Metamorfon Application — Personal Data Processing

This page describes the personal data collected and processed in connection with the use of the Metamorfon desktop application and its associated authentication and subscription management services (Cloud API). It supplements the privacy policy for the metamorfon.com website.

Data Collected by the Application

When creating an account and using the Service, the following data is collected and processed by the publisher via its Cloud API, hosted on IONOS servers located within the European Union:

Data Purpose Legal Basis Retention Period
Email address
Authentication, service communications
Performance of contract
Subscription period + 12 months
Password (hashed, not readable)
Account security
Performance of contract
Subscription period + 12 months
Stripe customer identifier
Subscription and billing management
Performance of contract
Subscription period + 12 months
Interface language
Service personalization
Legitimate interest
Subscription period + 12 months
Application version and operating system
Technical support, compatibility
Legitimate interest
Subscription period + 12 months
Last login date
Security, inactivity detection
Legitimate interest
Subscription period + 12 months
Device identifier (UUID)
Enforcement of 3-device limit per account
Legitimate interest
Subscription period + 12 months

All data is deleted no later than 12 months after subscription cancellation.

What the Application Does Not Collect

  • AI provider API keys (OpenAI, Anthropic, Google, Mistral, etc.): these are entered by the user and stored locally on their device only. They are never transmitted to the publisher’s servers.
  • Session content (prompts, AI model responses, exports): this data remains on the user’s device and is not transmitted to the publisher.
  • No browsing data: Metamorfon is a desktop application. It does not use cookies and does not collect any web browsing data.

Third-Party Artificial Intelligence Models

The application orchestrates calls to AI models from third-party providers (OpenAI, Anthropic, Google, Mistral, Deepseek, xAI, Cohere, etc.) using the user’s own API keys. These exchanges occur directly between the user’s device and the relevant AI provider, without any involvement from the publisher’s servers. Each provider is responsible for its own data processing. Users are encouraged to consult the privacy policies of these providers.

Payment Processor: Stripe

Subscription and payment management is handled by Stripe, Inc. (185 Berry Street, San Francisco, CA 94107, United States), a PCI-DSS certified payment processor. Stripe collects and processes payment data in accordance with its own privacy policy, available at: https://stripe.com/privacy.

The publisher does not have access to the user’s banking or card details. Only a Stripe customer identifier (stripe_customer_id) is stored on the Cloud API side to link the subscription to the account.

Hosting Sub-Processor

Data collected by the Cloud API is hosted by IONOS SE (7 Place de la Gare, 57200 Sarreguemines, France), with servers located within the European Union. IONOS acts as a data processor within the meaning of the GDPR.

Your Rights

Under the General Data Protection Regulation (GDPR — EU 2016/679), you have the following rights regarding data processed in connection with the application:

  • Right of access: obtain a copy of the data held about you
  • Right to rectification: correct inaccurate data
  • Right to erasure: request deletion of your account and associated data
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interest

To exercise these rights, please send your request to: contact@metamorfon.com

If your request is not resolved to your satisfaction, you may lodge a complaint with your national data protection authority. In France: Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr. In other EU member states, please contact your local supervisory authority.