Anymorph
Book a demo
Contact Book a demo

Privacy Policy

Effective date: April 24, 2026 Last updated: June 9, 2026

This Privacy Policy explains how 주식회사 애니모프 (Anymorph Inc.) (“Anymorph,” “we,” “us,” or “our”) collects, uses, stores, and protects information when you use the Anymorph platform at https://anymorph.ai and any related services (collectively, the “Service”).

By using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.

1. Who we are

Anymorph is a Generative Engine Optimization (GEO) platform that helps customers analyze AI-search visibility, generate AI-optimized pages, publish those pages on customer-approved domains or routes, and measure resulting performance.

Data controller: 주식회사 애니모프 (Anymorph Inc.) Business registration number: 763-87-03773

  • Address: 3F, 30-11 Nonhyeon-ro 79-gil, Gangnam-gu, Seoul, Republic of Korea Contact: privacy@anymorph.ai

2. Information we collect

2.1 Account information

When you sign up, our authentication provider (Clerk) collects your email address, name, and authentication credentials. We receive a user identifier and profile basics from Clerk so that we can authenticate users and apply workspace-level permissions.

2.2 Workspace, brand, and page content

We collect and process information that customers provide or approve for use in the Service, including:

  • Workspace name, brand name, domain, website URL, and related business profile information
  • Customer-provided source content, URLs, documents, or instructions used to generate and publish pages
  • Landing page drafts, generated page content, metadata, and publication settings
  • Workspace configuration, preferences, integration settings, and operational status

2.3 Connected third-party services

When you explicitly connect a third-party account through the Service, we request only the permissions necessary to deliver the selected feature.

Google Search Console and Google Analytics

ScopePurposeData accessed
https://www.googleapis.com/auth/userinfo.emailIdentify the connected Google accountEmail address
https://www.googleapis.com/auth/webmastersList Search Console properties, read performance data, inspect indexing status, and submit sitemap URLs for pages we publishVerified site list, search analytics, URL inspection/indexing metadata, sitemap registration metadata
https://www.googleapis.com/auth/analytics.readonlyDisplay Google Analytics performance metrics in your dashboardAggregate GA metrics such as sessions, users, page views, engagement rate, and page path

For Google Analytics, we use read-only access. For Google Search Console, the webmasters scope is used so the Service can submit sitemap URLs for customer-approved pages; where only analytics display is required, we can discuss a reduced-scope approach.

Google Drive and content-source integrations

If you connect Google Drive as a content source, we may request https://www.googleapis.com/auth/drive.readonly, https://www.googleapis.com/auth/userinfo.email, and https://www.googleapis.com/auth/userinfo.profile so that you can select and import customer-approved source materials. We use Google Drive data only to provide the user-facing import/generation feature.

If you connect other publishing or content-source integrations such as Webflow or Notion, we store the integration status and tokens needed to perform customer-requested actions. The exact permissions depend on the integration and are shown during the connection flow.

2.4 Usage, telemetry, and log data

We collect product interactions, API requests, IP addresses, browser/device information, operational logs, deployment metadata, and error events to operate, secure, debug, and improve the Service.

2.5 Cookies and similar technologies

We use strictly necessary cookies for authentication and session management. We may use privacy-respecting analytics cookies to measure product usage. We do not use advertising cookies.

3. How we use information

We use the information we collect to:

  • Provide, operate, secure, and maintain the Service
  • Authenticate users and enforce workspace-level access controls
  • Generate, publish, update, and monitor customer-approved pages
  • Analyze brand visibility across AI engines and related search/performance channels
  • Display Google Analytics and Search Console data inside authenticated dashboard sessions
  • Submit sitemap URLs to Google Search Console for pages generated on the customer’s behalf
  • Communicate with you about your account, service status, security, and product updates
  • Detect, prevent, and address technical, fraud, abuse, and security issues
  • Comply with legal obligations

4. Google API Services User Data Policy (Limited Use)

Anymorph’s use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  1. We use Google user data only to provide user-facing features that are prominent in the Service, including displaying GA/GSC analytics, checking indexing status, and submitting sitemaps to GSC.
  2. We do not transfer Google user data to third parties except:
    • As necessary to provide or improve user-facing features that are prominent in the Service,
    • To comply with applicable law, or
    • As part of a merger, acquisition, or sale of assets with the user’s consent.
  3. We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  4. We do not allow humans to read Google user data unless:
    • We have the user’s affirmative consent for a specific purpose,
    • Doing so is necessary for security purposes such as investigating abuse,
    • Doing so is necessary to comply with applicable law, or
    • The data, including derivations, is aggregated and used for internal operations in accordance with applicable privacy and other laws.

