MORRA.io Ltd ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing analytics platform and services.
1. Information We Collect
1.1 Information You Provide
We collect information that you provide directly to us, including:
- Account Information: Name, email address, company name, and password when you register
- Profile Information: Job title, phone number, and other optional profile details
- Payment Information: Billing address and payment card details (processed securely by our payment provider)
- Communications: Information you provide when contacting our support team
- Marketing Data: Campaign data, analytics information, and other marketing metrics you upload to our platform
1.2 Information Collected Automatically
When you use our services, we automatically collect:
- Usage Data: Features used, pages viewed, time spent, and interaction patterns
- Device Information: IP address, browser type, operating system, and device identifiers
- Log Data: Access times, error logs, and system activity
- Cookies and Similar Technologies: See our Cookie Policy below
1.3 Information from Third Parties
We may receive information from:
- Marketing platforms and advertising networks you connect to our service
- Payment processors and fraud prevention services
- Analytics and business intelligence providers
2. How We Use Your Information
We use the collected information for the following purposes:
- Service Delivery: To provide, maintain, and improve our marketing analytics platform
- Account Management: To manage your account, process payments, and provide customer support
- Analytics and Insights: To analyze marketing data and provide predictive analytics
- Communication: To send service updates, security alerts, and support messages
- Marketing: To send promotional communications (with your consent)
- Security: To detect, prevent, and address fraud, security, or technical issues
- Legal Compliance: To comply with legal obligations and enforce our terms
- Product Development: To develop new features and improve our services
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and UK, we process your personal data based on:
- Contract Performance: Processing necessary to provide our services
- Consent: Where you have given explicit consent (e.g., marketing communications)
- Legitimate Interests: For service improvement, fraud prevention, and security
- Legal Obligation: To comply with applicable laws and regulations
4. How We Share Your Information
We do not sell your personal information to third parties. We may share your information with trusted third parties who assist us in operating our service, such as:
- Service Providers: Cloud hosting (e.g., Google Cloud Platform), payment processors (e.g., Stripe), email services, and analytics providers. These providers are bound by confidentiality agreements and are only permitted to use your information to provide services to us.
- Business Partners: With your consent, for integrated marketing platform features.
- Legal Requirements: When required by law, court order, or government request.
- Business Transfers: In connection with mergers, acquisitions, or asset sales.
- Aggregate Data: Anonymized, aggregated data for research and analytics, which cannot be used to identify you.
We do not sell your personal information to third parties.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS/SSL) and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection
- Incident response procedures
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.
For example:
- Your account data is retained for as long as your account is active and for a reasonable period thereafter in case you decide to re-activate the service.
- Billing information is retained for a longer period to comply with financial and tax regulations.
- Anonymized usage data may be retained indefinitely for service improvement and analytics.
After your account is deleted, we will either delete or anonymize your personal data, unless it is required to be retained by law.
7. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we use your data
- Data Portability: Receive your data in a machine-readable format
- Object: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent where processing is based on consent
- Complaint: Lodge a complaint with your data protection authority
To exercise these rights, contact us at support@morra.io.
8. Cookie Policy
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze site usage.
8.2 Types of Cookies We Use
Essential Cookies (Required):
- Authentication and security
- Session management
- Load balancing
Functional Cookies (Optional):
- Remember your preferences and settings
- Language and region selection
- User interface customization
Analytics Cookies (Optional):
- Google Analytics for usage patterns
- Performance monitoring
- Feature usage tracking
Marketing Cookies (Optional):
- Personalized advertising
- Campaign effectiveness measurement
- Social media integration
8.3 Managing Cookies
You can control cookies through:
- Our cookie consent banner (appears on first visit)
- Browser settings (most browsers allow you to block or delete cookies)
- Opt-out tools provided by advertising networks
Note: Blocking essential cookies may affect site functionality.
8.4 Third-Party Cookies
We use third-party services that may set cookies:
- Google Analytics (analytics)
- Firebase (authentication and hosting)
- Stripe (payment processing)
These third parties have their own privacy policies.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework compliance
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
10. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us.
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically. We will notify you of material changes by:
- Posting the new policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
Your continued use of our services after changes constitutes acceptance of the updated policy.
12. Contact Us
13. Supervisory Authority
If you are in the EEA or UK, you have the right to lodge a complaint with your local data protection authority:
UK: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
This Privacy Policy is compliant with GDPR (EU) 2016/679, UK GDPR, and other applicable data protection laws.