Privacy Policy
Effective date: April 24, 2026
Last updated: April 24, 2026
This Privacy Policy explains how Opactor Inc. ("Anymorph," "we," "us," or "our") collects, uses, stores, and protects information when you use the Anymorph platform at https://anymorph.ai and any related services (collectively, the "Service").
By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
1. Who we are
Anymorph is a Generative Engine Optimization (GEO) platform that generates and publishes AI-optimized landing pages on a customer's domain to improve the customer's visibility in AI engines such as ChatGPT, Gemini, and Perplexity.
Data controller: Opactor Inc.
Address: 2261 Market Street STE 86757, San Francisco, CA 94114, USA
Contact: privacy@anymorph.ai (or contact@opactor.com)
2. Information we collect
2.1 Account information
When you sign up, our authentication provider (Clerk) collects your email address, name, and authentication credentials. We receive a user identifier and profile basics from Clerk.
2.2 Workspace and page content
• Brand, domain, and website URL that you add to your workspace
• Landing page content that our platform generates on your behalf
• Configuration, preferences, and settings you set
2.3 Data from connected Google services
When you explicitly connect a Google account through the Service, we request only the scopes necessary to deliver specific features:
• openid, userinfo.email — Identify the connected account. Data accessed: email address, Google account ID.
• webmasters — List your Search Console properties, read performance data, and submit sitemap URLs for pages we publish. Data accessed: verified site list; search analytics (clicks, impressions, CTR, position); sitemap registration metadata.
• analytics.readonly — Display Google Analytics performance metrics in your dashboard. Data accessed: aggregate GA metrics (sessions, users, page views, engagement rate, page path) over 7, 30, 60, and 90-day windows.
We call read endpoints exclusively for analytics display. The only write endpoint we call is the Google Search Console Sitemaps API (PUT webmasters/v3/sites/{siteUrl}/sitemaps/{sitemapUrl}) to register sitemap URLs for pages we publish on your behalf. We do not modify your Google Analytics configuration.
2.4 Usage and log data
We log product interactions, API requests, IP addresses, browser and device information, and error events to operate, secure, and improve the Service.
2.5 Cookies and similar technologies
We use strictly necessary cookies for authentication (via Clerk) and session management. We may use privacy-respecting analytics cookies to measure product usage. We do not use advertising cookies.
3. How we use information
We use the information we collect to:
• Provide, operate, and maintain the Service
• Generate, publish, and monitor the AI-optimized pages you request
• Display your Google Analytics and Search Console performance data inside your authenticated dashboard session
• Submit sitemap URLs to Google Search Console so the pages we generated are discovered and indexed
• Communicate with you about your account, security, and product updates
• Detect, prevent, and address technical, fraud, and security issues
• Comply with legal obligations
4. Google API Services User Data Policy (Limited Use)
Anymorph's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements.
Specifically:
1. We use Google user data only to provide user-facing features that are prominent in our Service (displaying GA/GSC analytics, and submitting sitemaps to GSC).
2. We do not transfer Google user data to third parties except:
• As necessary to provide or improve user-facing features that are prominent in our Service,
• To comply with applicable law, or
• As part of a merger, acquisition, or sale of assets with the user's consent.
3. We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
4. We do not allow humans to read Google user data unless:
• We have the user's affirmative consent for specific messages,
• Doing so is necessary for security purposes (such as investigating abuse),
• To comply with applicable law, or
• The data (including derivations) is aggregated and used for internal operations in accordance with applicable privacy and other laws.
5. How we share information
We do not sell your personal information. We share information only in the following circumstances:
• Service providers (sub-processors) that run our infrastructure under written contracts, including:
– Clerk — user authentication and session management
– Microsoft Azure — application hosting, managed PostgreSQL, container platform (regions: Korea Central, East US 2)
– Cloudflare — edge delivery, tenant routing, object storage (R2), key-value storage, and secure tunnels
– Google Cloud Platform — object storage for project artifacts
– OpenAI, Anthropic, and Google (Gemini / Vertex AI) — large-language-model providers used to generate page content and analyze AI visibility
– Doppler — secrets management
• Legal requirements — when required by law, subpoena, or court order.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to a confidentiality agreement.
• With your consent — when you explicitly direct us to share information.
6. Data retention
We retain information for as long as your account is active or as needed to provide the Service:
• Google OAuth tokens — stored encrypted for the lifetime of the integration; deleted within 30 days of disconnection.
• GA / GSC API responses — rendered in your authenticated dashboard session; short-lived result caches are cleared within 24 hours.
• Account data — retained while your account is active; deleted within 90 days after account deletion, except where longer retention is required for legal, accounting, or security purposes.
• Log data — retained up to 30 days in our observability store.
You may request earlier deletion at any time (Section 8).
7. Security
We use industry-standard safeguards, including:
• Encryption in transit (TLS 1.2+) and at rest
• Scoped OAuth tokens with least-privilege access
• Role-based access control and audit logging for internal systems
• Regular security reviews of the codebase and infrastructure
No method of transmission or storage is 100% secure, but we work continuously to protect your information.
8. Your rights
Depending on your jurisdiction (GDPR, CCPA, PIPA, etc.), you may have the right to:
• Access the information we hold about you
• Correct inaccurate information
• Delete your information ("right to erasure")
• Port your information to another service
• Restrict or object to processing
• Withdraw consent (where processing is based on consent)
How to exercise these rights:
Disconnect a Google integration: Go to your workspace settings → Integrations → Disconnect Google. You may also revoke access directly at https://myaccount.google.com/permissions.
Delete your account or data: Email privacy@anymorph.ai from your account email. We will respond within 30 days.
9. International data transfers
Anymorph operates infrastructure primarily in South Korea (Azure Korea Central) and the United States (Azure East US 2, Cloudflare global edge, Google Cloud Storage US multi-region). If you access the Service from another region, your information may be transferred to and processed in these regions. We rely on appropriate safeguards (such as Standard Contractual Clauses) where required by law.
10. Children's privacy
The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.
11. Third-party links and services
The Service may contain links to third-party websites or integrations (Google, Clerk, etc.). We are not responsible for the privacy practices of third parties. Please review their privacy policies before use.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for material changes, notify you by email or in-product notice at least 30 days before the change takes effect.
13. Contact us
If you have questions, concerns, or requests regarding this Privacy Policy, contact us at:
Entity: Opactor Inc.
Address: 2261 Market Street STE 86757, San Francisco, CA 94114, USA
For residents of the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.
Put your domain on autonomous pilot.
Anymorph takes your live site, then generates and refreshes on-brand SEO/GEO pages automatically when your product changes.