Last updated: September 29, 2025
MorphCast Inc. (“MorphCast“, “we“, “us“, “our“) is a Delaware corporation headquartered at 835 Fifth Avenue, San Rafael, California 94901, USA. We develop Emotion AI software, developer tools and interactive-media platforms delivered through our websites, mobile/desktop apps, APIs and other online services (collectively, the “Services“).
This Policy explains how we collect, use, disclose and protect personal information when you interact with our Services and outlines the choices and rights available to you under the California Consumer Privacy Act (CCPA/CPRA) and other applicable U.S. state or federal privacy laws, as well as the privacy regulations of any non-U.S. jurisdictions in which we actively make the Services available.
Supplemental Policies — Each product or feature listed below has its own privacy notice (and, where required, data-processing addendum — DPA). Those documents prevail over this Policy in case of conflict.
- MorphCast For Zoom – Emotion AI applied to Zoom conferences (available on Zoom App Marketplace): Privacy Policy.
- MorphCast Emotion AI Video Conference – Emotion AI applied to Video conferences and webinars: Privacy Policy.
- Emotion AI JS Engine (SDK) – Our Emotion AI Processing In Browser Engine: Privacy Policy.
- Ready To Use Web Apps Keeping data locally: Privacy Policy – Cookie Policy.
- MorphCast for ChatGPT: Privacy Policy
- AI Interactive Media Platform – MorphCast Studio to create interactive videos driven by viewers’ emotions, Avatars and LLM integration. (available on the Apple store and Microsoft store): Privacy Policy.
- Emotion AI Media Player – the web media player that plays interactive media created with MorphCast Studio: Privacy Policy.
- MyMoodScan – your personal mood scan: Privacy Policy.
- User Dashboard – The Users Dashboard available by sign-in menu item: Privacy Policy.
- Website – Privacy & Cookie Policy
- Contact form Privacy Policy
- Feedback and Abuse report form: Privacy Policy
· Scope & Applicability
This Policy applies to all personal information processed by MorphCast in connection with the Services unless a Supplemental Policy states otherwise. Where a Supplemental Policy covers a specific product or feature, it supersedes this Policy for that product or feature.
Territorial Exclusion — We do not currently offer our services in certain jurisdictions. For the up-to-date list and rationale, please see https://www.morphcast.com/legal-territorial-exclusion/.
· Roles & Controller/Processor Status
- Business (CCPA/CPRA): MorphCast Inc. acts as a Business for personal information related to our website, CRM, user accounts, billing, and direct customer communications.
- Service Provider / Processor: For products, SDKs, and integrations where our customers (e.g., enterprises, developers) decide the means and purposes of processing, MorphCast acts as a Service Provider/Processor and processes data solely under the customer’s instructions and DPA.
MorphCast does not maintain designated representatives in the excluded jurisdictions listed above.
· Categories of Personal Information We Collect
| Category | Examples | Source | Retention (default) |
|---|---|---|---|
| Identity & Contact | name, email, role, company | provided by you via registration, contact or feedback forms | account life + 6 months |
| Usage / Device Data | IP address, browser type, pages viewed, API calls, event logs | automated via cookies, SDKs, server logs | raw ≤ 12 months; aggregated/anonymous ≤ 12 months |
| Content Data | images, video, audio, text processed by our Emotion AI tools | supplied by you or your end users | on-device by default; not uploaded to MorphCast. If you explicitly upload/store in your account, we retain per your settings or until deletion. |
| Support Data | messages, attachments, screenshots | provided by you in support tickets | 24 months |
| Blocked Service Logs | timestamp, IP, country | provided by AWS CloudFront | 30 days |
Retention note. The periods shown in this table are default maximums for website/CRM and general service logs. Product-specific Supplemental Policies may set different retention for product telemetry or aggregated analytics (for example, Studio/Media Player viewer analytics retained up to 36 months). Where a Supplemental Policy specifies a different period, that Supplemental Policy controls for that product.
We do not intentionally collect sensitive personal information (as defined by the CPRA). If you or your end users include such data within Content Data, it is processed on-device and, when we act as Service Provider/Processor, strictly under your instructions.
By default, emotional analytics are aggregated and anonymous by design (ABD) and therefore fall outside the personal information categories listed below.
Important — Our products are designed for edge/on-device processing. MorphCast does not receive or store face images, audio streams, or biometric identifiers from product use, unless you deliberately upload content to your account or enable a cloud feature described in a Supplemental Policy.
· Purposes for Processing & CPRA Business Purposes
| Purpose | CPRA Business Purpose | Examples |
|---|---|---|
| Provide, operate & maintain the Services | Perform services | user authentication, billing, delivering apps & APIs |
| Improve & develop new features | Debug, research & development | usage analytics with aggregated/anonymous data, quality monitoring |
| Customer support & communications | Provide support | tickets, bug reports, abuse complaints |
| Security & fraud prevention | Detect security incidents | log analysis, rate limiting, anti-spam |
| Legal compliance | Comply with law | tax, accounting, export controls, AI-related and privacy regulations |
| Marketing emails & updates | Advertising (with opt-in consent) | Only for website/CRM data (e.g., newsletters, product updates). Not applied to Product Content Data. |
MorphCast does not “sell” or “share” personal information as those terms are defined by the CPRA.
