Morph Privacy Policy
Last Updated: June 19th, 2026
Introduction
At Morph Organisation Limited (company code 415586) ("Morph," "we," "our," or "us") we prioritize the security and pseudonymity of our users. This Privacy Policy (the "Policy") is designed to ensure you are duly informed regarding the limited manner in which we collect, use, and process personal data across our website (https://morph.network/) (the "Site"), application programming interface ("API"), mobile applications and related software (collectively, the "Services").
By accessing or interacting with our Services, you acknowledge that you have been provided with this Policy and understand our data practices. If you do not agree with the terms described herein, you should discontinue your use of our Services immediately.
If you provide us with personal data regarding other individuals in connection with our Services, you are responsible for ensuring they have been informed of this Policy prior to the disclosure of their information to us.
This Policy explains the limited data that may be processed when you use our Services. It should be read alongside our Terms of Use. In the event of a conflict between this Policy and any other legal document regarding the technical processing of data, the terms of this Policy shall prevail.
Data Processing Principles
Morph adheres to the principles of Lawfulness, Fairness, and Transparency. We practice Data Minimization, ensuring we collect only the absolute minimum information required to provide the Services. Our Services are designed to prioritize user privacy, allowing interactions without the need for traditional identity verification, except where specific products (e.g., Morph Payments) require compliance with global regulatory standards.
How We Use Your Information
We use your information for the following purposes:
-
Service Provision: Providing, maintaining, and improving our Site and products, and managing our business as described in our Terms of Use.
-
Transaction Processing: Facilitating payments and sending related information such as receipts, invoices, and order confirmations.
-
Administrative Communications: Sending technical notices, security alerts, support messages, and administrative updates regarding your account or transactions.
-
Dedicated Customer Support: Investigating and addressing user concerns, troubleshooting technical issues, and resolving wallet connection errors.
-
Personalization: Enhancing your user experience by personalizing our Services based on your preferences and interactions.
-
Security & Integrity: Ensuring the safety of our Services, preventing fraud, protecting against unauthorized or illegal activities, and enforcing our agreements with third parties.
-
Compliance & Law Enforcement: Fulfilling legal obligations, including AML/CTF verification, and responding to valid requests from regulators, government entities, or official inquiries.
-
Product Development: Conducting data analysis and testing to better understand user behavior, develop new features, and facilitate payment solutions.
-
Marketing: Communicating with you about our offerings, promotions, surveys and events via email or app notifications.
Information We Collect
We collect and process the following categories of data:
A. Information Collected Directly
-
Wallet Information: Your public digital-asset address provided when you connect your non-custodial wallet.
-
Morph Payments Account Data: For business users, we collect account registration details, including institutional or natural person identifiers.
-
Support and Communication Data: Content of communications, including name, email address, telephone number, and technical logs associated with your inquiry.
B. Information Collected Automatically
-
Digital and Network Identifiers: IP addresses, operating system, and browser specifications. We log network addresses (IP) and exact timestamps of visits.
-
Platform Engagement Data: Metrics on your activity, including pages accessed and hyperlinks engaged with.
-
Geographic Data: IP-derived location details used strictly for fraud prevention and compliance with regional sanctions.
-
Automated Tracking Tools: Cookies and web beacons used to maintain sessions and ensure security against bot activity. For more information, please check our Cookie Policy.
C. Information Collected from External Sources
-
Third-Party Wallets: Connection details shared when you link a wallet (e.g., Bitget Wallet) to the Interface.
-
Identity Verification (KYC/KYB): For Morph Payments, we collaborate with KYC verification service providers. We do not process raw identification documents, we receive only a verification status via API callback.
-
Social Media & Analytics: Publicly available data from your profiles (e.g., X, Telegram) and blockchain analytics for security monitoring.
D. Information Collected from the Blockchain
- On-Chain Records: Publicly available metadata retrieved from the ledger, including transaction hashes and gas fees. Notice: This data is immutable and cannot be deleted or altered.
Legal Basis for Processing
In accordance with global data protection standards, we process your personal data only when we have a valid legal basis to do so. These bases include:
-
Contractual Necessity: We process data (such as Wallet Information and Account Data) to perform our obligations under our Terms of Use, facilitating your connection to the blockchain and providing the Morph Payments console.
-
Compliance with Legal Obligations: We process data (such as KYC status and IP addresses) to fulfill our statutory duties, including Anti-Money Laundering (AML) laws, Counter-Terrorism Financing (CTF) regulations, and "Travel Rule" requirements.
-
Legitimate Interests: We process technical metadata and engagement data to pursue our legitimate business interests, provided they do not override your rights. These interests include:
-
Ensuring the security and integrity of the Interface (preventing DDoS/fraud).
