Security at Morton Growth

Last updated: June 7, 2026

Morton Growth is a service of MortonApps, LLC, a California company. This page explains, plainly and honestly, how we protect the information you share with us through this website. Our approach is simple: collect as little as possible, encrypt everything in transit, and run on reputable, well-secured infrastructure.

The only personal information this website collects is what you choose to type into the consultation form. We do not host accounts here, and we do not collect or process any payment information on this site.

Encryption in transit

Every page and every form submission on mortongrowth.com is served over HTTPS using TLS. HTTP requests are automatically upgraded to HTTPS at the network edge, so your information is encrypted while it travels between your browser and our infrastructure. There is no unencrypted path to the Site.

Reputable infrastructure

We do not run our own servers. The Site is built on infrastructure operated by established providers chosen for their security track record:

• Cloudflare hosts the Site (Cloudflare Pages) and provides our content-delivery network, DNS, and edge security — including DDoS protection. There is no traditional origin server sitting exposed to the internet.
• Amazon Web Services (Amazon SES) delivers your consultation-form submission to us by email. The form posts to MortonApps’ shared email API, which sends through SES over encrypted connections.
• Microsoft Clarity provides privacy-friendly, aggregate analytics so we can improve the Site. It is configured to mask on-page content where supported, and we do not use it for advertising or cross-site tracking.

These providers maintain their own robust security programs and industry certifications. We rely on their hardened platforms rather than reinventing that layer ourselves.

Minimal data collection

The most reliable way to protect data is not to hold more of it than necessary. We collect only what the consultation form asks for — your name, business name, email, phone, current website, service area, what your business does, and your message — and only so we can respond to your inquiry. We do not sell it, we do not use it for advertising, and we do not use it to train AI models. See our Privacy Policy for the full detail on what we collect and how long we keep it.

No payment data on this site

This website does not take payments and does not ask for credit-card, bank, or other financial information. If you become a client, any billing is handled separately under your signed agreement — never through a form on this marketing site. If a page on mortongrowth.com ever asks you for payment details, do not enter them and please let us know.

Operational practices

• Least access. Access to consultation submissions is limited to the people at MortonApps who need it to follow up with you.
• Maintained dependencies. The Site is a static build with a small, deliberately limited set of third-party components, which keeps the attack surface small and easy to keep current.
• Edge security. We rely on Cloudflare’s edge protections, including automatic HTTPS and DDoS mitigation, in front of the Site.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability in the Morton Growth website, please email [email protected] with enough detail to reproduce it. We ask that you give us a reasonable opportunity to address the issue before disclosing it publicly, and that you avoid privacy violations, service disruption, and destruction of data while testing. We will not pursue legal action against researchers who report in good faith under these guidelines, and we are happy to credit you (with your permission) once an issue is resolved.

An honest note on certifications

We want to be straight with you: MortonApps does not currently hold formal security certifications such as SOC 2 or ISO 27001 as an organization. What we do is keep this site simple, encrypt everything in transit, collect the minimum, take no payments here, and stand on the security of well-established infrastructure providers. We would rather tell you exactly what we do than claim audits we have not completed.

Questions

For any security question about this website, contact us at [email protected]. For privacy and data questions, see our Privacy Policy or email [email protected].