Last updated: March 27, 2026
This Privacy Policy describes how BeMorphy ("we", "us", "our") collects, uses, and shares information when you use our website personalization service at bemorphy.com (the "Service"). By using the Service, you agree to the collection and use of information as described in this policy.
Account information. When you create an account, we collect your email address, name, and password. If you sign in with Google, we receive your name and email from Google.
Payment information. Payments are processed by Stripe. We do not store credit card numbers. Stripe provides us with a customer ID and subscription status.
Site data. When you add a website to BeMorphy, we store the domain name and configuration settings you provide.
Visitor page content. When the BeMorphy snippet runs on your website, it reads visible text elements (headings, paragraphs, buttons, links) on the page and sends them to our servers for AI-powered personalization. This is the core function of the Service.
UTM parameters. The snippet reads URL query parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) from the visitor's current page URL. These are advertising parameters you or your ad platform set — they do not contain personal data.
Engagement metrics. If enabled, the snippet collects anonymous engagement signals: CTA click text, scroll depth, time on page, and bounce status. These are tied to a random page-view ID, not to any personal identifier.
Technical data. We log standard HTTP request data (IP address, user agent, referrer) for security, rate limiting, and abuse prevention. We do not use this data for tracking or profiling visitors.
We share information with the following third-party services, solely to operate the Service:
We do not sell, rent, or share your data with advertisers, data brokers, or any other third parties.
BeMorphy processes data about visitors to websites where you install the snippet. You are the data controller for your visitors' data. We act as a data processor on your behalf. You are responsible for informing your visitors about the use of personalization tools on your site and for complying with applicable privacy laws (GDPR, CCPA, etc.).
We do not use visitor data for our own purposes beyond providing the Service to you. We do not build profiles of your visitors, track them across sites, or use their data for advertising.
The Morph snippet may set a single first-party cookie (morph_ab) on your visitors' browsers if A/B testing is enabled. This cookie stores only the test group assignment ("personalized" or "control") and is used solely to ensure visitors see a consistent experience. No personal data is stored in this cookie.
Our dashboard uses standard session cookies for authentication.
When you delete a site from your dashboard, all associated cached variants, metrics, and events are permanently deleted.
We use industry-standard security measures including HTTPS encryption in transit, row-level security on all database tables, nonce-based request validation, and rate limiting. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
You may access, update, or delete your account data at any time from the dashboard. To request complete data deletion, contact us at the email below. If you are in the EU/EEA, you have additional rights under GDPR including the right to data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority.
The Service is not directed to individuals under 18. We do not knowingly collect personal information from children.
We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the Service after changes constitutes acceptance.
For privacy-related inquiries, contact us at privacy@bemorphy.com.