Privacy Policy

For the purposes of the GDPR, the Data Controller is:
Morrow Labs Inc.
Email: privacy@morrowlabs.ai

• Account Information: Email address and authentication details provided during signup.
• Google Login Data: When you sign in with Google, we receive your name, email address, and profile picture from your Google account. We do not receive or store your Google password.
• LinkedIn Login Data: When you sign in with LinkedIn, we receive your name, email address, and profile picture from your LinkedIn account. We do not receive or store your LinkedIn password or access your connections, messages, or other LinkedIn content.
• Payment Data: We do not store full credit card numbers. All payment transactions are processed through Stripe.
• User Content: Text prompts, uploaded documents, and the resulting decks generated by the AI.

• Authentication: To create and manage your account via Google Login or LinkedIn Login.
• Service Delivery: To generate AI-powered presentations based on your input using Google Gemini.
• Communication: To send transactional emails related to your account and subscription.
• Improvement: To improve the quality and performance of our service.
• Legal Compliance: To meet our financial reporting and regulatory obligations.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google account data to authenticate you and provide the service — we do not sell or use it for advertising.

Our use of LinkedIn Login complies with the LinkedIn API Terms of Use. We only request the minimum LinkedIn profile data necessary for authentication.

We process your personal data under the following lawful bases:

• Contractual Necessity: To provide the Morrow Labs service.
• Legitimate Interests: To improve our AI models and prevent fraud.
• Legal Obligation: To comply with financial reporting laws.
• Consent: Where required, such as when you choose to sign in with a third-party provider like Google or LinkedIn.

We share data with specific sub-processors to run our service:

When you use AI generation features, your prompts and uploaded content are sent to Google Gemini for processing. Please review Google's Privacy Policy and LinkedIn's Privacy Policy for details on how they handle data.

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes.

OAuth tokens from Google and LinkedIn are stored securely and are only used to maintain your authenticated session. You may revoke our access at any time through your Google account settings or LinkedIn account settings.

If you reside in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion: Request deletion of your personal data ("right to be forgotten").
• Portability: Request an export of your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw Consent: Withdraw consent for third-party logins at any time by revoking app access in your Google or LinkedIn settings.

To exercise any of these rights, contact us at privacy@morrowlabs.ai.

For any privacy-related questions or requests, please contact:
Morrow Labs Inc.
Email: privacy@morrowlabs.ai