Privacy Policy

In plain language

Morfeo is built so we don't end up with your baby's data. Here is the short version of how that works:

The events you log in the app — sleep, feedings, diapers, notes, your baby's name and birth date — are stored on your device and synced to your own iCloud account, not to our servers. We never see them.
The weekly AI insight (Plus only) is generated from an anonymized summary of your data. No names, no birth dates, no identifiers leave your device.
A small amount of anonymous crash and error data is sent to a service called Sentry to help us fix bugs. You can turn this off in the app's settings.
All payments are handled by Apple. We do not see your card.

The full document below explains all of this in detail.

1. Who we are

The Morfeo iOS application and the website at getmorfeo.com (together, the "Service") are operated by RJL IT Consulting ("Morfeo," "we," "us," or "our"). You can reach us at hello@getmorfeo.com.

This Privacy Policy describes how we handle information in connection with the Service. It applies to everyone who uses Morfeo, regardless of country.

2. The Morfeo data architecture

Most apps you use copy your data into a database the company controls. Morfeo is built differently.

When you log a sleep session, a feeding, a diaper change, or a note, that record is saved on your iPhone first. From there, Apple's CloudKit framework syncs it to your private iCloud database, encrypted and stored under your Apple Account. The data never passes through any server we operate.

This means:

We cannot read your data.
We cannot list our users by name, email, or baby information.
If you lose access to your Apple Account, we cannot help you recover Morfeo data — only Apple can.
If you delete your data inside the app or remove the Morfeo container from iCloud, it is gone from our reach as well as yours.

The legal effect is that, for almost everything you do in the app, we are not the controller of your personal data — you are. Apple is the data processor under your Apple Account terms.

3. What we receive, and from whom

The list below is exhaustive for V1. If it is not on this list, we do not receive it.

3.1 From Apple — subscription information

When you start, change, or cancel a Morfeo Plus subscription in the App Store, Apple tells our app the status of your subscription so we can unlock features. This is handled through Apple's StoreKit 2.

We receive: subscription status (active / expired / in trial / refunded), product identifier, original transaction identifier, expiration date.

We do not receive: your name, email, payment card, billing address, or Apple ID.

3.2 From the AI insight proxy (Plus only)

When the app generates a weekly insight for a Plus subscriber, it sends a request to a proxy we run on Cloudflare Workers, which forwards an anonymized payload to Anthropic's Claude API (model: Claude Haiku 4.5, identifier claude-haiku-4-5-20251001).

The payload contains:

A structured summary of the last 14 days of activity (averages, counts, ranges) — never raw events, never timestamps that could re-identify a session.
The age of the baby in days (a number, e.g., 137).
Any active flags the app's local logic has identified (e.g., a flag for the 4-month sleep regression window).
The language you have set (en or es).
An anonymous identifier for your install — a salted hash of a per-install UUID generated on first launch. This identifier is not your Apple ID, not your email, and is not linked to any other identifier we hold.

The payload never contains your baby's name, your name, your email, your Apple ID, your device's IDFA, your IP address (beyond what Cloudflare needs to deliver the request), or the original logged events.

The anonymous identifier is used only for one purpose: to enforce a per-install weekly cap (3 requests/week) on the proxy, stored in Cloudflare KV with a 7-day rolling window. We do not build profiles from it.

Anthropic processes the payload to generate the response and, under its API terms, does not use it to train its models. The response is sent back to your device and stored in your iCloud (per §2 above). We do not retain the request or the response on our infrastructure beyond what is needed to compute the cap and to log a numeric error count for monitoring.

3.3 From the crash reporting service (Sentry)

We use Sentry to detect crashes and errors so we can fix them. Sentry runs in the iOS app and in the Cloudflare Worker, with strict privacy configuration:

Sentry's "default PII" mode is turned off.
Screenshots and view hierarchies are never attached.
Network breadcrumbs include URL paths but not request or response bodies.
A custom filter scrubs any field containing your baby's name, your name, email, or device identifiers before events leave the SDK.
Device class (e.g., "iPhone 15 Pro"), iOS version, app version, locale, and theme are sent so we can triage issues.
Anonymous Sentry-issued device IDs are used in place of any persistent identifier.

You can disable Sentry at any time by going to More → Preferences → Send crash reports in the app. When toggled off, the SDK is reinitialized as disabled and any queued events are discarded.

3.4 From product analytics

We use a privacy-respecting product analytics provider — TelemetryDeck or PostHog — to understand how Morfeo is used in aggregate. Analytics data is aggregated and does not include personal identifiers, baby names, or logged event content. Where applicable, IP addresses are anonymized at collection.

If we change analytics providers, we will update this Policy.

3.5 From the website

When you visit getmorfeo.com, our hosting provider (AWS Amplify) and our analytics provider (Plausible or equivalent) record standard request information — the page visited, an approximate region derived from your IP address, your device type, and the referring page. Plausible does not use cookies and does not build cross-site profiles.

4. What we use the information for

We use the limited information we receive to:

Provide the Service (unlock Plus features when you subscribe; generate weekly insights when requested).
Keep the Service working (detect and fix crashes; monitor the AI proxy for abuse).
Improve the Service (understand which features are used in aggregate).
Respond to your messages when you write to us.

We do not sell personal information. We do not use your data for advertising. We do not share your data with data brokers.