· Additional Compliance
This Policy is designed to comply with the California Consumer Privacy Act and the California Privacy Rights Act (CCPA/CPRA) and, in Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA). For other comprehensive U.S. state privacy laws that are materially similar to the CPRA, our practices and user-rights workflows are aligned and we make equivalent choices available, to the extent applicable to MorphCast in its role as Service Provider/Processor.
Because requirements may differ by jurisdiction (e.g., consent for certain sensitive categories, universal opt-out signals, or appeal mechanisms), Business customers are responsible for identifying any stricter or additional local obligations in the places where they operate and for instructing MorphCast accordingly; we will reasonably support such compliance through our Product configuration and our DPA.
Territorial availability. This Product is not available in all jurisdictions. For the up-to-date list of jurisdictions we do not serve and the rationale, please see https://www.morphcast.com/legal-territorial-exclusion/.
· Data Retention
We keep personal information only as long as necessary for the purposes described above or as required by law. The standard periods are listed in the Categories of Personal Information table above. Where a Supplemental Policy specifies different retention (e.g., for product-specific telemetry or aggregated statistics), such Supplemental Policy governs for that product.
· Territorial Availability / International Transfers
MorphCast Services are not available in all jurisdictions. In particular, MorphCast does not offer Services in the EU/EEA or in the People’s Republic of China, as set out in our Territorial Exclusion Policy.
This Policy is designed to comply with applicable U.S. privacy laws (including the CPRA) and, where relevant, Canadian privacy laws (including PIPEDA). Business customers operating in other jurisdictions are responsible for identifying any stricter or additional local obligations and for instructing MorphCast accordingly; we will reasonably support such compliance through our Product configuration and our commitments under this Policy and our DPA.
· Cookies & Similar Technologies
We use strictly necessary cookies and local storage items where needed to ensure the proper functioning and security of our core Services.
- No advertising cookies are used by our core products.
- Website-level cookies, consent management, and any analytics cookies (if present) are governed by the separate Website Privacy & Cookie Policy.
- Third-party cookies may appear only when you explicitly activate optional features (e.g., language translation, Single Sign-On, or portal access protected by reCAPTCHA). Where required by law, we obtain your consent before setting such cookies.
- Our security providers may place temporary cookies or use similar technologies (e.g., bot-management) to protect the Services from automated or malicious traffic.
· Security Measures
MorphCast maintains industry-standard technical and organizational measures to protect personal information that we host, including:
- TLS encryption in transit;
- encryption at rest (AES-256) for stored account/CRM data and backups;
- segmented production network with least-privilege access controls;
- regular penetration testing and vulnerability scanning;
- incident-response procedures and breach notification protocols.
These measures apply to personal information we host. Product Content Data is processed on-device by default and therefore is not stored by MorphCast unless you explicitly upload it to your account.
· Your Privacy Rights
California Residents (CPRA)
If you reside in California you may: access/know, delete, correct, and limit the use/disclosure of sensitive personal information (not applicable because we do not use or disclose sensitive PI for purposes that trigger the right to limit).
No Opt-Out Needed: MorphCast does not sell or share personal information as defined by the CPRA.
Residents of Other U.S. States
Depending on your state’s law (e.g., Virginia, Colorado, Connecticut, Utah, and others), you may have rights similar to California’s, including access/know, delete, correct, portability, and, where applicable, the right to opt out of targeted advertising, sale, or certain profiling.
Canada (PIPEDA and applicable provincial laws)
Canadian residents may request access to and correction of personal information, subject to applicable exceptions. You may also contact the Office of the Privacy Commissioner of Canada or your provincial privacy commissioner regarding unresolved concerns.
How to Exercise Your Rights
Submit a request using the methods listed in the Contact Us section below. We will verify your identity and respond within 45 days, or any shorter period required by applicable law (Canadian requests will be handled within the timelines set by Canadian law).
Territorial Exclusion (Reference)
As noted at the beginning of this policy, we do not currently offer our services in certain jurisdictions. For the up-to-date list and rationale, please see: https://www.morphcast.com/legal-territorial-exclusion/.
· Children’s Privacy
Our Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please submit a request using the methods listed in the Contact Us section below and we will promptly take steps to delete the information.
By default, our emotion AI runs on-device (in the user’s browser/app). Face images/video and biometric identifiers are not transmitted to MorphCast servers for analysis. We do not sell or share minors’ personal information for cross-context behavioral advertising.
Where local law sets a specific age of consent for online services (typically 13–16), we apply the applicable threshold in that jurisdiction. If an organization enables account-based or optional cloud features for users who are minors and those features involve transferring personal information to our systems, that organization is responsible for obtaining verifiable parental consent and providing any required notices. In such cases, MorphCast processes the data as a Service Provider/Processor under our DPA and only on documented instructions.
If we learn that we have collected personal information from a child without the required consent, we will delete or de-identify that information and, if applicable, disable the relevant account or feature.
· Contact Us
Email: privacy@morphcast.com
Postal: MorphCast Inc., 835 Fifth Avenue, San Rafael, CA 94901, USA
We aim to respond within 45 days (CPRA) or within any shorter period required by applicable law.
· Changes to This Policy
We may update this Policy from time to time. Material changes will be announced via a prominent notice on our website or by email where appropriate. The “Last update” date at the top indicates when revisions became effective.