Morphee Privacy & Data Guide
Your privacy matters. This guide explains how Morphee handles your data in plain language.
Quick Summary
✅ What's Good:
- Self-Hosted: Your data stays on your server, not in a central cloud
- Offline-First: Works without internet (coming soon)
- Local AI: Embeddings run on your device (mobile)
- No Tracking: No analytics, no ads, no selling your data
- GDPR Compliant: Full data export, deletion, consent controls
⚠️ What You Should Know:
- Conversations sent to Anthropic: For AI responses (Claude API)
- Optional Cloud Services: Google Calendar, Gmail (only if you connect them)
- Group Sharing: Group members can see shared spaces and conversations
Data Collection
What Morphee Collects
| Data Type | Examples | Why We Collect It |
|---|---|---|
| Account Info | Email, name, password hash, avatar URL | Authentication and profile |
| Conversations | All chat messages | AI responses and context |
| Tasks | Task descriptions, status, priority | Task management |
| Spaces | Space names, descriptions | Organization |
| Memories | Facts, preferences, events | Personalization |
| Calendar/Email | Events, email content (if connected) | Integration features |
| Logs | Error logs, access logs | Debugging and security |
What Morphee DOES NOT Collect
- ❌ Analytics: No Google Analytics, no tracking pixels
- ❌ Location: No GPS tracking
- ❌ Device Fingerprinting: No browser fingerprinting
- ❌ Advertising Data: No ad profiles
- ❌ Sensitive Categories: No racial/ethnic data, political opinions, health data (unless you explicitly share it in conversation)
Where Your Data Lives
Self-Hosted Architecture
Unlike cloud services (ChatGPT, Alexa, Google Assistant), Morphee is self-hosted:
Your Data Flow:
You → Your Morphee Server → You
(Self-hosted)
What this means:
- Your messages, tasks, and memories are stored in your PostgreSQL database
- Your files are stored in your server's filesystem
- Your Git-backed memories are in your local Git repository
Benefits:
- Full Control: You own the hardware/VM
- No Vendor Lock-In: Export data anytime, switch providers
- Data Residency: Keep data in your country (GDPR Art. 44 compliance)
Cloud Services (Where Data DOES Leave Your Server)
Some features require cloud processing:
1. Anthropic (Claude API) — AI Responses
What's sent:
- Your conversation messages
- System prompts (including some context)
- Tool definitions (what Morphee can do)
Why:
- To generate AI responses using Claude's language model
Anthropic's Data Handling:
- Messages are not stored by Anthropic (per their DPA)
- Used only for inference, then discarded
- Subject to Anthropic's Privacy Policy
Your Control:
- Required consent: "LLM Data Sharing"
- Revoke consent → Morphee stops working (AI responses need this)
2. OpenAI (Optional) — Embeddings
What's sent:
- Text snippets for vector embeddings (only if you use OpenAI embeddings)
Why:
- To create semantic vectors for memory search
OpenAI's Data Handling:
- Used for inference only (not training as of API v2)
- Subject to OpenAI's Privacy Policy
Your Control:
- Default: Morphee uses fastembed (local, on-device embeddings)
- Switch to OpenAI only if you explicitly configure it
- No consent needed if using fastembed (default)
3. Google (Optional) — Calendar & Gmail
What's sent:
- Calendar events (if you connect Google Calendar)
- Email content (if you connect Gmail)
Why:
- To display events, send emails via Gmail API
Google's Data Handling:
- Subject to Google's Privacy Policy
- Limited to requested scopes (calendar.events, gmail.readonly, etc.)