-
Analyzing aggregate usage patterns to improve technical performance.
-
-
Consent: We rely on your freely given, specific, and informed consent for specific activities, such as sending marketing newsletters. You have the right to withdraw this consent at any time.
-
Public Interest: In limited cases, we may process data to assist in the prevention of financial crimes or comply with international sanctions.
Data Recipients
We may share your Personal Data with third parties (including other Morph entities) if we believe that sharing is in accordance with, or required by, any contractual relationship with you, applicable law, regulation, or legal process. When sharing your Personal Data within our corporate group, we use our best endeavors to ensure such entities follow practices at least as protective as those described in this Policy.
Data recipients include:
-
Morph Entities and Affiliates: Related companies within our corporate group to coordinate technical delivery, maintenance, and compliance functions.
-
Operational Service Providers: Specialized vendors facilitating our technology infrastructure, hosting, and business operations.
-
Security and Compliance Partners: Providers performing identity verification, geo-blocking, or monitoring for illicit activity.
-
Regulatory and Judicial Authorities: To comply with mandatory requirements, "Travel Rules," or valid legal orders from public authorities.
-
Professional Advisors: Accountants, auditors, legal counsels, and blockchain forensic services to satisfy legal and regulatory obligations.
-
Public Blockchains: Transaction metadata broadcasted to the network as a fundamental requirement for executing smart contracts.
-
Business Successors: Third parties involved in a merger, acquisition, or asset sale, subject to standard confidentiality protections.
International Data Transfers
To provide the Services, we may transfer, store, and process your personal information in jurisdictions outside of your country of residence. Because our infrastructure is distributed, your data may be processed in countries where data protection laws differ from those in your home jurisdiction.
To ensure your information remains protected, we rely on the following safeguards:
-
Standard Contractual Clauses: Where required by global data protection laws, we implement cross-border data transfer agreements with our service providers. These contracts mandate that recipients apply high standards of security and confidentiality to your data.
-
Contractual Necessity: Many transfers are strictly required to perform our obligations under our Terms of Use, including the transfer of technical data necessary to facilitate your interaction with the blockchain and the connection of your non-custodial wallet.
-
Intra-Group Data Sharing: For transfers within our corporate group (including other Morph entities), we utilize internal arrangements to ensure a consistent level of privacy and security across our global operations.
-
Technical and Organizational Safeguards: Regardless of the destination, we require all international recipients to implement rigorous technical measures—such as encryption of data in transit and at rest—to prevent unauthorized access.
Acknowledgement of the Nature of the Blockchain: You are duly informed that Morph is a blockchain-based network. By its nature, any data broadcast to the blockchain (such as your wallet address and transaction history) is distributed globally across a network of nodes and is accessible in every jurisdiction. By using the Services, you acknowledge and agree to this inherent cross-border processing.
Automated Decision-Making
To ensure the long-term scalability, security, and efficiency of our platform, Morph may employ automated processing techniques, including profiling. While these systems help us manage the Services effectively, they are designed with your privacy in mind. These activities may include:
-
Security Monitoring and Risk Assessment: We may utilize automated algorithms to evaluate network identifiers and on-chain transaction behavior which helps us proactively safeguard our Services.
-
Segmented Communications and Personalization: We may perform analysis on your interaction with our Services and public blockchain data to group users into segments. This allows us to provide a more relevant experience by delivering localized content, tailored updates, and promotional news that align with your specific interests and usage patterns.
-
Infrastructural and Service Enhancements: We may use automated tools to assess aggregate, de-identified user data. This analysis helps us understand which features are most valuable to our users, allowing us to prioritize technical updates and optimize our overall system architecture.
Your Rights Regarding Automated Processing:
The use of these automated tools is grounded in our legitimate interest in maintaining a secure ecosystem and is often necessary for the fulfillment of our contractual obligations to you.
You maintain the right to object to any profiling conducted for direct marketing purposes at any time. Furthermore, if an automated decision results in a legal effect or significantly impacts your ability to access our Services (such as an automated restriction of a wallet address), you have the right to request a manual review of the decision by our team. Please contact us at [email protected] to exercise this right.
Security
We design our systems with your security and privacy in mind, maintaining robust physical, electronic, and procedural safeguards to prevent your information from being accidentally lost, altered, disclosed, or accessed in an unauthorized way. We work to protect your personal data during transmission and while stored by utilizing industry-standard encryption protocols and software. Access to your data is strictly limited to those employees, agents, contractors, and other third parties who have a legitimate "need-to-know" to facilitate our business operations. As part of our security procedures, we may require you to verify your identity to protect against unauthorized account access.
