Privacy Policy

1. Who we are

Resay is operated by Morco Labs LLC, a limited liability company formed in New Mexico, USA. Our registered address is 1209 Mountain Road Pl NE STE N, Albuquerque, NM 87110, United States. For any privacy question or request you can reach us at contact@morcolabs.com.

For the purposes of EU and UK data protection law, Morco Labs LLC is the controller of personal data processed through Resay.

2. Information we collect

Account identifiers

Resay uses Sign in with Apple. When you sign in, Apple gives us a stable, app-specific user identifier and the email you chose to share (either your real email or a private Apple Relay address that forwards to you). We store this together with a Firebase Authentication user ID that we use as the primary key for your account on our backend.

Content you submit

When you rewrite text, the text you provide, any custom instructions you add, any context you attach, and the tone settings you pick are sent to our backend, which forwards them to a language model provider (OpenAI for the primary call, with Google's Gemini as a fallback). The provider returns rewritten alternatives that we send back to your device and store in your history.

Subscription state

If you purchase Resay Pro, Apple charges your Apple ID and forwards purchase and renewal events to RevenueCat, our subscription orchestration provider. RevenueCat sends us your entitlement status, current product, intro-trial eligibility, and renewal events so that we can give you Pro features. We do not receive your payment-card details; Apple handles all billing.

Device, app and diagnostic data

We collect the kinds of information typical iOS apps need: app version, iOS version, device class, locale, time zone, and crash logs. Crash logs are collected through Firebase Crashlytics and include stack traces, the state of the app at the time of the crash, and an installation identifier.

Product analytics and session replay

We use PostHog Cloud (US region) to understand how Resay is used. PostHog receives event data such as which screens you visit, which features you use and a coarse account identifier tied to your Firebase user ID. We also enable PostHog session replay at a 15% sample rate. Session replay records UI interactions on a subset of sessions; text inputs and images are masked by default so the content you actually rewrite is not captured in replays.

Advertising identifiers

If you tap "Allow" on the iOS App Tracking Transparency prompt, your IDFA may be shared with Meta and TikTok for ad attribution as described in section 5. If you do not allow tracking, no IDFA is shared; we still receive aggregated, privacy-preserving signals via Apple's SKAdNetwork and Meta's Aggregated Event Measurement.

3. How we use your information

• To operate the rewriting service and deliver the alternatives back to you.
• To store your history of rewrites so you can revisit and reuse them.
• To enforce free-tier daily limits and to apply Pro entitlements.
• To diagnose crashes and quality issues.
• To understand which features are useful and prioritise improvements.
• To attribute paid acquisition campaigns so we know which ads work.
• To send transactional push notifications, such as your daily reset reminder, if you have allowed notifications.
• To detect and prevent abuse of the service.
• To comply with legal obligations.

We do not sell your personal information, and we do not use the content you rewrite to train any model.

4. Who we share information with

We share data with the third-party processors below, each only with the data they need to perform their role. We never share your data for purposes unrelated to running Resay.

OpenAI and Google process the text you rewrite under their standard API terms. Under those terms, content sent to the API is not used to train their models. Both providers may retain API request data for a short period (up to 30 days as of this writing) to enforce their abuse policies before deleting it. We do not have a Zero Data Retention agreement with either provider at this time.

We may also disclose information when required by law, to respond to lawful requests by public authorities, to enforce our Terms of Service, or to protect our rights and the safety of our users.

5. Advertising and attribution

We run paid acquisition campaigns on Meta and TikTok. To measure whether those campaigns work we share conversion events (such as app install, trial start and subscription purchase) with each platform.

On launch, Resay shows the standard iOS App Tracking Transparency prompt. Your choice determines what we send:

• If you allow tracking: your IDFA (Identifier For Advertisers) is included with the events we send to Meta and TikTok so they can match your activity to a campaign click.
• If you ask Resay not to track: no IDFA is shared. We still send aggregated, privacy-preserving signals through Apple's SKAdNetwork and through Meta's Aggregated Event Measurement protocol, which do not identify you personally.

Subscription events (trial start, purchase, renewal, cancellation) are forwarded server-to-server. RevenueCat sends these events to Meta on our behalf via the Meta Conversions API. We send them to TikTok directly via the TikTok Events API from our backend.

You can change your tracking choice at any time in iOS Settings → Privacy & Security → Tracking.

6. Data retention

• Rewrite history (free accounts): retained for 7 days. Items older than 7 days are deleted automatically every night.
• Rewrite history (Pro accounts): retained for as long as your account is active. You can delete individual items at any time from within the app.
• Daily usage counters: retained for 31 days so we can enforce the daily free-tier limit and audit suspicious usage.
• Push notification tokens: retained for up to 90 days after we last see your device, then deleted.
• Crash logs and analytics: retained according to the defaults of Firebase Crashlytics and PostHog, generally up to 90 days for detailed events and longer in aggregated form.
• Subscription records: retained for as long as required by tax, accounting and consumer-protection law (typically up to 7 years).

7. Your rights and choices

Depending on where you live, you may have rights under data protection law including:

• Access to the personal data we hold about you.
• Correction of inaccurate data.
• Deletion of your data.
• Restriction of processing or objection to processing.
• Portability of data you provided to us.
• Withdrawal of consent for any processing based on consent.
• The right to lodge a complaint with a supervisory authority.

To exercise any of these rights, email contact@morcolabs.com from the email address linked to your Sign in with Apple account, or from your Apple Relay address. We will respond within the timeframes required by applicable law.

You can cancel your subscription at any time in iOS Settings → [your name] → Subscriptions. Cancellation stops future renewals; access to Pro features continues until the end of the current billing period. Apple processes refund requests.

California residents: we do not sell or share personal information for cross-context behavioural advertising as defined by the CCPA / CPRA. The categories of personal information we collect, the purposes for which we use them, and the categories of third parties we share them with are described in sections 2, 3 and 4 of this policy.

8. Security

We use TLS for all communication between the app and our backend, between our backend and our processors, and between you and this website. Secrets and credentials are stored using platform-managed secret stores and are never committed to source control. Access to production systems is limited and authenticated. No system is ever fully secure; if we become aware of a breach that affects your information, we will notify you and the relevant authorities as required by law.

9. Children

Resay is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

10. International transfers

Morco Labs LLC is based in the United States and most of our processors are also based in the United States. Our primary database is hosted in Western Europe through Cloudflare. If you use Resay from outside the United States, your information will be transferred to and processed in countries where data protection laws may differ from those of your home country. Where required by law, we rely on Standard Contractual Clauses or other approved transfer mechanisms with our processors.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. If we make material changes, we will notify you within the app before the changes take effect. Continued use of Resay after the new policy takes effect means you accept the updated policy.

12. Contact

Privacy questions, data-rights requests, and complaints can be sent to contact@morcolabs.com.

Morco Labs LLC
1209 Mountain Road Pl NE STE N
Albuquerque, NM 87110
United States