Privacy Policy

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

• Name and email address (via Google OAuth through Clerk)
• Profile information and preferences
• Contact information for support requests

Content You Create:

• Photos of public spaces you upload
• AI-generated visualizations and reimagined spaces
• Comments, votes, and community interactions
• Location descriptions and project details

1.2 Information We Collect Automatically

Usage Data:

• Pages visited and features used
• Time spent on the platform
• Device and browser information
• IP address and general location

Location Data:

• Approximate location for uploaded images (if enabled)
• EXIF metadata from photos (automatically stripped from public content)
• IP-based location for service optimization

1.3 Information from Third-Party Services

We receive information from:

• Clerk/Google OAuth: Basic profile information and authentication tokens
• AI Service Providers: Content processing metadata (temporarily)
• Analytics Services: Usage statistics for service improvement

2. How We Use Your Information

2.1 To Provide and Maintain Our Service

• Create and manage your account
• Process and display your content
• Generate AI visualizations at your request
• Enable community features (voting, commenting, remixing)
• Provide customer support

2.2 To Improve and Personalize Our Service

• Analyze usage patterns and user behavior
• Improve AI model performance (with your consent)
• Develop new features and functionality
• Conduct research and analytics

2.3 To Communicate with You

• Send service-related notifications
• Respond to your inquiries and support requests
• Send updates about new features
• Provide security and legal notices

3. How We Share Your Information

3.1 Public Information by Default

Who Can Access Public Content:

• Other MorphIt users
• Government entities and organizations
• Researchers and journalists
• Search engines and web crawlers
• General public via shared links

3.2 Third-Party Service Providers

We share information with trusted service providers:

3.3 Legal Requirements

We may disclose your information to comply with legal obligations, respond to valid legal requests, protect our rights and property, prevent fraud or security threats, or in connection with a business transfer.

4. Data Processing and AI Training

4.1 AI Model Training

4.2 Face Detection and Privacy

5. Data Security and Protection

5.1 Security Measures

• Technical Safeguards: Industry-standard encryption in transit and at rest
• Access Controls: Role-based access to user data with regular reviews
• Infrastructure: Secure cloud infrastructure (Google Cloud Platform)
• Monitoring: Automated threat detection and security audits

5.2 Data Retention

• Account Data: Retained while your account is active
• Deletion: Deleted within 30 days of account termination
• Public Content: May remain on platform after deletion with attribution removed
• Analytics: Individual identifiers removed after 24 months

6. Your Privacy Rights

6.1 General Rights

6.2 AI Training Opt-Out

6.3 Jurisdiction-Specific Rights

California Residents (CCPA/CPRA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale/sharing (Note: We do not sell or share personal information)
• Right to non-discrimination for exercising privacy rights

European Residents (GDPR) - If Applicable:

• Right to access personal data
• Right to rectification and erasure
• Right to data portability
• Right to object to processing

7. Data Deletion

How to Request Data Deletion

What Gets Deleted

When you request data deletion, we will remove:

• Your profile information (name, email, profile photo)
• All locations you've created
• All reimagined spaces you've generated
• Your comments and votes
• Your account credentials and authentication data

Note on Social Login

If you signed in using Google or Facebook, you can also remove MorphIt from your connected apps:

• Google: Visit https://myaccount.google.com/connections
• Facebook: Visit https://www.facebook.com/settings?tab=applications

8. Special Categories of Data

8.1 Biometric Data

8.2 Location Data

• EXIF geolocation data is automatically stripped from public images
• You can choose to display approximate location (city/neighborhood level)
• Precise coordinates are never displayed publicly
• IP-based location used only for service optimization

9. Children's Privacy

9.1 Age Requirements

• General use requires users to be 16+ years old
• Users 13-15 may use with verifiable parental consent
• We do not knowingly collect information from children under 13 without consent

9.2 Educational Use (EDU Mode)

9.3 FERPA Compliance

• For educational use, MorphIt acts as a "school official"
• Student data processing limited to educational purposes only
• No sale or marketing use of student data
• Data deletion/return at school's direction

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

11.2 Cookie Management

• Configure cookie preferences in your browser
• Opt out of non-essential cookies
• Clear cookies and browsing data
• Use browser privacy modes

12. Changes to This Privacy Policy

12.1 Updates and Notifications

• We may update this Privacy Policy periodically
• Material changes will be notified 30 days in advance
• Continued use constitutes acceptance of changes
• Previous versions archived and available upon request

12.2 Notification Methods

• Email to your registered address
• Platform notifications and announcements
• Website banner notifications
• Updated effective date and version number

13. Contact Information

13.1 Privacy Questions and Requests

13.2 Response Time

• We aim to respond to privacy requests within 30 days
• Complex requests may require additional time
• We'll notify you if we need an extension