Privacy Policy

Overview

MorrowMark is built on a simple principle: your personal content belongs to you. We collect only what we need to provide the Service, we never sell your data, and we give you tools to export or delete everything at any time.

What We Collect

• Account information: Email address, name, and password (hashed, never stored in plain text).
• Vault content: Stories, values, advice, humor, and other personal entries you choose to submit.
• Recipient information: Names, email addresses, birthdays, and personality notes for message recipients.
• Generated messages: AI-generated content and the vault entries used to create it.
• Usage data: Basic analytics including page views and feature usage (no third-party trackers).

How We Use Your Data

• To provide the Service: Your vault entries are sent to our AI provider (Anthropic/Claude) to generate messages in your voice. Anthropic does not use your data for training.
• To deliver messages: Recipient email addresses are used to send scheduled messages via our email provider (Resend).
• To maintain your account: Email is used for authentication, password recovery, and critical service notifications.

What We Never Do

• We never sell your personal data or vault content to third parties.
• We never use your content for advertising or marketing purposes.
• We never share your vault entries with anyone except the AI generation service (to create your messages).
• We never train AI models on your personal content.

Data Storage & Security

Your data is stored in Supabase (PostgreSQL) with row-level security policies that ensure each family can only access their own data. All data is encrypted in transit (TLS) and at rest. Authentication is handled by Supabase Auth with industry-standard password hashing (bcrypt).

Third-Party Services

• Supabase: Database and authentication (Supabase Privacy Policy)
• Anthropic (Claude): AI message generation (Anthropic Privacy Policy)
• Resend: Email delivery (Resend Privacy Policy)
• Vercel: Hosting and deployment (Vercel Privacy Policy)

Your Rights

• Access: You can view all your data through the dashboard at any time.
• Export: You can export your vault entries and message history.
• Delete: You can delete individual entries or close your entire account.
• Correct: You can edit your vault entries and recipient information at any time.

Data Retention

Your data is retained for as long as your account is active. This is by design — MorrowMark is built for perpetuity. If you or your trustee closes the account, we will retain data for 90 days (to allow recovery) before permanent deletion. Audit logs are retained for 7 years for legal compliance.

Children’s Privacy

MorrowMark is intended for users 18 years and older. We do not knowingly collect data from children under 18. Recipients of messages may be minors, but their information is provided and managed by adult account holders.

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to all registered users. The “last updated” date at the top of this page reflects the most recent revision.

Contact

Privacy questions? Contact us at privacy@morrowmark.com.