Morphr Logo

Privacy Policy for Morphr

Effective Date: May 8, 2025

This Privacy Policy describes how Seven Styles Pty Ltd, doing business as Morphr ("Morphr," "we," "us," or "our") collects, uses, and discloses your information when you use our Chrome Extension ("Extension") and associated website (collectively, the "Service"). Please read this Privacy Policy carefully.

1. Information We Collect

We collect several types of information in connection with the Service:

  • Information You Provide Directly:
    • Text Prompts & Image Editing Options: When you use the image editing features, the text prompts you enter and the options you select (like image size, quality, number of images, background settings) are sent to our servers for processing with our AI partners.
    • Reference Images: Images you hover over (URLs) or upload (as Data URLs or direct file uploads) within the Extension's modal are sent to our servers. Our servers may fetch these images if provided as URLs, and then this data is relayed to our AI partners as part of the editing request.
    • Collections Data: When you use the "Collections" feature, we store the images you choose to save (both reference images and generated images) in a personal collection associated with your account. This includes the image itself (stored via Cloudflare), and metadata such as its filename and when it was added.
    • Screenshots: If you use the 'screenshot area' feature, the captured image data from your screen is processed locally by the extension and sent to our servers as a reference image if you proceed with an edit.
    • Contact Information: If you contact us via our contact form, we collect your name, email address, and the message you provide.
  • Information Collected via Authentication:
    • Google Account Information: When you choose to sign in using Google via our secure authentication flow (hosted on Firebase), we receive your Google User ID, email address, and display name from Google via Firebase Authentication.
    • Authentication Status & Credits: We store your authentication status (whether you are logged in), your unique Morphr User ID (linked to your Google User ID), email, name, and your credit balance within our secure Firebase Firestore database. Your authentication status is also temporarily stored in your browser's local storage (`chrome.storage.local`) for seamless extension use.
  • Information Collected Automatically:
    • Usage Data (Server-Side): Our Firebase backend automatically logs standard information such as IP addresses, request details (URLs accessed, timestamps), and may log function execution details for debugging, security, and operational purposes. When you use the API to generate images, we record timestamps of API usage and update your credit balance in Firestore. This includes metadata related to API calls, such as token counts returned by our AI partners, to manage credit deductions.
    • How Our Extension Interacts with Web Pages and Your Data (Client-Side):

      To provide our core image editing functionality directly on the web pages you visit, our Extension uses a content script. The ability for this script to run on pages you browse is requested via the permission. It is crucial to understand what this script does and, importantly, what it does not do:

      • Purpose of the Content Script:
        • Image Detection and UI Trigger: The script's primary function is to identify images on a webpage. This allows us to display our 'Edit' button when you hover over an image, and enables our context menu option ("Edit Image with Morphr") for images.
        • Screenshot Functionality: It facilitates the 'Screenshot Area' feature, allowing you to capture a portion of the current web page, only when you explicitly initiate this action.
        • Displaying the Morphr Interface: The script is necessary for displaying the main Morphr editing interface (the modal window) over the current web page when you activate the Extension via its icon, context menu, or hover trigger.
      • Data Handling and Limitations:
        • Our content script **does not** automatically collect or transmit the content of the pages you visit for any purpose other than identifying image elements.
        • We **do not** track your general browsing history or activity across websites.
        • No data from the web page is sent to our servers **unless** you explicitly interact with an image (by clicking our 'Edit' button or using the context menu) or initiate a screenshot.
        • When you choose to edit an image, only the URL of that specific image (or the image data if you upload/screenshot it) and your editing inputs (like prompts) are processed by our Service as described elsewhere in this policy.
      • Local Error Logging: The Chrome Extension itself may generate error logs locally within your browser if technical issues occur during its operation. These logs are not automatically transmitted to us.

      We request the permission solely to enable these user-initiated features on any webpage and provide a seamless experience. Your general browsing data remains private.

    • Payment Processing Information (via Stripe): When you purchase credits, your payment is processed by Stripe. We receive a confirmation from Stripe upon successful payment, which includes a transaction identifier and the amount, but we do not directly collect or store your full payment card details. Stripe handles this information according to their privacy policy. We store metadata related to your purchase (e.g., Stripe Customer ID, credits purchased, timestamp) in our Firestore database.
  • Moderation and Policy Enforcement Data:
    • If an image generation request is flagged for a potential content policy violation by our AI provider, we may log details related to the request, such as your user ID, the prompt, snippets of reference image data, and the nature of the flag, for review and to enforce our terms and our AI provider's usage policies.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To Provide and Operate the Service:
    • To enable image editing functionality by sending your prompts, reference images, and selected options to our backend servers. Our servers then communicate with our AI partners using our API key to perform the image generation.
    • To authenticate your account using Google Sign-In via Firebase Authentication.
    • To manage your user account, including tracking and deducting credits based on your usage via our Firebase backend.
    • To process your credit purchases through Stripe and update your account accordingly.
    • To enable you to create, manage, and access your personal image collections.
    • To store and retrieve your user profile information (email, name, credits, user ID) from Firebase Firestore.
    • To respond to your inquiries submitted through our contact form.
  • To Maintain and Improve the Service:
    • To monitor the performance and stability of our backend services (Cloud Functions, Firestore).
    • To diagnose and fix technical issues or errors.
    • To understand usage patterns (primarily through credit deduction logs and server logs) to inform future development.
  • For Security and Fraud Prevention:
    • To verify user identity during login.
    • To monitor for potentially malicious activity on our backend.
    • To process payments securely and prevent fraudulent transactions.
  • To Monitor for and Enforce Compliance:
    • To monitor for and enforce compliance with our content policies, our AI providers' usage policies, and our terms of service, including reviewing flagged content.
  • To Communicate with You:
    • To send important notices about the Service, such as changes to our terms or policies, or account-related information.
    • To respond to your support requests or feedback.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

