What makes us different
We understand and believe that privacy is a fundamental human right. It's essential to our autonomy and necessary for free and prosperous societies.
This all might sound strange for a social platform. The current major social and search networks have sophisticated global campaigns to "remind" us that being instrumented is the only and right way.
But it's not the way for us, and it's not the way that we would want for anyone else either. So, we decided to create a different way for people, a better way.
At Metamorphic, we've taken care to design a privacy-focused, autonomy enabling, system for connecting and sharing with the people in your life:
As you can see, Metamorphic is not your typical social platform. You don't have to worry about being the raw material in an economic pipeline routed toward creating a future where you have no thoughts and actions of your own.
On Metamorphic, we don't make money by colonizing your experiences and using them to build an infrastructure to control you outside of your awareness (instrument you). We make money through the subscription to our service.
Additionally, the revenue from member subscriptions is used to support our community programs, climate initiatives, and official nonprofit partners.
This isn't your typical legalese. We really want the services we provide and products we deliver to be easily understood. This way you can quickly make a decision as to what is best for you.
Improve your online privacy and security by making simple changes to the following three categories
Start to DuckDuckGo
If it's your first time, it will feel disorienting as you change interfaces and gravitate back to actually seeing results based on what you search for. Give it a month, and you'll never go back. Free your mind with the leader and pioneer in private search.
Open up Firefox
This is a simple change to give yourself a huge boost in privacy and freedom. Mozilla also has a range of privacy products from Mozilla VPN to Monitor (recommended) for protecting and monitoring your privacy and security.
Send with ProtonMail
Today, your email account contains everything about your life. You won't find a more private and secure email option. They offer a free account and free VPN (recommended), and have solutions for your calendar and files currently in beta.
Privacy is essential to a free life. Renowned author and CEW Professor Emerita at Harvard Business School, Shoshana Zuboff, dedicated 12 years to unmasking and naming the "emergence of a fundamentally anti-democratic economic logic" that she calls surveillance capitalism. Thanks to her we now have a framework around which to guide our efforts at preserving a more human future.
The recent book from Cambridge Analytica whistleblower Christopher Wylie, reveals how the systems of surveillance capitalism are being weaponized against an unsuspecting public. It is a disturbing and insidious reality, where individuals and entire societies are living laboratory experiments, and the results of those experiments are the denigration of our ability to act, think, and believe for ourselves.
Metamorphic is an alternative destination for social connection online, free of surveillance capitalism and psychometric profiling:
Metamorphic is designed so that you can connect and share with the people in your life, on your terms. At Metamorphic, being human doesn't come at the expense of your humanity.
When you create an account at Metamorphic, you can rest assured that what you see is what you get. We take this responsibility seriously.
Your data on Metamorphic is information specific to your account.
This information includes sign up or registration information: name, pseudonym, email, and password (irreversibly hashed).
This information may also include data from: Letters, Memories, People, and Portals.
When we add new features to Metamorphic, then your list of data may expand to include any new features you use.
It is important to know that you may delete any or all of your data at any time from within your account.
Your object data (think images for Memories or avatars) is stored on a decentralized cloud network by Storj. It is asymmetrically encrypted to your password-derived key and then encrypted again at rest with Storj's AES 256-bit symmetric encryption. Each file is then split into 80 pieces and stored on different nodes — all with different operators, power supplies, networks, and geographies. This decentralization adds another layer of protection and redundancy to your data (only 29 pieces are required to re-build the encrypted file).
Your non-object data (think text, messages, email, name, etc.) is currently stored on databases managed by our hosting provider, Render. This data is also asymmetrically encrypted (your email is also hashed as well for look-up functionality), then symmetrically encrypted by our server, before being stored in the database. Once at rest, Render additionally encrypts the database with their own symmetric encryption.
By asymmetrically encrypting your data before it is uploaded, we ensure that your data remains private and protected.
Your non-personal data (like when your account was confirmed) is symmetrically encrypted by us and stored with your non-object data. It is not asymmetrically encrypted because it doesn't reveal anything to us about your account accept that it was confirmed, which is used for the functioning of the service.
The only data not explicitly encrypted by our servers, but still encrypted at rest in the database by our storage providers, is boolean data that does not reveal your identity nor provide any meaningful information outside the functioning of the service.
It is important to know that your data is asymmetrically encrypted before it is uploaded to any cloud storage locations, is only decryptable by you (the person who knows your password), and is deleted from the cloud location when you delete the file on your end. Data that is not asymmetrically encrypted nor simple boolean data (true/false), is still encrypted with strong symmetric encryption and would be protected against data breaches.
This means that you are in full control of your account information on Metamorphic and can even delete your account, and all of its information, at any time from within your account settings.
