This Privacy Policy explains how MortonApps LLC (“MortonApps,” “we,” “us”) collects, uses, and protects information in connection with the Morton Command Center website (mortoncommand.com) and the Morton Command Center platform (the “Service”).

We act in two different roles depending on how you interact with us:

The sections below distinguish between these two scenarios where it matters.

1. Information We Collect

1a. From website visitors (mortoncommand.com)

When you browse our public website, we collect a minimal amount of standard server log information automatically through our hosting provider, including:

This information is used to operate and secure the site, identify abuse, and produce aggregated traffic analytics. We do not run third-party analytics, advertising, or tracking scripts on the public website.

When you submit our consultation form (the “Schedule a Consultation” form on the contact section), you provide:

We use this information solely to follow up with you about your inquiry and to schedule a discovery call. We do not sell, rent, or share this information with third parties for marketing purposes.

1b. From customers using a deployed Morton Command Center instance

A Morton Command Center deployment is a per-tenant custom instance. The instance reads from and writes to your existing tools (your PSA, RMM, accounting system, security stack, etc.) on your behalf. The data processed inside the instance — your tickets, contacts, companies, devices, billing data, employee information, and so on — is your data, and you remain its controller.

Our access to that data is limited to what is necessary to operate the platform on your behalf and to provide support. Specific operational details, retention windows, processing locations, and subprocessor commitments are spelled out in the Data Processing Addendum that accompanies your Master Services Agreement.

2. How We Use Information

We use the information described above to:

We do not use your information to train artificial intelligence models, run targeted advertising, or build behavioral profiles for any third party.

3. Cookies and Similar Technologies

The public website at mortoncommand.com uses only strictly necessary cookies and local storage required for site functionality (such as remembering whether your browser supports a particular feature). We do not use advertising, analytics, or social-media tracking cookies on the public website.

Customer-facing Command Center deployments require a small set of essential cookies for authentication and session management, set by our authentication provider (see Subprocessors below). These are required for the Service to function and cannot be disabled while signed in.

4. Subprocessors

We rely on a small number of carefully chosen subprocessors to operate the website and the Service. As of the effective date of this policy, our subprocessors are:

Subprocessor Purpose Scope Location
Cloudflare, Inc. Hosting, content delivery, edge security, DNS, key-value and object storage, identity-aware access Public website + customer Service Global edge (US-primary)
Web3Forms (Aviyel, Inc.) Consultation-form submission delivery to MortonApps Public website only United States
Clerk, Inc. User authentication and session management for customer Command Center deployments Customer Service only United States
Amazon Web Services, Inc. (Simple Email Service) Outbound transactional email delivery from customer Command Center deployments Customer Service only United States

We may add or change subprocessors over time. Material changes affecting customer data will be communicated to active customers in accordance with the Data Processing Addendum that accompanies your Master Services Agreement.

5. How We Share Information

We do not sell, rent, or trade your personal information. We share information only in these limited circumstances:

6. Data Retention

We retain consultation-form submissions for as long as needed to follow up on the inquiry and to maintain a record of the relationship for legitimate business purposes, generally not more than 24 months from the last interaction. Server log data is retained on a rolling 30-day basis.

Customer data inside a deployed Command Center instance is retained for the duration of the customer relationship and as defined in the Data Processing Addendum. On termination, we provide a reasonable export window followed by deletion in accordance with that addendum.

7. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

To exercise any of these rights, contact us using the details in Section 11 below. We will respond within 30 days for most requests. We do not discriminate against you for exercising any of these rights.

California residents (CCPA / CPRA)

If you are a California resident, you have the right to know what categories of personal information we collect, to request access to and deletion of that information, to correct inaccurate information, and to limit our use of sensitive information. We do not sell or share your personal information for cross-context behavioral advertising.

European Economic Area, United Kingdom, and Switzerland residents (GDPR / UK GDPR)

Our legal bases for processing personal information are: (a) your consent, where applicable; (b) the performance of a contract with you; (c) compliance with legal obligations; and (d) our legitimate interests in operating and improving the Service, where those interests are not overridden by your rights. You have the rights listed above and may lodge a complaint with your local supervisory authority.

8. International Data Transfers

MortonApps is based in the United States, and several of our subprocessors are also US-based. If you access the Service from outside the United States, your information may be transferred to, stored in, and processed in the United States. We rely on appropriate safeguards (including Standard Contractual Clauses, where applicable) to protect such transfers.

9. Security

We take reasonable and appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, and destruction. These measures include encryption in transit (TLS) and at rest, network-level access controls, role-based access inside the Service, audit logging, principle-of-least-privilege provisioning, and ongoing review of our subprocessors’ security practices.

No system is perfectly secure. If we ever experience a security incident affecting your personal information, we will notify affected parties as required by applicable law.

10. Children’s Privacy

The Service is intended for business use by managed service providers and their authorized personnel. It is not directed to children under 16, and we do not knowingly collect personal information from children. If we learn we have collected such information, we will delete it.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes that affect customer data processing, we will provide notice through the Service or by email to active customers in accordance with the Data Processing Addendum.

12. Contact Us

If you have questions about this Privacy Policy, want to exercise any of the rights described above, or have a complaint, contact us at:

MortonApps LLC
Privacy Inquiries
Email: [email protected]

For matters concerning a deployed Morton Command Center instance, please contact your designated MortonApps representative or use the support channels established under your Master Services Agreement.