  • With Third-Party Service Providers:
    • AI Providers (OpenAI & Replicate): Your text prompts, reference images, and selected generation options are sent from our servers to our AI partners' APIs (including OpenAI and Replicate) to perform the image generation. Our interaction with these providers uses Morphr's API keys. Your use of their capabilities through our Service is subject to their respective terms and privacy policies.
    • Cloudflare: When you save an image to a collection, the image file is stored on and served by Cloudflare Images. Cloudflare processes this data on our behalf as described in their privacy policy.
    • Google (Firebase/Google Cloud): We use Firebase services (Authentication, Firestore, Cloud Functions, Hosting) to provide the backend infrastructure, authentication, and data storage. Google processes data on our behalf as described in their Privacy Policy and the Cloud Data Processing Addendum.
    • Stripe: For processing payments for credits. Your payment information is provided directly to Stripe, and their use of your information is governed by their Privacy Policy. We store transaction metadata linked to your user account.
    • Resend: For sending email notifications related to contact form submissions. Resend processes email addresses and content as per their privacy policy.
  • For Legal Reasons: We may disclose your information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: If Morphr is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you via a prominent notice on our Service of any change in ownership or uses of your personal information.
  • With Your Consent: We may share your information for other purposes with your explicit consent.

4. Data Storage and Security

  • User Account Data & Credits: Stored in Google's Firebase Firestore database in secure cloud data centers.
  • Authentication Status: Stored temporarily in your browser's `chrome.storage.local`.
  • Contact Submissions: Stored in Firebase Firestore.
  • Moderation Logs: Logs related to content policy violations are stored in Firebase Firestore.
  • Temporary Authentication Codes: Short-lived codes used during the login flow are stored temporarily in Firestore and automatically deleted or marked unusable after use or expiry (typically 5 minutes).
  • Reference Images & Prompts (Processing): When you submit images and prompts for generation, they are processed transiently on our servers and sent to our AI providers. We do not permanently store images or prompts from generation requests **unless you explicitly save an image to a Collection.**
  • Image Collections (Persistent Storage): If you use the "Collections" feature to save an image, that image is uploaded and stored permanently on Cloudflare Images servers. This data is associated with your account and will be retained until you delete the image from your collection or delete your account. This allows you to access your saved images across sessions.

We implement reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, and destruction. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your information.

Authorized personnel may access user data only when necessary for support, security, legal compliance, or to maintain and improve the service, and are subject to confidentiality obligations.

We retain your account information and transaction history for as long as your account is active and as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Data related to specific image generations (prompts, reference images) is processed transiently and not permanently stored by Morphr beyond what is necessary for moderation logging as described above.

5. Your Choices and Rights

  • Managing Your Google Account: You can manage the information associated with your Google account through your Google Account settings.
  • Accessing/Deleting Your Morphr Account Data: You can sign out of the extension at any time. To request access to or deletion of the data we store about you in Firebase Firestore (User ID, email, name, credits, purchase history metadata, contact submissions, moderation logs), please contact us using the information below. Deleting your Google Account will prevent future logins but may not automatically delete historical data stored in Firestore.
  • Disabling the Extension: You can disable or uninstall the Morphr Chrome Extension at any time through your browser's extension management settings. This will prevent further data collection by the extension.
  • Clearing Browser Storage: You can clear data stored by the extension (including your local authentication status) using your browser's "Clear browsing data" settings, specifically targeting "Cookies and other site data" or hosted app data for the extension's ID.

6. Children's Privacy

The Service is not intended for individuals under the age of 13 (or a higher age if stipulated by local law). We do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the relevant age, we will take steps to delete such information promptly.

7. Third-Party Services

This Privacy Policy does not apply to the practices of third parties that we do not own or control, including but not limited to OpenAI, Replicate, Google, Cloudflare, Resend, and Stripe. We encourage you to review the privacy policies of these third-party services before providing them with your information or using their services through Morphr.

8. Compliance with Chrome Web Store Policies

The use of information received from Google APIs by Morphr will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at: morphrinfo@gmail.com.