MorderMorder
← Back to Morder

Privacy Policy

Last updated: 25 May 2026

1. Who We Are

Morder (operated by Comet AI) ("Morder", "we", "our") operates the Morder platform, a SMS retention and automation tool for Shopify merchants. Our registered address is in Latvia, European Union.

For privacy enquiries, contact us at ronalds.palacis@gmail.com.

2. Scope of This Policy

This policy covers data processed by Morder in two contexts:

  • Merchant data - information about Shopify store owners who install the Morder app.
  • End-customer data - information about the customers of those Shopify stores, collected on behalf of the merchant (Morder acts as a data processor; the merchant is the data controller).

3. Data We Collect

3.1 Merchant data

  • Shopify store domain and OAuth access token
  • WhatsApp Business Account (WABA) ID and phone number ID
  • Store configuration (store type, tier settings, flow configurations)
  • Billing information (handled by Shopify - we do not store card details)

3.2 End-customer data (processed on behalf of the merchant)

  • Phone number (collected at opt-in)
  • Name and email address (from Shopify order data)
  • Order history (product IDs, order value, order dates)
  • Storefront behaviour (product views, cart additions) via Shopify Web Pixels
  • SMS consent record (timestamp, source, IP address, user agent)
  • Customer tier (calculated from order history)
  • SMS message delivery and read status

4. Lawful Basis for Processing (GDPR)

Morder is based in the EU and complies with the General Data Protection Regulation (GDPR).

  • Contract performance - processing merchant data to deliver the Morder service under our Terms of Service.
  • Explicit consent - SMS marketing messages are only sent to end-customers who have given explicit, freely given, informed consent via a Morder opt-in widget. Consent records include timestamp, source, and IP address. Customers may withdraw consent at any time by replying STOP to any message.
  • Legitimate interests - aggregated analytics to improve replenishment prediction accuracy, balanced against data subjects' rights.

5. SMS and Meta

Morder integrates with SMS delivery providers to send messages on behalf of merchants.

  • Messages are sent via third-party SMS providers. Message content and metadata are processed in accordance with those providers' privacy policies.
  • Phone numbers are transmitted only at the point of sending a message, solely to the intended recipient.
  • Morder does not use end-customer data for any purpose other than operating the merchant's SMS flows.
  • Morder does not sell or share end-customer data with third parties for advertising or profiling.

6. Shopify Data Access

Morder requests the following Shopify API scopes: read_products, read_orders, read_customers, write_script_tags. This access is used exclusively to power the replenishment prediction engine, trigger flows on purchase events, and inject consent collection widgets into the merchant storefront.

7. Data Retention

  • End-customer data is retained for as long as the merchant's Morder subscription is active, plus 30 days after cancellation.
  • Consent logs are retained for 3 years to support GDPR audit requirements.
  • Upon app uninstallation, all merchant and end-customer data is scheduled for deletion within 30 days.

8. Data Subject Rights

Under GDPR, individuals have the right to access, rectify, erase, restrict processing of, and port their personal data, and to object to processing.

  • End-customers should contact the Shopify merchant whose store they purchased from. The merchant is the data controller and Morder will fulfil deletion requests within 30 days of notification.
  • Merchants may request data access or deletion by emailing ronalds.palacis@gmail.com.
  • Any individual may opt out of SMS messages at any time by replying STOP to any Morder-sent message.

9. Data Security

All data is stored in an EU-based PostgreSQL database (Neon, hosted on AWS eu-central-1). All connections use TLS encryption. Access tokens are stored encrypted at rest. We apply the principle of least privilege to all internal data access.

10. International Transfers

Morder is operated within the EU. When messages are sent via third-party providers, data may be processed in the United States under standard contractual clauses and the provider's Data Processing Terms.

11. Cookies and Tracking

The Morder merchant dashboard does not use tracking cookies. The storefront consent widget (injected into the merchant's Shopify store) collects only the data explicitly provided by the customer (phone number, consent signal) and does not set persistent cookies.

Behavioural events (product views, cart additions) are captured via Shopify's Web Pixels API on behalf of the merchant, in accordance with the merchant's own cookie consent configuration.

12. Changes to This Policy

We may update this policy as the product evolves. Material changes will be communicated to merchants via email or in-app notification at least 14 days before taking effect.

13. Contact

For any privacy-related questions, data requests, or complaints:

Email: ronalds.palacis@gmail.com
Company: Morder (operated by Comet AI)
Jurisdiction: Latvia, European Union

You have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) at www.dvi.gov.lv.