Privacy Policy

Last updated: March 24, 2026

This policy explains what data we collect, how we use it, and what rights you have. We have written it in plain language because your privacy should not require a law degree to understand. The short italic summaries at the start of each section are for convenience only and are not legally binding.

1. Who We Are

Morphemeris is the data controller for the information described in this policy.

Morphemeris is operated by Morphatic. For privacy-related inquiries, you can reach us at privacy@morphemeris.com.

2. What We Collect

We collect very little — just enough to run the service and process payments.

Category	Data	Source
Account	Email address, name (if provided)	Clerk sign-up
Authentication	API keys (stored hashed), session tokens	Clerk
Billing	Purchase history, credit balance (payment methods are stored by Stripe, not by us)	Stripe
Usage	API request logs: endpoint, timestamp, response status, latency	Cloudflare Workers
Network	IP address, user-agent string	Cloudflare, Vercel

Important:Morphemeris does not receive or store personal data from your end-users. The API receives coordinates and timestamps as input and returns astronomical calculations. No personal data from your application's users passes through our API.

3. How We Use Your Data

We use your data to run the service, process payments, and prevent abuse. That's it.

To provide and maintain the API service — account management, authentication, and delivering API responses.
To process payments and manage your credit balance.
To enforce rate limits and prevent abuse.
To communicate about the service — outage notifications, breaking changes, and billing issues.
To improve the service using aggregate, anonymized usage analytics.

We do not sell your personal data. We do not use your API request content for training models or any secondary purpose.

4. Legal Basis for Processing (GDPR)

We process your data because it's necessary to provide the service you asked for.

Contract performance: We process your account and billing data because it is necessary to deliver the service you signed up for.
Legitimate interest: Usage logs for security, abuse prevention, billing verification, and service improvement.
Legal obligation: We retain billing records as required by tax and accounting law.
Consent: Marketing emails, if any — you must opt in.

5. Data Sharing & Third-Party Processors

We share data only with the services that help us run Morphemeris.

Processor	Purpose	Data Shared
Clerk	Authentication	Email, name, session data
Stripe	Payment processing	Payment method, billing address, purchase history
Cloudflare	API hosting, CDN, DDoS protection	IP address, request metadata
Vercel	Web hosting	IP address, browser data
Convex	Database	Account data, usage records, credit balances

Each processor has its own privacy policy and data processing agreement. We do not share your data with anyone else.

6. Data Retention

We keep your data only as long as we need it.

Account data: Retained while your account is active. Deleted within 30 days of account deletion.
Billing records: Retained as required by tax law (typically 7 years).
API usage logs (detailed): Retained for 90 days, then aggregated into anonymized statistics.
IP addresses in security logs: Retained for 90 days.

8. Your Rights Under CCPA/CPRA

If you're in California, you have additional privacy rights.

If you are a California resident, you have the right to:

Know what personal information we collect and how we use it.
Delete your personal information.
Correct inaccurate personal information.
Opt out of the sale or sharing of personal information.

We do not sell or share personal information as defined by the CCPA.

We will not discriminate against you for exercising any of these rights. To make a request, email privacy@morphemeris.com.

9. Cookies & Tracking

We use essential cookies for authentication. The API itself uses no cookies.

The Morphemeris website uses cookies for authentication (Clerk session cookies) and basic analytics. These are essential to the operation of the site.

The API is stateless and does not use cookies — it authenticates via bearer tokens in the Authorization header.

You can manage cookie preferences in your browser settings. Disabling essential cookies may prevent you from signing in to your dashboard.

10. International Data Transfers

Our infrastructure is US-based. We use standard protections for international data.

Morphemeris and its sub-processors (Cloudflare, Vercel, Clerk, Stripe, Convex) are based in the United States. If you are located outside the US, your data will be transferred to and processed in the US.

For users in the EU/EEA, these transfers are supported by Standard Contractual Clauses (SCCs) or equivalent mechanisms maintained by each sub-processor.

11. Security

We take reasonable steps to protect your data.

We protect your data with encryption in transit (TLS for all connections), API key hashing, access controls, and infrastructure-level security provided by Cloudflare and Vercel.

In the event of a data breach affecting your personal data, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

12. Children's Privacy

Morphemeris is not intended for children.

Morphemeris is not directed at children under 16 (under 13 in jurisdictions governed by COPPA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

13. Changes to This Policy

We'll let you know if anything important changes.

We may update this policy from time to time. For minor changes, we will update the "Last updated" date at the top. For material changes that affect how we handle your data, we will notify you by email before the changes take effect.

14. Contact

Questions? Reach out.

If you have questions about this privacy policy or how we handle your data, contact us at privacy@morphemeris.com.