Your Control:
- Connect Google → grant OAuth scopes
- Disconnect anytime → revoke access
- Required consent: "Google Calendar", "Gmail" (separate)
4. Apple (APNs) & Google (FCM) — Push Notifications
What's sent:
- Device tokens (opaque identifiers)
- Generic notification text: "Morphee / You have a new notification"
- NOT full notification content (for privacy)
Why:
- To send push notifications to your mobile device
Your Control:
- Required consent: "Push Notifications"
- Revoke → no more push notifications
Data Sharing (Who Sees Your Data)
Within Your Group
Group Members Can See:
- Conversations in shared spaces
- Tasks in shared spaces
- Memories with group scope
- Calendar events (if shared via Google Calendar)
Group Members CANNOT See:
- Conversations in your personal space
- Tasks in your personal space
- Memories with personal scope
- Your password, email (unless you share it)
Group Admins Can:
- See all group data (shared spaces only)
- Invite/remove members
- Delete the group (deletes all group data!)
Outside Your Group
No One Else Can See Your Data:
- Morphee staff (if you self-host) — no access
- Other Morphee users — isolated by group
- Third parties (except cloud services listed above)
Privacy-Enhancing Features
Local-First Architecture
Desktop:
- Embeddings via fastembed (ONNX, on-device)
- Vector store via LanceDB (local database)
- No internet needed for memory search
Mobile:
- Embeddings via Candle (BERT, on-device)
- Vector store via SQLite (local database)
- Push notifications via APNs/FCM (generic content only)
Git-Backed Memories
Memories are stored in Git repositories (per group):
- Versioned: Full history of changes
- Recoverable: Roll back to previous versions
- Exportable: Clone the repo, own your data
Encryption
In Transit:
- HTTPS/TLS for all API calls
- WSS (WebSocket Secure) for real-time updates
At Rest (Implemented):
- Application-level Fernet encryption for chat messages and memory content in PostgreSQL
- Application-level Fernet encryption for Git-stored conversation and memory files
ENC:prefix enables gradual migration of existing plaintext data
Your Privacy Rights (GDPR)
Morphee complies with the EU General Data Protection Regulation (GDPR).
Right of Access (Art. 15)
Export your data:
- Settings → Data & Privacy → "Export Your Data"
- Click "Download JSON" or "Download Markdown"
- Receive file with all your data
What's included:
- Conversations and messages
- Tasks and schedules
- Notifications
- Memories (vectors + metadata)
- OAuth connections
- Skills
- Consents
Right to Erasure (Art. 17)
Delete your account:
- Settings → Data & Privacy → "Delete Account"
- Type "DELETE" to confirm
- Wait 30 seconds (final countdown)
- Click "Confirm Deletion"
What gets deleted:
- All your conversations
- All your tasks
- All your memories
- All your spaces (personal and owned)
- Your account credentials
- Vault secrets (API keys, OAuth tokens)
Cascade Delete: All related data is deleted automatically (conversations → messages, etc.).
Right to Rectification (Art. 16)
Correct your data:
- Profile: Settings → Profile → Edit name, email, avatar
- Memories:
"Actually, my birthday is March 16, not March 15"→ Morphee updates memory - Tasks: Click task → edit inline
Right to Data Portability (Art. 20)
Export in machine-readable format:
- JSON export (full data dump)
- Markdown export (human-readable)
Use Cases:
- Migrate to another Morphee instance
- Backup your data locally
- Analyze with custom tools
Right to Object (Art. 21)
Opt-out of processing:
- Memory Extraction: Settings → Data & Privacy → Toggle "Auto-extract memories" OFF
- LLM Data Sharing: Revoke consent → stops sending to Anthropic
- Google Integrations: Disconnect → stops accessing Calendar/Gmail
Right to Withdraw Consent (Art. 7(3))
Revoke consents anytime:
- Settings → Data & Privacy → "Manage Consents"
- Click "Withdraw" next to any consent
- Feature stops working immediately
Effects:
- LLM Data Sharing: No more AI responses
- Memory Extraction: No more auto-extracted facts
