Privacy Policy

1. Introduction

This Privacy Policy explains how Morphedby.AI ("we," "our," or "us") collects, uses, and protects your personal information when you use our AI-powered image transformation service. We are committed to protecting your privacy and ensuring transparent data practices in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller Information

For the purposes of GDPR, Morphedby.AI acts as the data controller for the personal information we collect. You can contact our Data Protection Officer at [email protected].

3. Information We Collect

3.1. Account Information

  • Email address
  • Name
  • Profile information from OAuth providers (Google, Facebook, GitHub)
  • Account preferences and settings

3.2. Usage Data

  • Image transformation history and preferences
  • Credit usage and transactions
  • Login activity and session data
  • Device and browser information
  • IP address and location data

3.3. User Content

  • Images uploaded for transformation
  • Transformed image results
  • Associated metadata

3.4. Payment Information

Payment processing is handled securely through Stripe. We do not store your complete payment information. We only maintain records of transactions for accounting purposes and legal obligations.

4. Legal Basis for Processing (GDPR)

Under GDPR Article 6, we process your personal data based on the following legal grounds:

  • Contract fulfillment (Art. 6(1)(b)) - Processing necessary to provide our service and fulfill our contractual obligations
  • Legal obligation (Art. 6(1)(c)) - Processing required for compliance with legal obligations, including tax and accounting requirements
  • Legitimate interests (Art. 6(1)(f)) - Processing necessary for our legitimate interests in improving and securing our service
  • Consent (Art. 6(1)(a)) - Processing based on your explicit consent, such as for marketing communications

5. Data Processing Details

5.1. Service Provision

  • Process and transform your images using AI technology
  • Manage your account and credits
  • Provide customer support
  • Send service-related communications
  • Process payments and maintain transaction records

5.2. Service Improvement

  • Analyze usage patterns and performance
  • Improve our transformation algorithms
  • Develop new features and styles
  • Debug and prevent technical issues

6. Data Retention and Storage

6.1. Retention Periods

  • Original images: deleted immediately after processing or maximum 24 hours
  • Transformed images: stored for 30 days
  • Account information: retained while account is active
  • Transaction records: kept for 7 years (legal requirement)
  • Login history: 90 days
  • Usage logs: 30 days

6.2. Security Measures

We implement appropriate technical and organizational security measures including:

  • End-to-end encryption for data transmission
  • Secure data storage with encryption at rest
  • Regular security audits and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection

7. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Privacy Shield certification where applicable
  • Adequacy decisions by the European Commission
  • Data Processing Agreements with all third-party processors

8. Your GDPR Rights

Under the GDPR, you have the following rights:

  • Right to Access (Art. 15) - Request a copy of your personal data
  • Right to Rectification (Art. 16) - Correct inaccurate personal data
  • Right to Erasure (Art. 17) - Request deletion of your personal data
  • Right to Data Portability (Art. 20) - Receive your data in a structured format
  • Right to Object (Art. 21) - Object to processing of your data
  • Right to Restriction (Art. 18) - Limit how we use your data
  • Right to Withdraw Consent (Art. 7) - Withdraw previously given consent
  • Right to Lodge a Complaint - Contact your local data protection authority

To exercise these rights, contact our Data Protection Officer at [email protected]. We will respond to your request within 30 days.

9. Cookie Policy

9.1. Essential Cookies

Required for basic service functionality:

  • Authentication and session management
  • Security features
  • Service functionality

9.2. Optional Cookies (Require Consent)

Used for enhanced functionality:

  • Analytics and performance monitoring
  • Feature preferences
  • Marketing purposes (with consent)

10. Data Processing Partners

We share your information with the following GDPR-compliant partners:

  • Stripe (payment processing)
  • OAuth providers (Google, Facebook, GitHub)
  • Cloud storage providers
  • Analytics services

All partners are bound by Data Processing Agreements ensuring GDPR compliance.

11. Data Protection Impact Assessment

We conduct regular Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • AI-based image processing
  • Automated decision-making systems
  • Large-scale data processing

12. Data Breach Procedures

In the event of a data breach that risks your rights and freedoms, we will:

  • Notify relevant supervisory authorities within 72 hours
  • Inform affected users without undue delay
  • Provide recommendations to protect against potential consequences

13. Changes to Privacy Policy

We may update this policy periodically. Material changes will be notified via:

  • Email notification
  • Website announcement
  • Application notification

Continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Information

For privacy-related inquiries or to exercise your rights, contact:

Data Protection Officer
Email: [email protected]

Last updated: December 22, 2024