Privacy
What happens to your data.
Last updated: May 13, 2026
Morthn is an AI receptionist for service businesses. To do that job we have to handle two kinds of data: data about you, the business owner who signed up, and data about the people who call, text, or chat with your business. This page explains exactly what we collect, why we collect it, who we share it with, and how to delete it.
Plain English, no dark patterns. If anything below is unclear, email privacy@morthn.com and we’ll fix the doc.
What we collect
From you (the business owner)
Name, email, business name, phone, billing address, and Stripe payment metadata (we never store card numbers — Stripe does). Plus whatever you configure: services, pricing, business hours, booking links.
From your customers (callers, texters, chatters)
Phone numbers and names from inbound calls and SMS. Audio recordings and AI-generated transcripts of every call. Chat and SMS message contents. Appointment details (time, service, notes). Whatever the caller voluntarily shares during the conversation.
Automatically
Standard web logs: IP address, browser, pages viewed. We use PostHog for aggregate product analytics — no session replay, no user-identifying tracking on marketing pages without consent where required.
Why we collect it
- To run your AI receptionist. Voice and text data flows through the AI to generate a response. Transcripts go in your dashboard so you can read what happened.
- To send booking confirmations and follow-ups. Email and SMS sent from your account go through Resend and Twilio.
- To bill you. Stripe handles subscription processing.
- To improve the product. Aggregate usage (calls per day, booking rate, drop-offs) helps us prioritize what to build. We do not train AI models on your call data.
- To comply with law. Subpoenas, court orders, fraud investigations.
Who we share it with
We use third-party processors to deliver the service. Each one only sees the data they need to do their job, and each one has its own privacy policy linked below.
Anthropic
Privacy policy →AI model — turns caller speech and chat into responses.
Vapi
Privacy policy →Real-time voice infrastructure — handles audio streams during a call.
Twilio
Privacy policy →Telephony and SMS — connects the phone number to the AI.
Stripe
Privacy policy →Payments — processes subscription billing. We never see card numbers.
Supabase
Privacy policy →Database — stores accounts, transcripts, and appointment data.
Vercel
Privacy policy →Hosting — serves the web app and runs API endpoints.
Resend
Privacy policy →Transactional email — sends booking confirmations and account emails.
PostHog
Privacy policy →Product analytics — tracks aggregate usage to improve the product.
We do not sell personal information. We do not rent or trade customer call data with anyone outside the processors above.
Call recording & consent
Calls answered by your Morthn agent are recorded and transcribed by default — recordings live in your dashboard. Many U.S. states (CA, FL, IL, MA, MD, MT, NH, PA, WA, plus others) require all parties to consent to recording. Your AI agent is configured to announce that the call is being answered by an automated assistant; you can also add a recording disclosure to the greeting from your dashboard. Compliance with two-party consent law in your state is your responsibility as the business operator — but we’ll give you the controls to do it right.
HIPAA
The default Morthn product is not HIPAA-eligible. If you are a covered entity (dental practice, med spa, urgent care, etc.) you need our HIPAA add-on, which includes a Business Associate Agreement and routes calls through HIPAA-eligible infrastructure. Contact aiden@morthn.com before connecting any phone line that receives PHI.
How long we keep it
- Account data: as long as your account is active.
- Call recordings and transcripts: 90 days by default. You can configure shorter retention in your account settings, or delete individual recordings on demand.
- Billing records: 7 years for tax purposes (this is a U.S. legal requirement, not a choice).
- Aggregate analytics: indefinite, in anonymized form.
Your rights
Under CCPA (California), GDPR (EU), and equivalent laws elsewhere, you have the right to know what we have on you, to get a copy, to correct it, and to delete it. Email privacy@morthn.com and we’ll handle the request within 30 days. We don’t charge for this.
For callers and customers of Morthn-using businesses: your data is controlled by the business that owns the Morthn account. Send your deletion request to them first — but if they don’t respond in a reasonable time, email us and we’ll process it directly.
Children
Morthn is a B2B product. We don’t knowingly collect data from anyone under 13. If your business receives a call from a minor, the recording is treated like any other call data — kept under the same 90-day retention, accessible only by the account owner and the processors above.
Security
All data in transit is encrypted (TLS). All data at rest is encrypted by Supabase and Vercel. Access to production data is restricted to the founder and on-call engineers. We have not (yet) been independently audited for SOC 2 — when we are, this page will say so.
Changes to this policy
If we make a material change (new processor, change in retention, change in how we use data), we’ll email everyone with an active account at least 14 days before it takes effect. Non-material changes (typos, clearer wording) we’ll just push and update the “Last updated” date at the top of this page.
Contact
Morthn, Inc. · Atlanta, GA
Privacy questions: privacy@morthn.com
Anything else: aiden@morthn.com