arrow_backBack to home
shield_person

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 2026-04-21

Overview

MorphMarket Talk is a cross-border P2P reptile trading platform. This policy explains how we handle the personal data you provide.

Using the service means you agree to this policy. If you disagree, please stop using the service and request account deletion under the "Your rights" section below.

database

Data we collect

account_circle

Account data

Email, phone number, password (stored as Argon2id hash, never in plain text), country, language preference.

person

Profile data

Display name, avatar, bio, buyer/seller role, MorphMarket handle (optional).

article

Content data

Listings, chat messages, order records, ratings and reviews, reports, uploaded images and videos.

payments

Payment data

Bank account + SWIFT for receiving payments (shown only to your buyers), payment proof screenshots. We do not process credit cards directly.

devices

Device data

Device model, OS, IP address, push token, app version. Used for login security and debugging only.

history

Usage logs

Login times, report events, support conversations. Standard logs are auto-deleted after 90 days.

task_alt

How we use it

  • check_circleCore features: accounts, chat, orders, logistics, payment matching
  • check_circleFraud prevention and platform security: detecting suspicious logins, abnormal transactions, handling reports
  • check_circleRegulatory compliance: CITES cross-border shipping, anti-money-laundering, local wildlife protection laws
  • check_circleProduct improvement: aggregate analytics (no individual identification)
  • check_circleCommunications: order status, security alerts, and other notifications you subscribe to (opt-out anytime)
group

Who sees your data

We share data only with third parties necessary for core functionality, under signed Data Processing Agreements (DPA).

  • cloudHosting: Supabase (database & auth, US region), Cloudflare (CDN, DNS, R2 media storage, Email Routing)
  • mailCommunications: Resend (transactional email, backed by AWS SES ap-northeast-1)
  • monitoringMonitoring: Sentry (error tracking, configured to strip PII)
  • analyticsAnalytics: Microsoft Clarity (web interaction analytics; chat messages, payment info, and form inputs are automatically masked; no PII collected, not used for advertising or cross-site tracking)
  • balanceLegal requirements: only when served with a valid subpoena or court order; we notify you to the extent permitted by law
blockWe will never sell your personal data to advertisers, data brokers, or any third party.
analytics

Behavioral Analytics (Web)

We use Microsoft Clarity on the web to analyze click heatmaps, page scroll depth, and UI friction so we can identify experience bottlenecks and improve the app.

Clarity automatically masks all input fields, chat messages, and payment information by default; we do not transmit emails, phone numbers, bank accounts, names, or other PII, and the data is not used for cross-site tracking or advertising.

You can disable this anytime under Settings β†’ Behavioral Analytics. Once disabled, no further interaction data is collected; existing anonymous data is auto-deleted per our retention schedule.

verified_user

Your rights

visibility

Access

The settings page shows the data we hold on you; email [email protected] for a full export.

delete

Delete

Settings β†’ Account β†’ Delete account. 7-day cancellation window, after which all personal data is permanently removed (transactional records retained separately per law).

edit

Correct

Edit your email, phone, display name, and other profile data from the settings page at any time.

notifications_off

Opt out

Push and general email notifications can be unsubscribed. Transactional security messages (e.g. login verification) cannot be opted out.

download

Portability

Email [email protected] to request a JSON export of your personal data. We respond within 30 days.

gavel

Complaint

If you believe we've violated this policy, you may file a complaint with your local Data Protection Authority (DPA).

schedule

Data retention

  • fiber_manual_recordAccount data: duration of the account + 30-day deletion buffer
  • fiber_manual_recordChat message text, orders: 7 years (per Taiwan E-commerce Act / Business Accounting Act); chat-attached photos & videos: auto-deleted after 365 days (data minimization)
  • fiber_manual_recordPayment proofs, financial records: 7 years (per Taiwan Business Accounting Act Β§38 and US IRS Β§6501, taking the stricter)
  • fiber_manual_recordStandard logs: 90 days
gavelWithin the retention period, deletion requests cannot be honored due to GDPR Art. 17(3)(b/e) (legal obligation / legal claims). For exceptional cases, email [email protected] for DPO case-by-case review.
lock

Security

All traffic is encrypted via HTTPS (TLS 1.2+). Passwords are stored as Argon2id hashes. Media files are protected by HMAC-signed URLs. Abnormal login attempts trigger immediate notifications.

child_care

Children

This service is not intended for anyone under 13. If we discover an account belongs to a child, we delete it immediately.

cookie

Cookies

We only use functional cookies (login session, language preference). No ad tracking or third-party analytics cookies.

update

Changes to this policy

We publish any changes on this page. Material changes are announced via in-app notification or email. Continued use constitutes acceptance of the updated policy.

smart_toy

AI & machine-learning model training

To improve the Pro Camera's species recognition, coloration analysis, and image-quality grading, we use product photos and videos you list to refine our AI models. All inference runs on your device (on-device); training data is never sent to third-party LLM providers such as OpenAI, Google, or Anthropic.

Scope of use (limited to the three below)

  • check_circleGecko species classifier (broad categories: Crested, Leachianus, Chahoua, Gargoyle)
  • check_circleImage quality grading (cover-photo selection, blur / focus filtering)
  • check_circleColoration feature analysis (HSB red-region detection, composite metadata)
phonelink_lock

On-device

Inference results stay on your device; the app does not upload recognition results to the cloud or share them with other users.

visibility_off

Anonymized

Training data does not contain seller-identifying information (UID, display name, location); only image content + species / morph labels are used. To protect animal welfare, CITES Appendix I species imagery is excluded from training.

blockWe do not redistribute training data, sell model weights, or license imagery to third-party LLM training datasets.

Opt-out

You can opt out anytime via Settings β†’ Privacy β†’ "AI training contribution". Once disabled, future listings are excluded from training; existing trained models are not retrained from scratch, but your imagery is removed from the next training-set iteration.

On-device inference does not constitute "personal data collection" under Apple App Store Review Guideline 5.1.1; this disclosure complies with Guideline 5.1.2 (data use & sharing), GDPR Art. 6(1)(a) (explicit consent), and CCPA Β§1798.100.

These terms take effect for new listings created on or after 2026-04-28. Existing users will see a one-time consent banner on next app launch and may accept or opt out of AI training (opting out does not affect other functionality).

contact_support

Contact

For any privacy-related questions, please email:

[email protected]

Or reach the support team via /support (same response window).

For copyright takedown notices (DMCA Β§512), please contact:

[email protected]Β·/dmca-report