Privacy Policy

Last Updated: January 27, 2026

Welcome to Morph. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile fitness application. Please read this policy carefully. By using Morph, you consent to the data practices described in this policy.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (for authentication and communication)
• Password (securely hashed, never stored in plain text)

Profile Information

To personalize your experience, we collect:

• Age and gender
• Height and weight
• Fitness goals
• Activity level
• Dietary preferences and restrictions

Health & Fitness Data

To track your progress, we collect:

• Workout logs and exercise history
• Nutrition logs and meal tracking
• Macro targets and progress

Apple HealthKit Data

If you grant permission, we may access:

• Active calories burned
• Steps
• Workouts from Apple Watch
• Heart rate data
• Sleep data

HealthKit data is only accessed with your explicit consent and is used solely to enhance your fitness tracking experience. You can revoke HealthKit permissions at any time through your device settings.

Location Data

We collect location data only when you:

• Use GPS tracking for cardio activities (running, walking, cycling)
• Search for restaurant suggestions based on your location and macro needs

Location data is only collected when you actively use these features and is not continuously tracked in the background.

Device Information

We automatically collect:

• Device type and operating system version
• App version
• Push notification tokens (if you enable notifications)

2. How We Use Your Information

We use the information we collect to:

• Personalize workout and nutrition recommendations
• Calculate macro targets based on your profile
• Track your fitness progress over time
• Sync your data with Apple Health
• Send push notifications (workout reminders, progress updates)
• Provide restaurant suggestions based on your location and dietary needs
• Power AI-driven fitness coaching and meal planning features
• Improve and optimize the app experience
• Communicate with you about your account or the service

3. Third-Party Services

We use the following third-party services to operate Morph:

• Supabase - Provides database storage and user authentication. Your data is stored securely on their infrastructure.
• OpenAI/Anthropic - Powers our AI features. Conversation data is sent to these services for processing to provide personalized recommendations.
• Sentry - Helps us track and fix errors. Only crash reports and technical data are collected; no personal information is shared.
• Expo - Handles push notification delivery.
• Google Places API - Enables restaurant search functionality. Your location is sent to Google when you use this feature.
• Apple HealthKit - Syncs health data. This data stays on your device unless you explicitly choose to sync it.

Each of these services has their own privacy policies that govern their use of your data.

4. Data Sharing

We do not sell your personal information. We may share your information only in the following circumstances:

• With third-party service providers as described above
• If required by law or to respond to legal process
• To protect our rights, privacy, safety, or property
• In connection with a merger, acquisition, or sale of assets (you would be notified)

5. Data Retention

• Account data is retained while your account is active
• If you delete your account, all associated data is permanently removed
• Cached data on your device is cleared periodically
• We may retain anonymized, aggregated data for analytics purposes

6. Your Rights

You have the right to:

• Access - Request a copy of the personal data we hold about you
• Export - Download your data in a portable format
• Delete - Delete your account and all associated data at any time
• Opt-out - Disable push notifications through your device settings
• Revoke permissions - Remove HealthKit or location access at any time through your device settings

To exercise any of these rights, please contact us at [email protected].

7. Data Security

We take the security of your data seriously:

• All data is transmitted over HTTPS encryption
• Passwords are hashed using industry-standard algorithms
• Authentication tokens are stored securely on your device
• Our database provider (Supabase) provides enterprise-grade security
• We regularly review and update our security practices

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

8. Children's Privacy

Morph is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete that information immediately. If you believe we may have collected information from a child under 13, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app or sending you an email. You are advised to review this Privacy Policy periodically for any changes. Your continued use of the app after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]