Metamorfon Application — Processing of Personal Data
Effective: 20 June 2026
This section describes the personal data collected and processed in connection with the use of the Metamorfon desktop application and the associated authentication and subscription management services (Cloud API). It supplements the privacy policy of the metamorfon.com website.
Data collected by the application
Upon account creation and during use of the Service, the following data is collected and processed by the Publisher (see Legal notice) through its Cloud API hosted on IONOS servers located within the European Union:
| Data | Purpose | Legal basis | Retention period |
|---|---|---|---|
| Email address | Authentication, service communication | Performance of contract | Duration of subscription + 12 months |
| Password (hashed, not readable) | Account security | Performance of contract | Duration of subscription + 12 months |
| Stripe customer identifier | Subscription and billing management | Performance of contract | Duration of subscription + 12 months |
| Interface language | Service personalisation | Legitimate interest | Duration of subscription + 12 months |
| Application version and operating system | Technical support, compatibility | Legitimate interest | Duration of subscription + 12 months |
| Last login date | Security, inactivity detection | Legitimate interest | Duration of subscription + 12 months |
| Device identifier (UUID) | Limitation to 3 devices per account | Legitimate interest | Duration of subscription + 12 months |
All of this data is deleted no later than 12 months after termination of the subscription.
Automatic communications with the Cloud API
To ensure the proper operation of the Service, the application establishes two automatic communications with the Publisher’s Cloud API:
- Update check: at startup and periodically during the session, the application queries the server to verify the availability of a new version. This request transmits the installed application version and the operating system in use.
- Subscription validation: the application periodically verifies the validity of the current subscription by transmitting the account identifier and the device identifier (UUID).
These communications are strictly technical and necessary for the provision of the Service (legal basis: performance of contract). The data transmitted is that already listed in the table above; no additional information (session content, prompts, model responses, API keys, or behavioural data) is transmitted during these exchanges.
What the application does not collect
- The API keys of AI model providers (AI21, Anthropic, Cohere, DeepSeek, Google, Mistral, Moonshot, OpenAI, Qwen, xAI, etc.): they are entered by the user and stored exclusively locally on their device. They never transit through the Publisher’s servers.
- The content of sessions (prompts, AI model responses, exports): this data remains on the user’s device and is not transmitted to the Publisher.
- No web browsing data and no behavioural telemetry: the application is desktop software, it does not use cookies and does not integrate any behavioural analytics service, product telemetry, or automatic crash reporting.
Third-party artificial intelligence models
The application orchestrates calls to AI models from third-party providers using the user’s own API keys. These exchanges take place directly between the user’s device and the relevant AI provider, without intermediation by the Publisher. Each provider is responsible for its own data processing. Users are invited to consult the privacy policies of these providers.
In certain orchestration modes, the application may use the response of one AI model as input context for the request to another model. This processing takes place transiently in the working memory of the user’s device and is not stored by the Publisher. Some AI model providers process data on servers located outside the European Union, in particular in the United States. These transfers are governed by the Standard Contractual Clauses (SCCs) or adequacy decisions applicable to each provider. Users are invited to consult the privacy policies of these providers to learn about the applicable terms.
Payment provider: Stripe
The management of subscriptions and payments is provided by Stripe, Inc. (185 Berry Street, San Francisco, CA 94107, United States), which is PCI-DSS certified. Stripe collects and processes payment data according to its own privacy policy, available at: https://stripe.com/privacy.
The Publisher does not have access to the user’s banking data. Only a Stripe customer identifier (stripe_customer_id) is retained on the Cloud API side to link the subscription to the account.
Hosting subprocessor
The data collected by the Cloud API is hosted by IONOS SE (7 Place de la Gare, 57200 Sarreguemines, France), whose servers are located within the European Union. IONOS acts as a subprocessor within the meaning of the GDPR.
Data security
The Publisher implements technical and organisational measures intended to guarantee a level of security appropriate to the risks associated with processing:
- Encryption in transit: all communications between the application and the Cloud API are encrypted via TLS 1.2 or higher.
- Password hashing: passwords are never stored in clear text. They are hashed using the bcrypt algorithm with a unique cryptographic salt generated for each user, making their reconstruction technically infeasible.
- Encryption at rest: sensitive data stored by the Cloud API is encrypted at rest on the host’s servers.
- Restricted access: access to servers and databases is strictly limited to authorised persons and is logged.
- Token-based authentication: account access is protected by a temporary, renewable authentication token (JWT), distinct from the password.
- Brute-force protection: requests to sensitive endpoints (authentication, password reset) are subject to rate limiting.
Backups: regular backups are performed and retained within the European Union, subject to the same protective measures as the primary data.
Use by minors
The Metamorfon application is not intended for persons under 16 years of age. The Publisher does not knowingly collect personal data concerning minors in this age range. If you are a parent or legal guardian and find that a minor under 16 has provided us with personal data, please contact us at contact@metamorfon.com so that we can delete this data and the associated account.
Data protection contact
For any question regarding the processing of your personal data or the exercise of your rights, you can contact the Publisher’s dedicated contact point at: contact@metamorfon.com.
Your rights
In accordance with the General Data Protection Regulation (GDPR — EU 2016/679), you have the following rights regarding your data processed in connection with the application:
- Right of access: obtain a copy of the data concerning you
- Right to rectification: correct inaccurate data
- Right to erasure: request the deletion of your account and your data
- Right to data portability: receive your data in a structured format
- Right to object: object to processing based on legitimate interest
To exercise these rights, send your request to: contact@metamorfon.com.
In case of an unresolved complaint, you may lodge a complaint with a competent supervisory authority. As the Publisher is established in France, the lead supervisory authority is the French data protection authority CNIL (Commission Nationale de l’Informatique et des Libertés — www.cnil.fr). In accordance with Article 77 of the GDPR, you may also lodge a complaint with the supervisory authority of the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.
Notification of data breaches
In accordance with Articles 33 and 34 of the GDPR, in the event of a personal data breach likely to result in a risk to your rights and freedoms, the Publisher undertakes to inform you without undue delay, by email to the address associated with your account and/or by notification within the application. Where required by regulation, notification is also sent to the lead supervisory authority (CNIL) within 72 hours of becoming aware of the breach.
Changes to this privacy policy
The Publisher reserves the right to modify this privacy policy to reflect changes to the Service, the applicable legal framework, or best practices in data protection. The effective date of each version appears at the top of this document.
In case of substantial modification (notably the addition of a new processing purpose, a new category of recipients, or a change to retention periods), you will be informed at least 30 days before the changes take effect, by email to the address associated with your account and by notification within the application. Your continued use of the Service after the effective date will constitute acceptance of the new version. Failing that, you have the option to terminate your subscription free of charge.