How we protect your data and biometric information.
At MorphID.ai, security is foundational — not an afterthought. Given the sensitive nature of biometric data and facial imagery, we implement multi-layered security measures that meet or exceed industry standards and regulatory requirements including GDPR, CCPA, BIPA, and the EU AI Act.
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. Biometric data receives additional layer encryption.
Database-level access controls ensure users can only access their own data. No user can view, modify, or delete another user's cases, images, or transformations.
All API endpoints require authentication. Admin functions require role-based authorization verified server-side. No client-side privilege checks.
We use enterprise-grade cloud infrastructure with automatic failover, DDoS protection, and isolated compute environments for AI processing.
We maintain a documented incident response plan. In the event of a data breach affecting your personal or biometric data, we will notify affected users within 72 hours as required by GDPR and applicable state laws.
We conduct regular security assessments, dependency vulnerability scans, and code reviews. Third-party penetration tests are performed annually.
Biometric data — including facial geometry, landmark coordinates, and analysis metadata — receives our highest level of protection. This data is never shared with third parties, never used for advertising, and is permanently deleted when you remove the associated case or account. We comply with the Illinois Biometric Information Privacy Act (BIPA) retention and destruction requirements.
Images sent to AI models for transformation processing are transmitted via encrypted API channels with data processing agreements that prohibit retention for model training. No biometric templates are permanently stored by our AI providers. All AI processing occurs through authenticated, rate-limited API endpoints.
If you discover a security vulnerability in MorphID.ai, we encourage responsible disclosure. Please report vulnerabilities to security@morphid.ai. We commit to acknowledging reports within 48 hours and providing status updates throughout the remediation process. We will not take legal action against researchers who report vulnerabilities in good faith.
MorphID.ai — Security Team
Email: security@morphid.ai