Privacy & data flow

Last updated 2026-06-20 · applies to Morph v1.0.0

Morph reshapes the web page you are already on. This document states exactly what leaves your browser, who processes it, and what is kept. It is written to be accurate, not flattering.

Morph sends data to its own backend only when you actively press “Morph it” (or connect an app). Nothing in the background.
To reshape, it sends your typed instruction, a truncated DOM snapshot, and the page URL to an LLM provider (Groq) to compute the change.
The backend does not store your prompt or page content — only hashed / bucketed logs.
Signing in is optional. If you do, we record only a one-way hash of your account id and your email domain — never your email address.
Connectors are opt-in and require sign-in, and your data is isolated to your verified Google identity.

1Reshaping a page — what is sent

When you invoke Morph (Alt+M → type an instruction → Morph it), the extension sends three things to the Morph backend:

A pruned DOM snapshot — a compact outline: tag names, ids, classes, ARIA roles, and short previews of visible text (up to ~50 characters per element). Be aware: on a logged-in page those previews can include real visible content (e.g. an email subject on screen). It is bounded and truncated, but not purely structural — use Morph mindfully on sensitive pages.
Your natural-language prompt — the instruction you typed.
The page URL — for context.

Not sent: form-field values you type, password fields, cookies, localStorage, credentials, and anything not rendered as visible text. The snapshot is generated only when you press Morph it — never in the background.

2Who processes it (sub-processors)

The snapshot, prompt, and URL go to the Morph backend, a Google Cloud Run service operated by Black Robotics (region us-central1). To generate the transform, the backend forwards your prompt + snapshot to an LLM provider:

Groq (api.groq.com) running an open-weights Llama model — the primary provider, chosen for speed.
Google Vertex AI (Gemini) — used only as a fallback if the primary is unavailable.

These providers receive the data solely to compute the reshape and return it. No other third party receives your reshape data.

3What the backend stores / logs

By design, the backend returns the generated transform and does not persist your prompt, DOM snapshot, or URL. It logs only non-reversible signals: request sizes, op count, latency, model name; a one-way hash of your IP (never the raw IP); a one-way hash of the site host; and a coarse intent bucket (e.g. dark, declutter, chart) — never the raw prompt text. Requests are rate-limited.

4Optional telemetry — “kept / undone”

After a reshape, the extension may send one fire-and-forget event recording whether you kept or undid it — containing only the outcome, the hashed site host, and the coarse intent bucket. Never the raw URL, prompt, or page content. There is no advertising or third-party tracking of any kind.

5Optional Google sign-in — counting users

On install, Morph invites you to sign in with Google. This is optional and skippable — Morph reshapes pages fully without it. If you do sign in, the backend verifies your Google token and records a privacy-safe record: a one-way SHA-256 hash of your Google account id, and your email domain only (e.g. gmail.com). Your email address is never stored or logged. Scopes requested: openid, email, profile.

6Optional connectors — your data, reshaped

Morph can optionally connect an app (e.g. Gmail, GitHub, Calendar) so a reshape can use your real data. Connectors are opt-in, per-app, and require Google sign-in:

Connecting uses Composio (composio.dev) as the managed-OAuth sub-processor. You authorize the app in a normal OAuth screen; the extension never sees or stores the app’s tokens.
On a reshape, the backend fetches a bounded summary of that app’s data for your verified Google identity only, adds it to the model context for that one request, and does not persist it.
Isolation: connector data is keyed to your verified Google account id — never shared between users, never served from cache.

If you never connect an app, none of this applies.

7What stays local

Transforms you keep are saved as per-site recipes in your browser via chrome.storage.local only. They are never uploaded and never synced. Reapplying a saved recipe happens entirely in the browser and sends nothing to the backend.

8Your controls

Undo reverts the change and forgets it.
Keep for this site saves the recipe locally; the popup lets you disable or delete any saved recipe.
Maybe later (or simply never signing in) keeps you fully anonymous.
Backend URL in the popup lets you repoint where reshape data is sent — e.g. to a backend you run yourself.

9Security model: no code execution

Morph only restyles, rearranges, hides, re-themes, or charts data — every change is a declarative JSON DSL the extension interprets. The backend never sends code to run in the page, and private-data (connector) paths are gated behind a verified Google identity so one user can never read another’s connected data.

10Contact

Questions or data requests: roboticsblack@gmail.com (Black Robotics).