they are used. When you delete specific content, chat history, or search history, it is removed from your active account. When you delete your account, we delete or de-identify your personal information and content within a commercially reasonable period, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. Some information may persist temporarily in encrypted backups before being overwritten.
10. Your Rights and Choices
Depending on where you live, you may have rights to:
Access the personal information we hold about you;
Correct inaccurate information;
Delete your information and your account;
Export a copy of your content;
Withdraw consent for optional processing (such as location or calendar access) by changing your device or account permissions;
Object to or restrict certain processing.
You can exercise many of these rights directly in the app (for example, editing or deleting content, disconnecting integrations, or deleting your account) or by contacting us at the address in Section 14. We will respond within the timeframe required by applicable law. If you are in the European Economic Area, the United Kingdom, or a similar jurisdiction, our legal bases for processing include performing our contract with you, your consent, our legitimate interests in operating and securing the Service, and compliance with legal obligations.
11. Account and Data Deletion
You can delete your account at any time from within the app or by contacting us at privacy@moun.app. Deleting your account removes your notes, recordings, images, reminders, chat and search history, AI-derived metadata, and any stored calendar authorization tokens from your active account, subject to the retention exceptions described in Section 9. Instructions for account deletion are also available at https://moun.app/delete-account.
12. Children's Privacy
Moun is not directed to children under 13 (or the minimum age of digital consent in your country, if higher), and we do not knowingly collect personal information from them. You must be at least 13 years old to use Moun. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.
13. International Data Transfers
We and our service providers may process and store your information in countries other than the one in which you live, including the United States. Where required, we rely on appropriate safeguards for such transfers. By using Moun, you understand that your information may be transferred to and processed in these locations.
14. Changes to This Policy
We may update this Privacy & Security Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice in the app or by email. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
15. Contact Us
If you have questions or requests regarding this Policy or your data, contact us at:
Zima LLC Email: legal@moun.app Website: https://moun.app
This Policy is intended to describe Moun's data practices accurately and transparently. If any translated version conflicts with the English version, the English version governs.