5. How we share information

We do not sell personal information. We share information only in the following circumstances:

  • Service providers and sub-processors that run infrastructure or provide core product capabilities under contract, including:
    • Clerk — user authentication and session management
    • Microsoft Azure — application hosting, container registry, managed secrets, storage, and related cloud infrastructure
    • Cloudflare — edge delivery, tenant routing, Workers, object storage (R2), key-value storage, queues, and edge security features
    • Google Cloud Platform — object storage and Google/Vertex AI services used for selected AI and artifact workflows
    • OpenAI, Anthropic, and Google (Gemini / Vertex AI) — large-language-model providers used to generate content and analyze AI visibility
    • Inngest — workflow orchestration and asynchronous job execution
    • PostHog and other observability/analytics providers — product analytics, logs, metrics, and operational diagnostics where enabled
  • Legal requirements — when required by law, subpoena, court order, or lawful government request.
  • Business transfers — in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate confidentiality commitments.
  • With your consent — when you explicitly direct us to share information.

6. Data retention

We retain information for as long as your account or workspace is active, or as needed to provide the Service:

  • Google OAuth tokens and other integration tokens — stored encrypted for the lifetime of the integration; deleted or made unusable within 30 days of disconnection unless a longer period is required for security, legal, or backup retention.
  • GA / GSC API responses — displayed in authenticated dashboard sessions; short-lived result caches are generally cleared within 24 hours unless aggregated into workspace analytics history.
  • Workspace, brand, and generated content — retained while the workspace is active and for up to 90 days after account or workspace deletion, except where longer retention is required for legal, accounting, backup, or security purposes.
  • Operational logs — retained for a limited period appropriate to debugging, security, and audit needs; production application logs are generally retained for up to 30 days unless an incident or legal obligation requires longer retention.

You may request earlier deletion at any time (Section 8).

7. Security

We use technical and organizational safeguards designed to protect information, including:

  • Encryption in transit using HTTPS/TLS and encryption at rest through managed cloud storage/database controls
  • Encrypted storage of OAuth and integration tokens
  • Centralized secret management through managed secret stores such as Azure Key Vault
  • Role-based access control for customer workspaces and internal administrative functions
  • Separation of user authentication, workspace authorization, public API keys, and operator/admin secrets
  • CI/CD checks, code review, and controlled deployment through GitHub Actions and containerized releases
  • Monitoring, logging, and incident response procedures for operational and security events

No method of transmission or storage is 100% secure, but we work continuously to protect your information.

8. Your rights

Depending on your jurisdiction, including GDPR, CCPA/CPRA, and Korean Personal Information Protection Act (PIPA), you may have the right to:

  • Access the information we hold about you
  • Correct inaccurate information
  • Delete your information
  • Port your information to another service
  • Restrict or object to processing
  • Withdraw consent where processing is based on consent

How to exercise these rights:

  • Disconnect a Google integration: Go to workspace settings → Integrations → Disconnect Google. You may also revoke access directly at https://myaccount.google.com/permissions.
  • Delete your account or data: Email privacy@anymorph.ai from your account email. We will respond within 30 days unless applicable law permits or requires a different response period.

9. International data transfers

Anymorph operates infrastructure in South Korea, the United States, and other regions where our cloud and sub-processor services operate. If you access the Service from another region, your information may be transferred to and processed in these regions. We rely on appropriate safeguards, such as contractual commitments and standard contractual clauses where required by law.

10. Children’s privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

The Service may contain links to third-party websites or integrations. We are not responsible for the privacy practices of third parties. Please review their privacy policies before use.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top and, for material changes, notify you by email or in-product notice where required by law.

13. Contact us

If you have questions, concerns, or requests regarding this Privacy Policy, contact us at:

  • Email: privacy@anymorph.ai
  • Entity: 주식회사 애니모프 (Anymorph Inc.)
  • Business registration number: 763-87-03773
  • Address: 3F, 30-11 Nonhyeon-ro 79-gil, Gangnam-gu, Seoul, Republic of Korea

For residents of the European Economic Area, the United Kingdom, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.