Security and Trust

Last Updated: June 5, 2026

Momoro does not currently claim SOC 2, ISO 27001, COPPA Safe Harbor, or other third-party security certifications. This page describes our current operational practices and commitments.

Momoro is used by independent learners, teachers, and parents to create personalized language lessons from uploaded text, images, and stories. This page explains the security and privacy practices we use to protect learning data and children's information.

1. What We Protect

Momoro protects account details, uploaded lesson source content, generated lessons, learning progress, subscription status, device/session data, and support communications. Payment card details are processed by payment providers and are not stored directly by Momoro.

2. Security Practices

HTTPS is used for public website and application traffic.
Passwords are stored using secure one-way hashing.
Authenticated API requests use bearer tokens and server-side authorization checks.
Access to production systems is limited to authorized operators who need access to maintain the service.
Application logs and operational tooling are used to detect errors, abuse, and suspicious activity.
Backups and provider-level infrastructure protections are used to support service continuity.

3. Children, Parents, and Teachers

Because Momoro may be used by children with parent, guardian, or teacher support, we apply extra care to learning content and account data. Parents and guardians can request access, correction, or deletion of personal data. Teachers and parents should avoid uploading sensitive information that is not needed for a lesson.

4. AI and Uploaded Content

Uploaded text and images may be processed by AI services to generate vocabulary, reading, comprehension, and audio practice. We use uploaded content to provide the requested lesson features and improve the reliability of the service, as described in our Privacy Policy. Users should only upload content they have the right to use.

5. Data Retention and Deletion

Users can delete their account from the app where available, or request deletion through our data deletion page. Deletion requests are handled according to applicable privacy laws and operational backup constraints.

6. Vendors and Payments

Momoro relies on trusted service providers for hosting, AI processing, email delivery, analytics, and payments. These providers are used only to operate and improve the service. Subscription and payment details are handled by payment platforms such as Stripe or app-store payment providers, depending on how the user subscribes.

7. Incident Response

If we identify a security incident that affects personal data, we investigate, contain the issue, restore service integrity, and notify affected users or regulators when legally required.

8. Contact

For security, privacy, or data protection questions, contact us at [email protected].