- Google Calendar/Gmail: No more integration features
- Push Notifications: No more mobile alerts
Consent Management
Required Consents
| Consent | Can Revoke? | Effect of Revocation |
|---|---|---|
| Privacy Policy | ❌ No | Account terms (required to use Morphee) |
| LLM Data Sharing | ✅ Yes | No AI responses (Morphee becomes unusable) |
Optional Consents
| Consent | Purpose | Effect of Revocation |
|---|---|---|
| Memory Extraction | Auto-extract facts from conversations | Manual memory storage only |
| Google Calendar | Access calendar events | No calendar features |
| Gmail | Read/send emails | No email features |
| Push Notifications | Receive mobile alerts | No push notifications |
How to Manage
- Settings → Data & Privacy → "Manage Consents"
- View all consents with status (granted/revoked)
- Click "Grant" or "Withdraw" to change
- Changes take effect immediately
Data Retention
How Long We Keep Data
| Data Type | Retention Period | Why |
|---|---|---|
| Conversations | Until you delete them | Context for AI responses |
| Tasks | Until you delete them | Task tracking |
| Memories | Until you delete them | Personalization |
| Logs | 90 days | Debugging and security (auto-deleted) |
| OAuth Tokens | Until revoked or expired | Integration access |
| Push Tokens | Until device inactive for 90 days | Push notifications |
Automatic Cleanup
Morphee automatically deletes:
- Expired Invites: 7 days after expiration
- Inactive Push Tokens: 90 days since last use
- Old Logs: 90 days
Manual Cleanup
You control when to delete:
- Conversations: Delete anytime (permanent)
- Tasks: Delete when complete
- Memories: Delete or correct anytime
- Account: Delete account → everything deleted
Children's Privacy (COPPA / GDPR Art. 8)
Current Status: Age verification is planned but not yet implemented.
For Classroom Use:
- Teachers must obtain parental consent before adding children to groups
- Age threshold: 16 years (EU), 13 years (US)
- Under age threshold → parental email required for verification
When Implemented:
- Signup asks for birthdate
- If under age threshold → requires parental email
- Parent receives verification email
- Parent approves → child account activated
Third-Party Data Processing Agreements (DPAs)
Morphee has (or will have) DPAs with:
| Processor | Service | DPA Status | Data Sent |
|---|---|---|---|
| Anthropic | Claude API | Pending | Conversation content |
| Supabase | Auth (GoTrue) | Pending | Email, password hash |
| OAuth, Calendar, Gmail | Pending | Events, emails (if connected) | |
| Apple | APNs (push) | Pending | Device tokens, generic alerts |
| Firebase | FCM (push) | Pending | Device tokens, generic alerts |
| OpenAI | Embeddings (optional) | Pending | Text snippets (if enabled) |
DPAs are legal contracts ensuring processors handle your data securely and in compliance with GDPR.
Security Measures
What We Do to Protect Your Data
- HTTPS/TLS: All traffic encrypted in transit
- Password Hashing: Passwords hashed with bcrypt (never stored plaintext)
- JWT Authentication: Secure token-based auth
- Rate Limiting: Prevent brute-force attacks
- Input Validation: Prevent SQL injection, XSS
- Sandboxed Filesystem: Per-group file isolation
- WebSocket Auth: Secure real-time connections
What You Should Do
- Strong Password: Min 8 chars, mix of letters/numbers/symbols
- 2FA (Coming Soon): Two-factor authentication
- Keep Software Updated: Apply security patches
- Secure Your Server: Firewall, SSH keys, regular updates
Breach Notification
If a data breach occurs:
Within 72 hours: We notify you via email
Notification includes:
- What data was affected
- How the breach occurred
- What we're doing to fix it
- What you should do (e.g., change password)
Your Actions:
- Change password immediately
- Review account activity
- Report suspicious activity
See Breach Response Plan for details.
Questions?
Contact:
- Email: privacy@morphee.app
- GitHub Issues: Report privacy concerns
Additional Resources:
Last Updated: February 13, 2026