PRIVACY POLICY
MORSIS Platform
Synergy Shock LLC
Version: 1.0
Last updated: February 11th, 2026
1. Introduction
This Privacy Policy describes how Synergy Shock LLC ("Synergy Shock", "we", "us", or "our") collects, uses, stores, protects, and shares information through the MORSIS platform, including our website (morsis.com), web application, APIs, interactive kiosks, and related services (collectively, the "Platform").
MORSIS is a software-as-a-service (SaaS) platform that provides interactive kiosk solutions, point-of-sale systems, messaging integrations, and related services to businesses ("Customers").
This Policy is designed to comply with applicable data protection regulations in jurisdictions where the Platform operates, including but not limited to:
Law 25.326 (Personal Data Protection Act) - Argentina
Federal Law on Protection of Personal Data Held by Private Parties - Mexico
Law 19.628 (Protection of Private Life) - Chile
Law 29.733 (Personal Data Protection Law) - Peru
Statutory Law 1581 of 2012 - Colombia
Lei Geral de Proteção de Dados (LGPD) - Brazil
General Data Protection Regulation (GDPR) - European Union
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
Other applicable U.S. state privacy laws
This Policy applies to:
Customer Data: Information our Customers provide or that we process on their behalf
End User Data: Information about individuals who interact with our Customers' services through the Platform
Visitor Data: Information about visitors to our website
By using the Platform, you agree to the terms of this Privacy Policy
2. Data Controller and Data Processor Roles
2.1 When We Act as Data Processor
For most data processed through the Platform, our Customers are the Data Controllers and Synergy Shock acts as a Data Processor. This includes:
End user information collected through kiosks
Customer loyalty program data
Transaction and payment confirmation data
Messages exchanged through WhatsApp Business or Instagram integrations (where the WhatsApp/Instagram account belongs to the Customer)
In these cases, our Customers determine the purposes and means of processing. We process this data only according to our Customers' instructions and our agreements with them.
Important regarding WhatsApp/Instagram messaging: When end users communicate with a Customer's WhatsApp or Instagram account, the Customer is responsible for informing those end users that their communications are processed through the MORSIS platform and that their personal data (phone number, name, message content) will be processed by Synergy Shock LLC as a data processor. Customers must include this information in their own privacy policies and/or automated welcome messages.
2.2 Co-Controller (Interactive Kiosks)
For interactive kiosk deployments, the business where the kiosk is installed may act as a co-controller with respect to information it provides to be communicated through the System (such as product information, prices, promotions, and business hours).
2.3 When We Act as Data Controller
Synergy Shock acts as Data Controller for:
Customer account information (business contact details, billing information)
Communications between Customers and Synergy Shock (including support requests via WhatsApp to Synergy Shock's own number)
Website visitor information
Information collected for our own business purposes (analytics, marketing)
Aggregated and anonymized data derived from Platform usage for product improvement (see Section 5.5)
2.4 Contact Information
Synergy Shock LLC
Address: 1603 Capitol Ave Ste 415 PMB 134544, Cheyenne, Wyoming 82001, USA
Data Protection Officer (DPO):
Luciano Ganga
Email: luciano@synergyshock.com
3. Information We Do NOT Collect (Interactive Kiosks)
For interactive kiosk deployments, the System is designed to NOT collect personal data from end users. Specifically:
We do not perform facial recognition or any other type of biometric identification;
We do not permanently record or store images captured by the camera;
We do not permanently record or store audio from interactions;
We do not collect names, emails, phone numbers, ID documents, or any other personally identifiable information through kiosk interactions (unless the Customer has enabled a loyalty program with explicit user consent);
We do not create individual user profiles or track specific individuals;
We do not perform age, gender, or demographic estimations linked to identifiable individuals.