In the case of (a), depending on the severity of the violation, we will contact you before taking an action against your account (such as deleting it and all of its information). In the case of (b), we will do our best to provide reasonable notice of our impending shutdown so that you can prepare for it. And in the case of (c), we don't have access to any meaningful data due to the in-app asymmetric encryption. It would look something like this: "pJL3R8c2uGKLqJ1NUOTjL7u0er..." And even then, we will do our best to defend that meaningless information to the fullest extent of the law.
In all cases: we will never share, sell, or otherwise transfer your data, and/or personal information, to third parties (except for the metadata required by Stripe to handle your account payments and a court-ordered legal request that we cannot successfully defend against).
We use encryption algorithms that are recommended by leading security and cryptography experts like Matthew Green, Niels Ferguson, and Bruce Schneier.
Your data is asymmetrically encrypted in-app by your password-derived key. This means that only you can ever decrypt your data (for sharing or for yourself). We then wrap that encryption in a second layer of symmetric encryption before sending it to the database for storage, and those encryption keys are stored separately and rotated periodically. In the event of a data breach, your data would still be protected by very strong encryption.
Your account password, and any password used for securing your content, is protected with an industry leading hashing algorithm that makes it virtually impossible to ever know your password. You may see this concept being referred to as an "irreversible password hash".
You can read more about the encryption we use and how we protect your account by visiting our security policy.
We do not participate in the surveilling and profiling of our customers (or anyone). We do not create psychometric profiles on you (or anyone). We do not conduct "invisible" (just outside of your awareness) experiments on you (or anyone).
When you are on Metamorphic, you are free of the living laboratory experiment that is being conducted on you, and everyone else, on other platforms without your awareness.
To the best of our knowledge, the extent of the possible information that could leak about your account (metadata) is all related to paying for your account. And in this regard, the information provided is your email address, name, card information, and device IP address.
This information is handled and stored by Stripe, an industry leader in payments and security. The only information kept in our database is related to the Stripe payment plans we offer, Stripe products, a Stripe ID for the customer and subscription to synchronize with Stripe (symmetrically encrypted at rest and deterministically hashed for lookups on our end), and subscription information (like dates and status). This metadata does not provide access to your Metamorphic account nor its content, though it may be used to leak metadata about your account.
Stripe maintains industry leading security of your payment information, we do not process or store your payment information. And this goes without saying: we do not share, rent, sell, or otherwise transfer your payment information to anyone ever. It is only and always handled by Stripe.
It's important to understand what information might be able to be gleamed about your Metamorphic account through this Stripe metadata:
It may be possible, with legal court orders, to sift through our database records, in conjunction with Stripe's, and determine who you are and who you are connected to on Metamorphic. This may be able to be done by linking the Stripe IDs with the customer on Stripe's end with the Stripe IDs on our end, and then linking the account IDs in corresponding relationships (or similarly using the subscription dates). When combined with the payment information that Stripe may have about you, and/or your credit card company, this method could be used to identify who you are, who you are connected to, and who you are communicating with on Metamorphic.
This can be minimized by using an anonymous email address for your Metamorphic account, although you will still have to enter a payment card which could be used to identify you.
When you pay to use Metamorphic, you must input a payment card to be processed via Stripe. Upon doing so, Stripe will receive the email associated with your Metamorphic account (decrypted by your current session). They will also receive the name you input when you enter your payment, card details, and device IP address.
This information is used by Stripe for risk assessment and fraud prevention.
To further mitigate identification from your device IP address that is sent to Stripe, you can use the Tor browser or a trusted VPN (or both).
We cannot offer any guidance on protecting your privacy from the transaction of your payment card, and for this reason alone, if you are a high-risk person without the relevant expertise, then we recommend you not use our service at this time.
While it is very difficult to minimize metadata, the metadata that can be gleamed from your Stripe payment (with the proper court orders) does not change the fact that only you can access the contents of your account.
Again, it is important to remember that none of this metadata can give someone access to your account or provide them with the actual information in your account (like the images of your Memories, messages of your Letters, and so forth).
Similar to a service like Signal, a legal government court order could enable a government entity to determine (1) who you are, (2) who you are connected to, and (3) who you may be in communication with — but it cannot reveal the contents of your communication, nor can your life be harvested for the benefit of surveillance capitalists.
Check out ClickClickClick to see what creepy things can happen to you on other websites.
Are you a business or startup that needs analytics? Fathom Analytics is a trusted privacy-focused solution for businesses of all sizes.
This policy is heavily influenced by Gabriel Weinberg's for DuckDuckGo — thank you.
If this policy is substantively updated, we will update the text of this page and provide notice to you by writing '(Updated)' in rose next to the link to this page (in the footer) for a period of at least 30 days.
We will also mention the update to our terms, and potentially discuss in more detail, on the latest epside of our podcast to air after the update.