Privacy Policy

Last Updated: March 6, 2026

This policy applies to both the Morphee application and the morphee.app website.

TL;DR

  • You own your data. We never sell it.
  • Private: Your data stays secure and is never used for AI training.
  • Minimal third parties: Only Anthropic (Claude API) sees your messages.
  • GDPR compliant: You can access, delete, or export your data anytime.
  • No app telemetry: The Morphee app doesn't track usage. This website uses PostHog (EU-hosted) with opt-in consent.

1. What We Collect

1.1 Account Information

When you create an account:

  • Email address — for authentication and account recovery
  • Name — optional, for personalization
  • Password — hashed, never stored in plaintext

1.2 Usage Data

While using Morphee, we store:

  • Conversations — your messages and AI responses
  • Tasks — tasks you create or assign
  • Memories — facts, preferences, and context you store
  • Files — documents or images you upload

1.3 Integration Data

If you connect external services (e.g., Google Calendar, Gmail):

  • OAuth tokens — stored securely in your device's secure storage
  • Synced data — events, emails (only what you explicitly access via Morphee)

1.4 What We DON'T Collect

  • No tracking before consent — analytics only load after you click "Accept All"
  • No location data
  • No device fingerprinting

2. How We Use Your Data

We use your data only to provide the service:

  • Conversations — sent to the LLM provider (Anthropic Claude) to generate responses
  • Memories — embedded and searched to provide context to the AI
  • Tasks & Integrations — to execute actions you request (e.g., "Add this to my calendar")

We never use your data for marketing, advertising, or training AI models (unless you explicitly opt-in for research purposes).

3. Third-Party Data Sharing

Service Data Shared Why
Anthropic (Claude API) Conversation messages AI inference
Google (if connected) Calendar events, emails (read-only) Integration features
OpenAI (optional) Text for embeddings Memory search (if enabled)
Apple/Google (mobile) Push notification tokens Mobile notifications

Note: If your device supports local AI models, you can run them entirely on your device — no data sent to any third-party provider.

4. Where Your Data Lives

Your data is stored in two places:

  • Morphee servers — your account, conversations, tasks (EU data centers, encrypted in transit and at rest)
  • Your device — local memory, search indexes, and credentials (in your device's built-in credential manager)

We use EU-based infrastructure for GDPR compliance. All data is encrypted in transit (TLS) and at rest.

5. Your Rights Under GDPR

You have the following rights:

Right to Access

Request a copy of all your data.

Settings → Export Data

Right to Erasure

Delete your account and all data.

Settings → Delete Account

Right to Rectification

Correct inaccurate data.

Edit in Settings → Profile

Right to Portability

Export your data in JSON or Markdown.

Settings → Export Data

Right to Restrict

Limit how we process your data.

Contact: privacy@morphee.app

Right to Object

Object to specific processing.

Contact: privacy@morphee.app

To exercise any of these rights, email privacy@morphee.app. We'll respond within 30 days.

6. Waitlist & Signup Data

When you join the waitlist at www.morphee.app:

  • What we collect: Name, email, organization type, group size, use case description, referral code, UTM parameters
  • Why: To evaluate your application, prioritize onboarding, and contact you when a spot opens (legitimate interest + consent)
  • How long: Until you are onboarded or request deletion. Declined entries are deleted after 90 days.
  • Legal basis: Consent (you actively submit the form) + legitimate interest (managing beta capacity)

Signup codes are non-transferable and may expire. Code usage is tracked to prevent abuse.

6b. Cookies & Analytics (Website Only)

The Morphee app uses zero cookies and zero analytics. This section applies only to the www.morphee.app marketing website.

Category Cookie / Storage Purpose Consent Required
Necessary morphee_consent (localStorage) Remember your cookie consent choice No
Analytics PostHog (EU-hosted) Anonymous page views and funnel analysis Yes
Marketing Google Tag Manager Conversion tracking for advertising (future) Yes

PostHog data is hosted in the EU. Analytics are opt-in — tracking is disabled by default and only enabled after you click "Accept All" in the cookie banner.

7. Security Measures

  • Passwords: Securely hashed, never stored in plaintext
  • Authentication: Short-lived access tokens with secure refresh
  • Database: Per-group data isolation — no cross-group data access
  • API: Rate limiting and request validation
  • Credentials: Stored in your device's secure storage, never in the database
  • Encryption: All communication encrypted in transit
  • Web security: Content Security Policy headers to prevent common attacks

8. Data Retention

Active accounts: Data retained until you delete it.

Deleted accounts: 30-day grace period, then permanent deletion from all systems.

Backups: Deleted data removed from backups after 90 days.

9. Children's Privacy

Morphee is designed for families, including children. If you're under 13 (or 16 in the EU), a parent or guardian must create your account. We don't knowingly collect data from children without parental consent.

10. Changes to This Policy

We may update this policy from time to time. We'll notify you of material changes via email or in-app notification. Continued use after changes constitutes acceptance.

11. Contact Us

Questions about privacy?

Related Documents

Encrypted GDPR compliant No tracking Local AI option Open source