MorningSheet
Get startedJoin

Privacy Policy

Last updated

The short version. To run MorningSheet we collect a little about you — your email for sign-in, basic usage and device logs, and anything you send us in support. We sign you in with a one-time emailed link, not a password. We do not sell your personal information. The business leads we sell are compiled from public records and are business information about organizations — not a profile of you, and not consumer data. You can access or delete your data anytime by emailing us. This full policy has the details.

Who this covers

This Privacy Policy explains how MorningSheet ("MorningSheet," "we," "us," or "our"), a business based in Washington State, handles personal information about you — the people who visit our site, create an account, and use the MorningSheet app (our customers and the sales reps who use the Service).

It is separate from how we treat the business-lead data we sell, which is compiled from public records and is business information about organizations. We address that distinction directly under About the business-lead data.

What we collect from you

We keep this deliberately small. We collect:

  • Your email address. Required to create an account and to sign in, because we use passwordless "magic-link" authentication. We also use it to send you service and account messages, and — if you opt in — product updates.
  • Account & subscription details. The tiers, verticals, and counties you subscribe to, your plan status, and billing records. Payment-card details are handled by Stripe, our payment processor; we don't store your full card number.
  • Usage, log & device data. When you use the Service, we and our infrastructure automatically record information such as your IP address, browser and device type, pages and leads you view, actions you take, referring pages, and timestamps. We use this to operate, secure, and improve the Service.
  • Support & communications. If you email us or send feedback, we keep that correspondence and any information you choose to include in it.

We do not ask you for sensitive personal information, and we don't knowingly collect more than we need to run the Service.

How we use your data

We use the information above to:

  • provide, maintain, and secure the Service and sign you in;
  • process your subscription, take payment, and send billing and account messages;
  • respond to your support requests and feedback;
  • understand how the Service is used so we can fix problems, improve features, and tune what leads are useful;
  • detect, prevent, and address fraud, abuse, security issues, and violations of our Terms of Service;
  • comply with our legal obligations and enforce our agreements.

We rely on standard legal bases for this — performing our contract with you, our legitimate interest in running and securing a useful product, your consent (for optional marketing emails), and compliance with law.

We don't sell your personal data

We do not sell your personal information, and we don't share it with third parties for their own advertising. The only parties we share your personal data with are the service providers ("sub-processors") that help us run MorningSheet, listed below, and only so they can perform their function for us. We may also disclose information if required by law or to protect our rights, our users, or the public, and we may transfer it as part of a merger, acquisition, or sale of our business (with notice as required).

Cookies & sessions

We use a small number of strictly necessary cookies (or equivalent local storage) to keep you signed in after you click a magic link and to keep the app working as you move between pages. These are essential to provide the Service you asked for.

We don't run advertising cookies and we never sell your information. To understand traffic and product usage we use a few analytics tools: Google Analytics and PostHog (which set their own analytics cookies / local storage) and Cloudflare Web Analytics (which is cookieless). These collect aggregate usage — pages viewed, referrers, and in-product actions — and we never send them lead, owner, or other personal contact data from the feed. You can block or clear cookies in your browser, but if you block the essential ones you won't be able to stay signed in.

Sub-processors we share with

To run MorningSheet we rely on a few trusted service providers. They process personal data only on our instructions and for the purpose described:

  • Stripe — payments. Processes your subscription payments and stores your payment-card details under Stripe's own privacy terms. We receive billing status and limited transaction details, not your full card number.
  • Resend — transactional email. Delivers your magic-link sign-in emails and account and service messages. To do that, it processes your email address and the contents of those messages.
  • Our hosting & infrastructure provider. Hosts the application, database, and logs that run the Service. Usage and log data passes through this provider as part of normal operation.
  • Google Analytics & PostHog — product analytics. Measure aggregate traffic and in-product usage so we can improve the Service. They receive usage events and device/browser information — never lead, owner, or other personal contact data from the feed.
  • Cloudflare — CDN & cookieless web analytics. Serves and protects the site and measures aggregate traffic without setting cookies.

We choose providers that maintain appropriate security and privacy practices, and we update this list as our providers change.

Retention & deletion

We keep your personal information for as long as you have an account and as needed to provide the Service. After you close your account, we delete or de-identify your personal information within a reasonable period, except where we need to keep certain records to meet legal, tax, accounting, or fraud-prevention obligations, or to resolve disputes. Log data is retained on a rolling basis and then deleted or aggregated.

Your rights & choices

You can ask us to access, correct, export, or delete the personal information we hold about you, and you can close your account at any time. To make a request, email [email protected] from the address on your account, and we'll verify and respond within the time the law allows. You can also unsubscribe from optional marketing emails using the link in any such email; we'll still send essential service messages while you have an account. Depending on where you live, you may have additional rights — see California below — and you won't be treated differently for exercising them.

California privacy (CCPA/CPRA)

If you're a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you the right to know what personal information we collect about you and how we use it, to access and delete it, to correct it, and to not be discriminated against for exercising these rights.

The categories we collect are described under What we collect (identifiers such as your email and IP address, commercial/subscription information, and internet and device activity), used for the purposes under How we use your data. In the past 12 months we have not sold or "shared" (for cross-context behavioral advertising) the personal information of our users, as those terms are defined under California law, and we don't process it for targeted advertising. To exercise any of these rights, email [email protected]; you may use an authorized agent, and we'll verify the request before acting on it.

About the business-lead data

The leads we sell are a separate matter from your personal information, and we want to be clear about it. MorningSheet's lead data is compiled from public records — Washington state, county, and city building permits, business and trade licenses, liquor-license applications, health-department filings, and similar public sources — and it describes businesses, not consumers.

Where a lead shows a business's contact details, that is contact information a business has published or listed for itself as an organization — business contact data, not a consumer profile. We are not a data broker of individuals, and we don't sell people's personal data. We do not ingest public-records lists that are restricted from commercial use, and our export controls are built so that the leads we deliver contain business-rooted information only. Any incidental personal information about a business's owners or principals is used internally as enrichment context and is not sold as a product.

Security

We take reasonable measures to protect your information, including encryption in transit, passwordless authentication that removes the risk of stored or reused passwords, scoped access to systems, and reputable infrastructure providers. No method of transmission or storage is perfectly secure, so we can't guarantee absolute security — but we work to keep what we hold safe and to respond promptly if something goes wrong.

Children

MorningSheet is a business-to-business product intended for use by adults. It is not directed to children, and we don't knowingly collect personal information from anyone under 18. If you believe a child has given us personal information, contact us and we'll delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we'll update the "Last updated" date above and, where appropriate, notify you by email or in the app. If you keep using the Service after a change takes effect, you accept the updated policy.

Contact us

For any privacy question or to exercise your rights, email [email protected]. For general support, write to [email protected]. The terms that govern your use of the Service are in our Terms of Service.