Privacy Policy

Last updated: June 2026

This Privacy Policy explains what personal data Morphome collects, why we collect it, who we share it with, and the rights you have over it. It applies to morphome.app and the services offered through it. Please read it together with our Terms of Service and Cookie Policy.

1. Who we are

Morphome ("Morphome", "we", "us", "our") operates morphome.app — a web service that turns your uploaded photos, drawings, sketches, plans, and text descriptions into images and videos using third-party AI models. For the purposes of data protection law, Morphome is the data controller for the personal data described in this policy.

Morphome is operated from Ukraine. If you have any question about this policy or about how we handle your data, please reach us through our contact page.

2. Who can use Morphome

Morphome is intended for adults. You must be at least 18 years old to create an account or use the service. We do not knowingly collect personal data from anyone under 18. If you believe a person under 18 has provided us with personal data, contact us and we will delete it.

3. What data we collect

We collect the following categories of personal data:

Account data

When you register, we collect your email address and a securely hashed password. If you sign in through a third-party login provider, we receive basic account identifiers from that provider (such as your email and a user ID).

Content you upload and generate

To generate images and videos, you upload photos, drawings, sketches, plans, or text prompts ("Inputs"), and the service produces images or videos ("Outputs"). Inputs may contain personal data — for example, if a photo shows a person. We process Inputs and Outputs to provide the service, and we store your generation history so you can access your past results.

Payment data

When you buy credits or a plan, payments are handled by our third-party payment providers. We do not store or process your full card number or crypto wallet credentials on our own servers. Those details go directly to the payment provider. We retain limited transaction records — such as which product was purchased, the amount, a provider transaction reference, and status — for accounting, fraud prevention, and support.

Usage and technical data

We automatically collect technical information when you use the service, such as your IP address, browser and device type, pages viewed, actions taken, and timestamps. We use this to operate, secure, and improve the service. See our Cookie Policy for details on cookies and analytics.

4. How we use your data

We use your personal data to:

provide the service — process your Inputs into Outputs and maintain your generation history;
manage your account, authenticate you, and provide customer support;
process payments, manage your credit balance, and keep billing records;
operate, secure, debug, and improve the service, and prevent fraud and abuse;
comply with our legal obligations;
send you service-related messages (for example, account verification, security notices, and purchase confirmations);
send you marketing communications, where you have not opted out — you can unsubscribe at any time using the link in each message.

5. Legal bases for processing (GDPR)

If you are in the European Economic Area or the UK, we rely on the following legal bases under the GDPR:

Performance of a contract — to provide the service you have signed up for, process your generations, and handle your purchases.
Legitimate interests — to secure and improve the service, measure website usage through analytics, prevent fraud and abuse, and (where permitted) send relevant marketing.
Consent — for marketing where consent is required. You can withdraw consent at any time.
Legal obligation — to keep records we are required to keep, such as for tax and accounting.

6. AI processing and your content

Morphome generates Outputs using third-party AI models (see the sub-processor list below). When you submit an Input, it is sent to the relevant AI provider to produce your Output. We choose providers whose terms state that they do not use customer content submitted through their business APIs to train their models, except where you have separately agreed otherwise. Morphome itself does not use your Inputs or Outputs to train AI models.

AI Outputs are generated automatically and may be inaccurate or unexpected. Generation is an automated process, but it does not produce legal or similarly significant decisions about you.

7. Who we share data with (sub-processors)

We share personal data with trusted third parties who process it on our behalf, only to the extent needed to provide the service. Each is bound by its own data protection obligations. Our main sub-processors are:

Google (Gemini / Vertex AI) — AI image and video generation. Receives your Inputs and prompts to produce Outputs.
Stripe — card and PayPal payment processing. Receives your payment and billing details directly.
NOWPayments — cryptocurrency payment processing. Receives the data needed to process a crypto payment.
Resend — transactional and marketing email delivery. Receives your email address and message content.
Google Analytics — website usage analytics. Receives technical and usage data, subject to your cookie choices.
Our hosting provider — server infrastructure that stores and serves the application and its data.

We may also disclose data where required by law, to enforce our Terms, to protect our rights, users, or the public, or in connection with a business transfer (such as a merger or acquisition).

We do not sell your personal data.

8. International transfers

Some of our sub-processors are located outside Ukraine and outside the European Economic Area, including in the United States. Where we transfer personal data internationally, we rely on appropriate safeguards — such as the European Commission's Standard Contractual Clauses or a provider's participation in a recognised data-transfer framework — to protect your data.

9. How long we keep data

We keep personal data only for as long as necessary for the purposes set out in this policy:

Account data — for as long as your account is active. If you delete your account, we delete or anonymise your account data, except records we must keep by law.
Generation history — your stored Inputs and Outputs are retained according to your plan's limits and may be removed automatically once those limits are exceeded or after a retention period. Deleted items are removed from your view and then purged.
Payment and transaction records — retained for as long as required for accounting, tax, and legal purposes.
Technical and usage logs — retained for a limited period for security and diagnostics, then deleted or anonymised.

10. Your rights

Subject to applicable law, you have the right to:

access the personal data we hold about you;
correct inaccurate or incomplete data;
delete your data ("right to erasure");
restrict or object to certain processing;
receive your data in a portable format;
withdraw consent at any time, where processing is based on consent;
opt out of marketing communications;
lodge a complaint with a data protection authority.

To exercise any of these rights, reach us through our contact page. We may need to verify your identity before acting on your request.

11. Security

We use technical and organisational measures to protect your data, including encryption in transit, hashed passwords, access controls, and keeping payment credentials with specialised PCI-DSS-compliant providers rather than on our own servers. No system is perfectly secure, but we work to protect your information and to respond promptly to any incident.

12. Cookies and analytics

We use cookies and similar technologies to run the site, remember your session, and measure usage through Google Analytics on the basis of our legitimate interest in understanding and improving the service. You can manage cookies through your browser, and find more detail in our Cookie Policy.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you. Your continued use of Morphome after an update means you accept the revised policy.

14. Governing law

This Privacy Policy is governed by the laws of Ukraine. If you are in the European Economic Area or the UK, this does not deprive you of the protection of mandatory data protection rules that apply to you.

Contact

For any question about this Privacy Policy or your personal data, please reach us through our contact page.