MorphMe Privacy Policy

Effective Date: 17 April 2026
Last Updated: 17 April 2026

1. Who We Are

MorphMe ("MorphMe", "the Service", "we", "us", "our") is operated by THE TOOLS HUB, a business name registered in the Federal Republic of Nigeria under the Corporate Affairs Commission (CAMA 2020, Business Name Registration No. 9204311).

  • Business name: THE TOOLS HUB
  • Registration: Federal Republic of Nigeria, CAC RC No. 9204311
  • Jurisdiction of registration: Cross River State, Nigeria
  • Support & Privacy contact: hello@morphmelive.com
  • Data Protection Contact: hello@morphmelive.com
  • Website: https://morphmelive.com

For purposes of the Nigeria Data Protection Act 2023 ("NDPA"), we act as a Data Controller with respect to personal data we collect through MorphMe. We may act as a Data Processor or Joint Controller with third-party providers as identified in Section 5.

If, based on your use of MorphMe, we are required under the NDPA to appoint a Data Protection Officer, we will appoint one and update this Policy with their contact details. Until then, all data-protection matters go to hello@morphmelive.com.

2. Scope of This Policy

This Privacy Policy explains:

  • what personal data MorphMe collects
  • the legal bases on which we process it
  • who we share it with
  • how long we keep it
  • your rights over your data

It applies to the MorphMe desktop application, the associated website morphmelive.com, and any related services we provide. It does not cover third-party services you access through MorphMe — those are governed by their own policies (see Section 5).

By creating an account or using MorphMe, you acknowledge that you have read and understood this Privacy Policy.

3. What MorphMe Does

MorphMe is a desktop application that transforms your live webcam video using the Decart Lucy 2 AI model. You sign in with Google, purchase credit packages, and the app streams your webcam to Decart's servers in real time for transformation. The transformed output can be routed to a popout window, a preview window for OBS capture, or a virtual camera device for use in Zoom / Teams / Discord.

Your webcam video is transmitted to Decart for real-time processing. We describe below what we do and do not do with it, and what Decart may do under their own terms.

4. Data We Collect

4.1 Account Data (from Google Sign-In)

When you sign in with Google OAuth, we receive:

  • Email address
  • Display name
  • Profile picture URL (if set)
  • Google user ID (opaque identifier)

We do not receive your Google password, contacts, calendar, or any other Google services data.

4.2 Billing Data

  • Credit package name and amount purchased
  • Transaction timestamp and provider reference ID (Paystack reference for NGN payments, NowPayments invoice/payment ID for cryptocurrency payments)
  • Whether a transaction succeeded, failed, or was refunded

We do not collect or store card numbers, CVVs, expiry dates, bank account numbers, cryptocurrency wallet seed phrases, or any payment instrument details. All payment data is handled directly by Paystack (for NGN cards) or NowPayments (for cryptocurrency).

4.3 Usage Data

  • Session start/end timestamps
  • Session duration in seconds
  • Credits consumed per session
  • IP address attached to API requests (used only for rate limiting and fraud prevention)

4.4 Device Data

  • A hashed machine fingerprint
  • Operating system name and version
  • MorphMe application version

4.5 Video Data — IMPORTANT

What we do NOT do:

  • We do not record your webcam video to our own servers.
  • We do not store your webcam video in our databases.
  • We do not transmit your webcam video to any party other than Decart.
  • We do not use your webcam video for training, marketing, or analytics on our side.

What we DO do:

  • We transmit your webcam video in real time to Decart AI for AI transformation. This is the core function of MorphMe and is impossible without this transmission.

What Decart may do (outside our control):

Decart is an independent third party. Decart's own Terms of Service govern what Decart may do with the stream and the transformed output. Under Decart's current Terms (which you must review before use), Decart:

  • processes your input for the requested transformation;
  • may retain, use, analyze, and reproduce input and output content, including for platform improvement, bug fixing, and marketing purposes, per Decart's terms;
  • does not guarantee that outputs are unique or that similar inputs will not generate similar outputs for other users.

We cannot control Decart's practices, and we cannot guarantee what Decart will or will not do with your stream. If you require strict privacy for the video stream (e.g. sensitive commercial material or anything you would not want reproduced), do not use MorphMe for that purpose.

Decart's Privacy Policy and Terms of Service are linked in Section 5. Reading them is your responsibility.

