Back to home

REVIEW BEFORE PUBLISHING

This is a starter template, not legal advice. Please have a qualified lawyer in your jurisdiction review and edit this document before going live. Replace bracketed placeholders [like this] with your actual business details.

Privacy Policy

Last updated: May 12, 2026

This Privacy Policy explains what personal data Morn ("we", "our") collects, how we use it, and the choices you have. We aim to comply with GDPR, CCPA, and similar privacy laws.

1. Data We Collect

Account data: name, email, password (hashed with bcrypt), plan, organization.

Usage data: pages viewed, inspections performed, IP address, browser type.

Content you upload: inspection templates, responses, photos, issue reports.

Payment data: handled entirely by Stripe; we never see or store your card number.

2. How We Use Data

To provide and improve the Service; to authenticate you and prevent fraud; to send transactional emails (verification, password reset, receipts); to comply with legal obligations. We do not sell your personal data to third parties.

3. Third-Party Services

We share data with the following processors, each under their own privacy commitments:

  • Stripe — payments (https://stripe.com/privacy)
  • Resend — transactional email delivery (https://resend.com/legal/privacy-policy)
  • MongoDB Atlas / our hosting provider — application and database hosting

4. Cookies

We use a small number of cookies and localStorage entries: a session token to keep you logged in, a language preference, a theme preference, and a cookie-consent flag. We do not use third-party advertising or tracking cookies.

5. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export the personal data we hold about you, and to object to certain processing. Email [privacy@yourcompany.com] to exercise any of these rights — we'll respond within 30 days.

6. Data Retention

Account data is kept while your account is active and for up to 90 days after deletion (for backups). Inspection data is retained per your plan's data-retention setting; archived items are auto-deleted 6 months after archival.

7. Security

We hash passwords with bcrypt, transmit data over HTTPS, rate-limit authentication endpoints to protect against brute-force attacks, and restrict access to production data on a need-to-know basis. No system is perfectly secure, but we work hard to protect your data.

8. Children

Morn is not directed at children under 16. We do not knowingly collect data from minors.

9. Changes

If we make material changes, we'll notify registered users by email and update the "Last updated" date above.

10. Contact

Privacy questions? Email privacy@inspectpro.example.com.

    Made with Emergent