Privacy Policy

Samuditha Learning Systems Pvt. Ltd. ("MorphAds", "we", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the MorphAds platform.

This policy complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and applicable rules thereunder.

By using MorphAds, you consent to the practices described in this policy.

Account Data:

• Mobile phone number (used for OTP authentication)
• Name (optional, provided in profile settings)
• Business/brand name (optional)

Usage Data:

• Product images you upload for ad generation
• Generated video outputs and associated metadata
• Credit balance, transactions, and payment history
• Language preferences and selected AI personas
• Log data: IP address, device type, browser type, pages visited, timestamps

Payment Data: Payment transactions are processed by Razorpay. MorphAds does not store your card numbers, UPI IDs, or banking credentials. We receive only a transaction confirmation and order ID from Razorpay.

Cookies & Analytics: We use cookies and analytics tools (including PostHog) to understand platform usage. You can disable cookies in your browser settings, though this may affect functionality.

We use your personal data to:

• Authenticate your account via OTP and maintain your session
• Process your AI video generation requests
• Manage your credit wallet and process payments via Razorpay
• Send transactional SMS/email notifications (video ready, low credits, payment confirmation)
• Improve our AI models and platform quality (using anonymised, aggregated data only)
• Comply with legal obligations under Indian law
• Prevent fraud, abuse, and unauthorised access

We do not use your uploaded product images or generated videos to train third-party AI models or sell your data to advertisers.

Under the DPDP Act 2023, we process your personal data based on:

• Consent: You provide explicit consent when registering and using the platform
• Contract: Processing is necessary to fulfil our service agreement with you
• Legitimate Interests: Security monitoring, fraud prevention, and platform analytics
• Legal Obligation: Compliance with Indian financial and tax regulations

We share your data with trusted third-party service providers only as necessary:

• Razorpay: Payment processing (PCI-DSS compliant)
• Twilio / MSG91: OTP SMS delivery
• Resend: Transactional email delivery
• PostHog: Product analytics (anonymised)
• AWS / Cloud Infrastructure: Secure hosting and video rendering

All third-party processors are contractually bound to process your data only for the specified purpose and to maintain appropriate security standards.

We do not sell, rent, or share your personal data with advertising networks, data brokers, or any unauthorised third party.

We may disclose your data if required by Indian law, court order, or regulatory authority.

Some of our service providers (e.g., AWS, PostHog) may process data outside India. Where such transfers occur, we ensure adequate safeguards are in place through contractual clauses and compliance with applicable Indian data protection frameworks. We are committed to aligning with the cross-border transfer rules under the DPDP Act as they are notified.

We retain your data for the following periods:

• Account data: For the duration of your account plus 2 years after closure
• Uploaded product images: Deleted within 30 days of video generation completion
• Generated videos: Stored for 90 days; available for re-download during this period
• Transaction records: 7 years (as required under Indian accounting and GST laws)
• Log data: 90 days rolling

You may request deletion of your account and associated data at any time (see Section 9).

We implement industry-standard security measures to protect your data:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• JWT-based authentication with short-lived tokens
• Rate limiting and OTP brute-force protection
• Regular security audits and vulnerability assessments
• Access controls — only authorised personnel can access production data

In the event of a data breach that affects your personal data, we will notify you within 72 hours as required under applicable Indian law.

As a Data Principal under India's Digital Personal Data Protection Act 2023, you have the right to:

• Access: Request a summary of personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Erasure:Request deletion of your personal data ("right to be forgotten")
• Grievance Redressal: File a complaint with our Data Protection Officer
• Nomination: Nominate another individual to exercise rights on your behalf

To exercise any of these rights, email support@morphads.in from your registered email address. We will respond within 15 business days.

MorphAds is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has registered, we will promptly delete their account and associated data. If you believe a minor has used our platform, please contact us at support@morphads.in.

We use the following types of cookies:

• Essential cookies: Required for authentication and session management (cannot be disabled)
• Analytics cookies: Used by PostHog to track usage patterns (can be disabled)
• Preference cookies: Store your language and UI preferences

You can manage cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the Platform.

We have designated a Data Protection Officer (DPO) as required under the DPDP Act 2023:

• DPO Name: Data Protection Officer, MorphAds
• Email: support@morphads.in
• Address: Samuditha Learning Systems Pvt. Ltd., Elements Mall, Ajmer Rd, Uma Colony, Shanti Nagar, DCM, Jaipur, Rajasthan 302019

For general privacy queries, you may also contact us at support@morphads.in.

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you via SMS or email at least 7 days before material changes take effect. The "Last Updated" date at the top of this page indicates when the policy was last revised.