4.6 Data We Do Not Collect

  • Contents of files on your device
  • Browser history
  • Location data (except coarse country inferred from IP for fraud checks)
  • Contacts, email, calendar, or any data from other applications
  • Your screen outside the MorphMe camera feed

5. Legal Bases for Processing

We process your personal data on the following legal bases under NDPA 2023 and GDPR Article 6:

Processing activityLegal basis
Creating and managing your accountPerformance of a contract (our Terms of Service)
Processing your paymentsPerformance of a contract + legal obligation (tax/accounting law)
Transmitting your stream to Decart for AI transformationPerformance of a contract (you requested the transformation)
Rate limiting, fraud prevention, abuse detectionLegitimate interest (protecting the Service and other users)
Responding to legal process, subpoenas, regulator requestsLegal obligation
Sending marketing emailsConsent (opt-in only; withdrawable at any time)
Retaining transaction recordsLegal obligation (tax and accounting)
Retaining audit logsLegitimate interest (security and accountability)

You may object to processing based on legitimate interest; we will weigh your objection against the interest being pursued.

6. Who We Share Data With

We share data only with service providers necessary to operate MorphMe. We do not sell your data, share it with advertisers, rent it to marketers, or use it for profiling.

RecipientPurposeWhat we shareTheir policy
Google (OAuth)AuthenticationEmail, name, profile pictureLink
SupabaseDatabase, auth, edge functionsAccount, billing, usage dataLink
PaystackPayment processing (NGN cards)Email, transaction amounts, metadataLink
NowPaymentsPayment processing (cryptocurrency, international)Order ID, USD amount, customer-supplied wallet metadataLink
Decart AIReal-time video transformation (per §4.5)Live webcam stream and prompt metadataLink

We may also disclose data if required by a valid legal process, to prevent fraud or harm, or to defend our legal rights. In any such case we will disclose only the minimum required and, where legally permitted, notify affected users.

7. International Transfers

Your data may be stored or processed outside Nigeria because some of our providers operate globally (Supabase: presently EU/Frankfurt; Paystack: Nigeria; NowPayments: EU; Decart: various; Google: various).

Under the Nigeria Data Protection Act 2023 (Sections 41-43), cross-border transfers require an adequacy decision, contractual safeguards, or another lawful transfer mechanism. Where transfers occur, we rely on Standard Contractual Clauses (SCCs) in our agreements with providers, the providers' own legal safeguards and certifications, and your consent to the transfer (implicit in using a service that requires it).

8. How Long We Keep Data

CategoryRetention
Account profile (active users)For the life of your account
Account profile (inactive ≥ 2 years)Deleted or anonymized
Transaction records7 years (tax compliance)
Session usage logs90 days, then anonymized
Audit logs (security events)2 years
Webcam video streamNot retained by us; see §4.5 for Decart

9. Security

  • All network traffic uses TLS 1.2 or higher
  • Service role keys and API secrets never ship with the app
  • We do not store passwords (Google OAuth only)
  • Database access is gated by Row-Level Security
  • Payment webhooks are HMAC-verified and IP-allowlisted
  • Credit deductions use atomic database transactions

No system is 100% secure. If we become aware of a data breach that materially affects your personal data, we will notify you and the Nigeria Data Protection Commission within 72 hours as required by the Nigeria Data Protection Act 2023.

10. Your Rights

Depending on where you reside, you may have the following rights:

  • Access — request a copy of the data we hold about you
  • Rectification — correct inaccurate data
  • Deletion — request deletion of your account and data
  • Portability — receive your data in a machine-readable format
  • Objection — object to certain processing
  • Restriction — request we pause processing
  • Withdrawal of consent — affects future processing only
  • Complaint — lodge a complaint with your data protection authority

To exercise these rights, email hello@morphmelive.com. We will respond within 30 days.

11. Children

MorphMe is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please email hello@morphmelive.com and we will delete the account promptly.

12. Marketing Communications

We send marketing communications only to users who explicitly opt in. You can unsubscribe at any time via the link in any marketing email, or by emailing hello@morphmelive.com. Transactional emails (receipts, security alerts) are not marketing and may be sent regardless of marketing preferences.

13. Cookies & Local Storage

The MorphMe desktop application uses Electron's local storage to cache your Supabase session token. This is not an advertising cookie — it holds only your authentication state. Signing out clears it.

14. Automated Decision-Making

We do not use your personal data for fully automated decision-making or profiling that produces legal or similarly significant effects on you.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in-app before they take effect and will be posted here with a new "Last Updated" date. Your continued use of MorphMe after the effective date of a change constitutes acceptance.

16. Contact and Complaints

THE TOOLS HUB (CAC RC No. 9204311)
Email: hello@morphmelive.com
Website: https://morphmelive.com

If you have a complaint we cannot resolve:

  • Nigeria: Nigeria Data Protection Commission (NDPC) — ndpc.gov.ng
  • EU/EEA: your country's data protection supervisory authority
  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • California: California Privacy Protection Agency (CPPA) — cppa.ca.gov