Skip to main content

Privacy Policy

Last Updated: March 2026

1. Introduction

This Privacy Policy describes how Morpheus ("the Software") handles your data. Morpheus is a mobile-to-machine AI agent control application.

The short version: Morpheus uses a local-first architecture — most data stays on your devices. However, certain features rely on cloud services (authentication, sync, subscriptions, AI processing, voice, and remote access) that involve data being transmitted to or stored on third-party servers. This policy explains exactly what goes where.

2. Data Stored Locally

Morpheus stores the following data on your devices:

Device and Pairing Information

  • Device names you assign to paired devices
  • ECDH public keys for end-to-end encryption
  • Connection URLs (local network addresses or Cloudflare tunnel URLs)
  • Temporary pairing codes

Command and Session Data

  • Command history sent from mobile to the Morpheus Agent
  • AI agent responses and outputs
  • Session metadata (timestamps, identifiers, connection status)

User Preferences

  • Application settings (theme, voice mode, layout, Claude model selection)
  • Connection preferences (auto-connect, default mode)
  • Permission profiles and watcher configurations

Long-Term Memory (Desktop Agent)

  • Personal preferences, conversation summaries, goals, and behavioral patterns in a local SQLite database
  • This data is stored locally and never transmitted to any server
  • You can delete it at any time by removing the database from the Morpheus data directory

Local Analytics (Mobile)

  • Command counts, duration, model/token usage for the in-app analytics dashboard
  • Stored only on your device — never sent externally

3. Data Stored in the Cloud

Morpheus uses Supabase (a hosted PostgreSQL service) for server-side features:

  • Anonymous accounts: A unique user ID and session (no email or personal info required)
  • Sync (optional): Settings, recent command history (last 100), and sound preferences
  • Token balance: Usage tracking for the managed Claude API proxy
  • Transaction ledger: Token purchases, usage, and refunds

All Supabase data is protected by row-level security — each user can only access their own data. Device pairings, encryption keys, and long-term memory are never synced.

4. What Is NOT Collected

  • No behavioral analytics sent externally (local analytics stay on-device)
  • No advertising data: No ad tracking, fingerprinting, or marketing identifiers
  • No location data: No GPS, IP geolocation, or location tracking
  • No contacts or browsing history

4a. Error Reporting

Sentry captures anonymous crash reports (stack traces only — no personal data, commands, or AI responses).

4b. Telemetry (Desktop, Optional)

The desktop agent can optionally send performance telemetry (traces, metrics, logs) to Grafana Cloud via OpenTelemetry. This does not include command content, AI responses, or personal data. Can be disabled in configuration.

5. Local Storage Locations

  • Agent (macOS): ~/Library/Application Support/Morpheus/
  • Agent (Windows): %APPDATA%/Morpheus/
  • Agent (Linux/Server): ~/.config/Morpheus/
  • Mobile (iOS): Keychain for keys, app container for settings
  • Mobile (Android): Keystore for keys, app storage for settings

Delete local data at any time by uninstalling the application or clearing app data. For server-side data, contact us for deletion.

6. Encryption

  • Key Exchange: Elliptic Curve Diffie-Hellman (ECDH)
  • Message Encryption: TweetNaCl (XSalsa20-Poly1305) with unique nonces per message
  • Scope: All command/response payloads, screenshots, and control messages between devices
  • Key Storage: Platform-specific secure storage (Keychain, Keystore, safeStorage)

7. Remote Access (Cloudflare Tunnels)

When remote access is active:

  • Encrypted WebSocket traffic passes through Cloudflare's infrastructure
  • Cloudflare can see connection metadata (IPs, timestamps) but not encrypted content
  • Tunnels are temporary and on-demand — no persistent infrastructure
  • See Cloudflare's Privacy Policy

8. Voice Data

Voice mode is opt-in and disabled by default. When enabled:

  • Speech is transcribed on-device using the platform's native speech recognition engine — no audio sent externally
  • Text-to-speech responses are generated via ElevenLabs, proxied through Supabase Edge Functions
  • ElevenLabs receives the text of AI responses for voice synthesis
  • Generated audio is played and auto-deleted — no audio permanently stored
  • See ElevenLabs' Privacy Policy

9. Screenshots (Desktop)

When requested, the desktop agent captures your screen and sends it to your mobile device over the encrypted connection. Screenshots are not sent to external servers unless explicitly included in AI command context.

10. Notification Bridge (Android, Optional)

Captures notifications from apps you specify via allowlist/blocklist. Data is forwarded only to your paired desktop over the encrypted connection — never to any cloud service.

11. Watchers (Desktop, Optional)

Optional monitoring features requiring your explicit OAuth consent:

  • Email/Calendar (Google): Read-only access to emails and events
  • Slack: Channel monitoring with your granted scopes
  • File/Process/System: Local monitoring only, no external data sharing

All watcher data goes only to your paired mobile device. OAuth tokens stored in the encrypted credential vault.

12. Third-Party Services

  • Anthropic (Claude) — AI processing. Instructions and context sent. (Privacy)
  • Supabase — Auth, sync, tokens. Anonymous user data stored. (Privacy)
  • ElevenLabs — Voice TTS (optional). Response text sent. (Privacy)
  • RevenueCat — Subscriptions. Customer ID and purchase events. (Privacy)
  • Cloudflare — Remote access (optional). Encrypted traffic routed. (Privacy)
  • Sentry — Crash reporting. Technical data only. (Privacy)
  • Grafana Cloud — Telemetry (optional, desktop). Performance data only. (Privacy)
  • Google — Email/calendar watchers (optional). Read-only API access. (Privacy)
  • Slack — Slack watcher (optional). Channel monitoring. (Privacy)

Anthropic and Supabase are contacted during normal app operation. All other services only when you enable the feature.

13. Data Retention

  • Local data retained until you delete it; long-term memory persists with confidence decay
  • Cloud data (Supabase) retained while your account exists; contact us for deletion
  • Third-party retention governed by each service's own policies

14. International Users (GDPR)

If you are in the EEA, UK, or Switzerland:

  • Lawful basis: Legitimate interest (local data, sync), consent (optional features), contract (subscriptions)
  • Your rights: Access, rectification, erasure, restriction, portability, objection — local data directly on your device, cloud data via contacting us
  • Data transfers: AI data to Anthropic (US); voice text to ElevenLabs; sync to Supabase; metadata via Cloudflare

15. California Users (CCPA)

  • Morpheus does not sell personal information
  • Delete local data by uninstalling; contact us for cloud data
  • No discrimination for exercising privacy rights

16. Children's Privacy

Morpheus is not designed for children under 13. We do not knowingly collect data from children.

17. Security

  • End-to-end encryption (ECDH + TweetNaCl)
  • Pairing codes for secure device authentication
  • Encrypted credential vault for API keys and OAuth tokens
  • Row-level security on all server-side data
  • Risk classification of AI commands with approval prompts for high-risk operations

18. Changes to This Policy

Changes will be indicated by updating the "Last Updated" date. Significant changes will also be noted in release notes.

19. Contact

For questions about this Privacy Policy: team@getmorphe.us

Website: getmorphe.us