RoleMorph

Legal

Privacy Policy

Last updated: June 2025

1. Who we are

RoleMorph is operated by Theo van der Westhuizen, based in South Africa. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use rolemorph.com.

We are committed to protecting your privacy in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) of South Africa, and to handling your data responsibly.

2. Information we collect

We collect the following categories of personal information:

  • Account information — your name and email address when you create an account or sign in via Google or email.
  • Assessment data — your job title, industry, seniority, role description, and the tasks you enter during your assessment. This is the core input used to generate your report.
  • Usage data — pages visited, features used, and actions taken on the Site (e.g. completing a sneak preview, starting an assessment).
  • Newsletter data — your email address if you subscribe to our newsletter via the Site.
  • Payment data — payment is processed entirely by Paddle. We do not receive or store your card details. We receive confirmation of payment completion and your email address from Paddle.
  • Technical data — IP address, browser type, device type, and session identifiers collected automatically when you visit the Site.

3. How we use your information

We use your personal information to:

  • Generate and deliver your AI role analysis report
  • Manage your account and authenticate your identity
  • Process and verify your payment (via Paddle)
  • Send you your report, receipts, and account-related communications
  • Send you our newsletter and updates if you have subscribed (you can unsubscribe at any time)
  • Improve the accuracy and relevance of our AI analysis
  • Monitor and maintain the security of the platform
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising profiling or share it with data brokers.

4. Legal basis for processing

We process your personal information on the following grounds:

  • Contract performance — to deliver the product you have purchased
  • Legitimate interest — to improve our service and ensure platform security
  • Consent — for newsletter communications (which you can withdraw at any time)
  • Legal obligation — where required by applicable law

5. Third-party services

We use the following third-party services to operate RoleMorph. Each has its own privacy policy governing their data handling:

  • Paddle — payment processing and merchant of record. Paddle handles all payment data and tax compliance.
  • Anthropic — powers the AI analysis engine via Claude. Your assessment data (job title, tasks) is sent to Anthropic to generate your report. Anthropic does not use API inputs to train its models.
  • Neon — cloud database provider (PostgreSQL). Your account and assessment data is stored on Neon's servers in the United States.
  • Vercel — cloud hosting provider. The Site is hosted on Vercel's infrastructure.
  • MailerLite — email marketing platform used to send our newsletter and post-purchase communications to subscribers who have opted in.
  • Google — if you sign in with Google, your authentication is handled by Google OAuth. We receive your name and email address only.

6. Data retention

We retain your account and assessment data for as long as your account is active. If you request deletion of your account, we will remove your personal data within 30 days, except where retention is required by law (e.g. transaction records).

Newsletter subscriber data is retained until you unsubscribe.

7. Your rights under POPIA

As a data subject, you have the right to:

  • Access — request a copy of the personal information we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request erasure of your personal data (subject to legal retention requirements)
  • Objection — object to processing based on legitimate interest
  • Withdrawal of consent — withdraw consent for newsletter communications at any time
  • Complaint — lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, contact us at hello@rolemorph.com.

8. Cookies and tracking

RoleMorph uses session cookies necessary for authentication and platform functionality. We may use analytics tools to understand how the Site is used. We do not use third-party advertising cookies.

9. Data security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure. All data is transmitted over HTTPS. Database access is restricted and access-controlled.

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately.

10. International transfers

Your data may be processed and stored in the United States (Neon, Vercel, OpenAI). We take steps to ensure that transfers outside South Africa are subject to appropriate safeguards consistent with POPIA requirements.

11. Children

RoleMorph is intended for professional use by adults. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that we have done so, we will delete that information promptly.

12. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The “Last updated” date at the top of this page indicates when the Policy was last revised.

13. Contact

For any privacy-related questions or requests, please contact us at hello@rolemorph.com.