Privacy

Privacy is the standard on Metamorphic.

Asymmetric

Your data is encrypted to your account password so that only you can access it.

Ownership

You own your data and can delete your account, and all of its data, at any time.

Guinea Pig Free

We adore our furry friends, but you won't find any here. No user experiments ever.

Autonomy

Connect and share free from fingerprints, spyware and trackers.

Privacy policy November 9, 2021

We do not log or share personal information. That is our privacy policy in a nutshell. The rest of this policy tries to explain what information we may have, why we have it, how we protect it, and why you should care.

Privacy is essential to a free life. Renowned author and CEW Professor Emerita at Harvard Business School, Shoshana Zuboff, dedicated 12 years to unmasking and naming the "emergence of a fundamentally anti-democratic economic logic" that she calls surveillance capitalism. Thanks to her we now have a framework around which to guide our efforts at preserving a more human future.

The recent book from Cambridge Analytica whistleblower Christopher Wylie, reveals how the systems of surveillance capitalism are being weaponized against an unsuspecting public. It is a disturbing and insidious reality, where individuals and entire societies are living laboratory experiments, and the results of those experiments are the denigration of our ability to act, think, and believe for ourselves.

Metamorphic is an alternative destination for social connection online, free of surveillance capitalism and psychometric profiling:

    You own 100% of your data
    Your data is encrypted
    You are not a guinea pig
    Your data is not shared
    You are not tracked

Metamorphic is designed so that you can connect and share with the people in your life, on your terms. At Metamorphic, being human doesn't come at the expense of your humanity.

When you create an account at Metamorphic, you can rest assured that what you see is what you get. We take this responsibility seriously.

What is your data?

Your data on Metamorphic is information specific to your account.

This information includes sign up or registration information: name, pseudonym, email, and password (irreversibly hashed).

This information may also include data from: Connections and Posts.

When we add new features to Metamorphic, then your list of data may expand to include any new features you use.

It is important to know that you may delete any or all of your data at any time from within your account.

Where is your data stored?

Your object data (think avatars) is stored on a decentralized cloud network by Storj. It is asymmetrically encrypted to your password-derived key and then encrypted again at rest with Storj's AES 256-bit symmetric encryption. Each file is then split into 80 pieces and stored on different nodes — all with different operators, power supplies, networks, and geographies. This decentralization adds another layer of protection and redundancy to your data (only 29 pieces are required to re-build the encrypted file).

Your non-object data (think text, messages, email, name, etc.) is currently stored on databases managed by our hosting provider, Render. This data is also asymmetrically encrypted (your email is also hashed as well for look-up functionality), then symmetrically encrypted by our server, before being stored in the database. Once at rest, Render additionally encrypts the database with their own symmetric encryption.

By asymmetrically encrypting your data before it is uploaded, we ensure that your data remains private and protected.

Your non-personal data (like when your account was confirmed) is symmetrically encrypted by us and stored with your non-object data. It is not asymmetrically encrypted because it doesn't reveal anything to us about your account accept that it was confirmed, which is used for the functioning of the service.

The only data not explicitly encrypted by our servers, but still encrypted at rest in the database by our storage providers, is boolean data that does not reveal your identity nor provide any meaningful information outside the functioning of the service.

It is important to know that your data is asymmetrically encrypted before it is uploaded to any cloud storage locations, is only decryptable by you (the person who knows your password), and is deleted from the cloud location when you delete the file on your end. Data that is not asymmetrically encrypted nor simple boolean data (true/false), is still encrypted with strong symmetric encryption and would be protected against data breaches.

You own 100% of your data. data harvesting

This means that you are in full control of your account information on Metamorphic and can even delete your account, and all of its information, at any time from within your account settings.

There are only a few times when you are not in control of your account information: (a) if you are in violation of our terms of use, (b) if our company were to go out of business and all accounts were thus deleted, or (c) in compliance with a court-ordered legal request.

In the case of (a), depending on the severity of the violation, we will contact you before taking an action against your account (such as deleting it and all of its information). In the case of (b), we will do our best to provide reasonable notice of our impending shutdown so that you can prepare for it. And in the case of (c), we don't have access to any meaningful data due to the in-app asymmetric encryption. It would look something like this: "pJL3R8c2uGKLqJ1NUOTjL7u0er..." And even then, we will do our best to defend that meaningless information to the fullest extent of the law.

In all cases: we will never share, sell, or otherwise transfer your data, and/or personal information, to third parties (except for the metadata required by Stripe to handle your account payments and a court-ordered legal request that we cannot successfully defend against).

Your data is encrypted. backdoors

We use encryption algorithms that are recommended by leading security and cryptography experts like Matthew Green, Niels Ferguson, and Bruce Schneier.