User Responsibility: Security is a shared responsibility. We recommend using unique passwords and signing off when using shared devices. You remain solely responsible for the protection of your private keys and recovery phrases. Morph has no access to these credentials and cannot recover assets if your non-custodial wallet is compromised.
Third-Party Interactions (Links and SDKs)
Our Services may contain links to external websites, services, or mobile applications. Additionally, our mobile applications utilize Software Development Kits (SDKs) provided by our technical and business partners to enable essential features, such as wallet connectivity, security monitoring, and analytics.
-
Third-Party Control: Morph does not exercise control over these external entities. These interactions may involve the third-party partner collecting technical information directly from your device or browser.
-
Privacy Practices: Morph is not responsible for the privacy practices, security, or content of these third-party sites or services. We strongly encourage you to review the privacy policies of any third-party service or website you visit or interact while using our Services.
Data Retention
Morph retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, including the provision of our Services and compliance with legal, tax, or regulatory requirements. Our retention periods are determined by the following categories:
-
Off-Chain Data (Services & Support):
-
Technical Logs: Automatically collected technical data, network identifiers, and IP logs are generally retained for a short period (typically 30 to 90 days) to ensure the security of our Services and to analyze system performance, unless a longer period is required to investigate a specific security incident or threat.
-
Customer Support: Correspondence, support tickets, and inquiry data are retained for as long as necessary to resolve your request and for a reasonable period thereafter to address follow-up inquiries or to defend against potential legal claims.
-
Marketing Data: Information processed for promotional purposes is retained until you unsubscribe, withdraw your consent, or request the deletion of your account.
-
-
On-Chain Data (The Morph Network):
- Because Morph is a decentralized blockchain, all transaction data, wallet addresses, and smart contract interactions are permanently and immutably recorded on the public ledger. You are duly informed that we have no technical ability to delete, "expire," or alter data once it has been broadcast to the blockchain.
-
Legal and Regulatory Obligations:
- In accordance with global standards and applicable laws, we may retain specific information (including KYC/KYB status and transaction metadata) for the period necessary to comply with AML/CFT regulations, satisfy accounting requirements, or respond to valid requests from judicial authorities. This period is typically determined by the relevant statute of limitations in the applicable jurisdiction.
-
De-identified Data:
- We may retain aggregated or de-identified data indefinitely. As this data no longer identifies an individual, it does not constitute personal data and is utilized solely for research, business analytics, and the ongoing optimization of our Services.
Children's Privacy
We do not allow use of our Services and Site by anyone younger than 18 years old. If you learn that anyone younger than 18 has unlawfully provided us with personal information, please contact us at [email protected] and we will take steps to delete such information, close any such accounts, and prevent the user from continuing to use our Services.
Your Choices and Rights
Subject to your jurisdiction (such as the GDPR in Europe or the CCPA in California), you have a number of rights regarding your personal data. You may exercise these by contacting us at [email protected].
-
Communication Preferences: We will only send you promotional communications if you have provided your explicit, freely given consent. You may withdraw this consent at any time via the "unsubscribe" link. We may still send non-promotional messages related to the provision of our Services.
-
Right to Access & Portability: Request a copy of the off-chain data we maintain about you in a structured, machine-readable format.
-
Right to Rectify: Request correction of inaccurate or incomplete information.
-
Right to Erasure: Request deletion of personal data where we have no compelling legal reason to retain it.
-
Right to Object & Restrict: Object to processing based on legitimate interests or direct marketing, or request restricted processing in certain instances.
-
Right to Contest Automated Decisions: Request a human review of decisions made solely by automated tools.
-
Right to Withdraw Consent: Where we rely on your consent as the legal basis for processing (e.g., marketing), you have the right to withdraw that consent at any time.
-
Right to Lodge a Complaint: You have the right to complain to a data protection authority in the location where you live or work.
Important Legal Limitations:
-
Blockchain Immutability: Rights to erase, rectify, or object cannot be exercised regarding data recorded on the public blockchain as this data is permanent and cannot be altered by Morph.
-
Statutory Overrides: These rights may be limited where we have a legal requirement to process your data (e.g., AML compliance).
-
Data Sales: Morph does not sell personal information to third parties.
Final Provisions
Morph reserves the right to revise this Policy at any time to reflect changes in our business practices, technical infrastructure, or applicable legal requirements. Any such revisions will be effective immediately upon being posted on our Services, and as we do not maintain traditional centralized user accounts, it remains your sole responsibility to review this Policy periodically for updates. Your continued use of the Services following the posting of a revised Policy signifies that you have been duly informed of the updated practices. If you do not agree with any revised terms, you must immediately cease all use of the Services.