5. Legal bases for processing

Morfeo is a global service. The legal grounds on which we process the limited information described above depend on where you are:

If you are in the European Economic Area or the United Kingdom, we rely on (a) performance of a contract with you for subscription management and service delivery, (b) our legitimate interests for crash reporting, abuse prevention on the AI proxy, and aggregate analytics, and (c) your consent where it is the applicable basis (for example, where the crash reporting toggle is the basis).
If you are in the United States, including states with comprehensive privacy laws such as California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as they take effect, we process your information to deliver the Service you have requested, to keep it secure and working, and to comply with applicable law. We do not "sell" personal information and we do not engage in "targeted advertising" or "profiling" as those terms are defined under those laws.
If you are anywhere else, we process your information under whichever local law or doctrine is most protective — typically the equivalent of contract performance and legitimate interest.

Wherever you are, our processing is limited to what is described in this Policy.

6. How long we keep things

Subscription status: for as long as you have an Apple Account that has interacted with Morfeo Plus, plus the period required for tax and accounting purposes.
AI proxy cap data: the anonymous identifier and a count are kept in Cloudflare KV for a 7-day rolling window, then expire automatically.
Crash reports: retained by Sentry for the period set in our Sentry project (currently 90 days for events).
Analytics events: retained by our analytics provider for up to 24 months in aggregate form.
Email correspondence: kept for as long as needed to handle your request, then archived per our internal retention schedule.

The data you log in the app is governed by Apple's iCloud retention — it persists in your account until you delete it.

7. Your rights

Because almost everything you log lives in your iCloud account, you can exercise the most important right — deletion — entirely from your device, no matter where you are:

Delete all data in the app's More tab.
Remove the Morfeo container from Settings → [your name] → iCloud → Manage Account Storage on iOS.
Uninstall the app.

For the limited information we do receive (described in §3), you can write to hello@getmorfeo.com to ask what we hold (it will be a short list), ask us to delete it, ask us to correct anything we hold about you, object to or restrict our processing, or receive a portable copy.

The list above describes the universal floor. Some places give you additional, specific rights:

7.1 European Economic Area and United Kingdom

You have the rights of access, rectification, erasure, restriction, portability, and objection under the GDPR and UK GDPR. You also have the right to lodge a complaint with your local data protection authority.

7.2 California (United States)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have the right to know what personal information we collect, the right to delete it, the right to correct it, the right to a portable copy, and the right not to be discriminated against for exercising any of these rights.

You also have the right to opt out of the "sale" or "sharing" of personal information and the right to limit the use of "sensitive personal information." Morfeo does not sell or share your personal information under those definitions, and we do not use sensitive personal information for purposes that would require an opt-out.

To exercise any of these rights, write to hello@getmorfeo.com. We do not require you to create an account to make a request, and we will not discriminate against you for making one.

7.3 Other US states

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have rights similar to those described above, including rights of access, deletion, correction, and portability. To exercise any of them, write to hello@getmorfeo.com.

7.4 Colombia and other Latin American countries

If you are in Colombia, you have the rights of access, update, rectification, deletion, and revocation of consent under Ley 1581 de 2012 (Habeas Data) and may file a complaint with the Superintendencia de Industria y Comercio (SIC). Residents of other Latin American countries with their own data protection regimes (Brazil's LGPD, Argentina, Mexico, etc.) have the equivalent rights under those laws.

8. Children's data

Morfeo is designed for adults — parents, guardians, and caregivers — to track the well-being of an infant in their care. The data entered in the app is data about a baby, but the user of the app must be at least 18, or the age of majority where you live.

Because the data lives in your iCloud and not on our servers, we are not in possession of any information about a child. The information you enter is your responsibility as the child's parent or legal guardian.

Consistent with the Children's Online Privacy Protection Act (COPPA) in the United States, with Article 8 of the GDPR in Europe, with Ley 1581 de 2012 and Decreto 1377 de 2013 in Colombia, and with equivalent regimes elsewhere, we do not knowingly collect personal information from anyone under 13 (or 16 where applicable) directly. If you believe a minor has provided us with information through our website or contact email, please write to hello@getmorfeo.com and we will delete it.

9. Where data is processed

Morfeo is available worldwide. The third parties we rely on operate from the locations below:

Apple iCloud — your data lives in Apple's data centers in the region Apple assigns to your Apple Account. We do not control this.
Apple App Store — global, per Apple's privacy policy.
Cloudflare — the AI proxy runs at the edge node nearest you on Cloudflare's global network. Cap state is stored in Cloudflare KV.
Anthropic — Claude API requests are processed in the United States.
Sentry — events are stored in the United States.
Product analytics (TelemetryDeck or PostHog) — processed in the European Union or the United States, depending on the provider.
AWS Amplify — hosts the getmorfeo.com marketing site.

Where these arrangements involve transferring personal information of EEA or UK residents outside those regions, the relevant providers offer Standard Contractual Clauses or equivalent safeguards. Where they involve information of California or other US residents, processing is conducted under contracts that include the protections required by the applicable state law.

10. Security

We rely on Apple, Cloudflare, AWS, and Sentry for the security of the infrastructure they operate. Within Morfeo, the AI proxy never logs the contents of requests or responses, the Sentry SDK is configured with strict PII scrubbing, and the API key for the AI provider is stored as a Cloudflare Worker secret rather than in the app.

No system is perfectly secure. If we ever discover a breach affecting information we hold about you, we will notify you and the relevant authorities as required by law.

11. Changes to this Policy

We may update this Policy as the Service evolves. When we make material changes, we will post the updated version at getmorfeo.com/privacy and update the "Last updated" date above. If a change is significant, we will give reasonable notice through the app or by email where we have one.

12. Contact

If you have any question about this Policy, or if you would like to exercise any of the rights described above, please write to:

Email: hello@getmorfeo.com Operator: RJL IT Consulting Address: 1065 SW 8th St., PMB 5306, Miami, Florida 33130, USA

We try to answer within five business days.