Your data is asymmetrically encrypted in-app by your password-derived key. This means that only you can ever decrypt your data (for sharing or for yourself). We then wrap that encryption in a second layer of symmetric encryption before sending it to the database for storage, and those encryption keys are stored separately and rotated periodically. In the event of a data breach, your data would still be protected by very strong encryption.

Your account password, and any password used for securing your content, is protected with an industry leading hashing algorithm that makes it virtually impossible to ever know your password. You may see this concept being referred to as an "irreversible password hash".

You are not a guinea pig. lab experiments

We do not participate in the surveilling and profiling of our customers (or anyone). We do not create psychometric profiles on you (or anyone). We do not conduct "invisible" (just outside of your awareness) experiments on you (or anyone).

When you are on Metamorphic, you are free of the living laboratory experiment that is being conducted on you, and everyone else, on other platforms without your awareness.

Your data is not shared. behavior modification

We do not share, sell, or otherwise transfer your data to anyone outside of our company ever. Your data is used only in the service of your account (support & troubleshooting), to address a terms of use violation, or to comply with a court-ordered legal request.

Your are not tracked. surveillance capitalism

We do not use cookies or fingerprinting to track or identify you.

Metadata

To the best of our knowledge, the extent of the possible information that could leak about your account (metadata) is all related to paying for your account. And in this regard, the information provided is your email address, name, card information, and device IP address.

This information is handled and stored by Stripe, an industry leader in payments and security. The only information kept in our database is related to the Stripe payment plans we offer, Stripe products, a Stripe ID for the customer and subscription to synchronize with Stripe (symmetrically encrypted at rest and deterministically hashed for lookups on our end), and subscription information (like dates and status). This metadata does not provide access to your Metamorphic account nor its content, though it may be used to leak metadata about your account.

Why Stripe?

We have chosen Stripe as our current payment provider due to their world-class security, great climate initiative, and strong data policies.

Stripe maintains industry leading security of your payment information, we do not process or store your payment information. And this goes without saying: we do not share, rent, sell, or otherwise transfer your payment information to anyone ever. It is only and always handled by Stripe.

Ways to minimize metadata

It's important to understand what information might be able to be gleamed about your Metamorphic account through this Stripe metadata:

  1. It may be possible, with legal court orders, to sift through our database records, in conjunction with Stripe's, and determine who you are and who you are connected to on Metamorphic. This may be able to be done by linking the Stripe IDs with the customer on Stripe's end with the Stripe IDs on our end, and then linking the account IDs in corresponding relationships (or similarly using the subscription dates). When combined with the payment information that Stripe may have about you, and/or your credit card company, this method could be used to identify who you are, who you are connected to, and who you are communicating with on Metamorphic.

    This can be minimized by using an anonymous email address for your Metamorphic account, although you will still have to enter a payment card which could be used to identify you.

  2. When you pay to use Metamorphic, you must input a payment card to be processed via Stripe. Upon doing so, Stripe will receive the email associated with your Metamorphic account (decrypted by your current session). They will also receive the name you input when you enter your payment, card details, and device IP address.

    This information is used by Stripe for risk assessment and fraud prevention.

    To further mitigate identification from your device IP address that is sent to Stripe, you can use the Tor browser or a trusted VPN (or both).

    We cannot offer any guidance on protecting your privacy from the transaction of your payment card, and for this reason alone, if you are a high-risk person without the relevant expertise, then we recommend you not use our service at this time.

While it is very difficult to minimize metadata, the metadata that can be gleamed from your Stripe payment (with the proper court orders) does not change the fact that only you can access the contents of your account.

Again, it is important to remember that none of this metadata can give someone access to your account or provide them with the actual information in your account.

Similar to a service like Signal, a legal government court order could enable a government entity to determine (1) who you are, (2) who you are connected to, and (3) who you may be in communication with — but it cannot reveal the contents of your communication, nor can your life be harvested for the benefit of surveillance capitalists.

Other

Check out ClickClickClick to see what creepy things can happen to you on other websites.

Are you a business or startup that needs analytics? Fathom Analytics is a trusted privacy-focused solution for businesses of all sizes.

This policy is heavily influenced by Gabriel Weinberg's for DuckDuckGo — thank you.

Updates

If this policy is substantively updated, we will update the text of this page and provide notice to you by writing '(Updated)' in rose next to the link to this page (in the footer) for a period of at least 30 days.

We will also mention the update to our terms, and potentially discuss in more detail, on the latest epside of our podcast to air after the update.

Feedback

I (Mark Thayer) am the creator of Metamorphic, and personally wrote this privacy policy. If you have any questions or concerns, please send feedback.