4. Information We Collect
4.1 Customer Account Information
When Customers register for MORSIS, we collect:
Business name and legal entity information
Contact name, email address, and phone number
Billing address and payment information
Login credentials
4.2 Real-Time Processing (Kiosks - No Permanent Storage)
Audio: The System captures audio through the microphone to process user queries. This audio is transmitted in real-time to natural language processing servers and is not permanently stored once the query is processed;
Video: The camera may capture images to detect user presence and improve interaction. These images are processed in real-time and are not permanently stored.
4.3 End User Data (Processed on Behalf of Customers)
Through our Platform, we may process the following data on behalf of our Customers:
Loyalty Program Data (when enabled by Customer with user consent):
Name, email address, phone number
National ID (DNI) or tax ID (CUIT)
Date of birth or age, gender
Consumption preferences related to Customer's products
Purchase history and preferences
Points balance and redemption history
Age verification (declaration of legal age)
Transaction Data:
Products purchased, amounts, dates
Non-sensitive payment data (last 4 digits, card type, issuing bank)
Order status and fulfillment information
Messaging Data (WhatsApp/Instagram Module):
Phone numbers of individuals who contact our Customers
WhatsApp/Instagram usernames
Message content and conversation history
Message metadata (timestamps, delivery status)
Technical and Usage Data (Anonymized):
Technical logs for diagnostics and troubleshooting
Aggregated usage metrics (number of interactions, average duration, peak hours, common query types)
Performance data (response times, system errors, quality metrics)
This information does not allow identification of individual users and is used exclusively to improve System operation.
Internal User Data (Customer's employees):
Name and corporate email
Role and permissions within the Platform
Activity logs (audit trail)
Note: Internal users (Customer's employees) accept this Privacy Policy when they are registered on the Platform. It is the Customer's responsibility to inform their employees about the processing of their data and ensure they have the necessary authorization before registering them on the Platform.
4.4 Website Visitor Information
When you visit morsis.com, we may collect:
IP address and device information
Browser type and language preferences
Pages visited and time spent
Referral source
Cookies and similar technologies (see Section 10)
5. How We Use Information
5.1 Customer Account Information
We use Customer account information to:
Provide and maintain the Platform
Process payments and billing
Communicate about the service (updates, support, alerts)
Improve our products and services
Comply with legal obligations
5.2 End User Data
We process End User data solely to provide the Platform functionality to our Customers, including:
Generate responses to user queries in real-time
Operating kiosk and POS systems
Managing loyalty programs
Processing and routing messages
Generating reports and analytics for Customers
Monitor and diagnose technical System operation
Improve Service quality through performance analysis
Providing technical support
We do not:
Sell End User data
Use End User data for our own marketing purposes
Use End User data for targeted advertising
Share End User data with third parties except as necessary to provide the service
Use End User data to identify individual users (except for loyalty program members who have consented)
5.3 Messaging Data
When Customers use our WhatsApp Business or Instagram integration, we process messaging data to:
Display incoming messages in the Customer's dashboard
Enable Customers to respond to messages
Store conversation history for the Customer's reference
Automate responses based on Customer-defined rules
Integrate messaging with order management
5.4 Data from Meta Platforms (WhatsApp/Instagram)
When processing messaging data through WhatsApp Business API or Instagram API:
We access data only as permitted by Meta's Platform Terms and the user's permissions;
We do not use data obtained from Meta about message recipients for any purpose other than providing the messaging service to our Customers;
We do not sell, license, or otherwise transfer any data obtained from Meta to any third party;
We comply with Meta's Developer Data Use Policy and WhatsApp Business Policy;
Our Customers are responsible for obtaining proper opt-in consent from their end users before initiating WhatsApp communications;
End users may opt-out of receiving messages by contacting our Customer directly or by blocking the business on WhatsApp.
For more information about how Meta processes data, please refer to:
5.5 Aggregated and Anonymized Data
Synergy Shock may use aggregated and anonymized data derived from Platform usage to improve our products and services. This includes:
Usage patterns and statistics (e.g., number of interactions, peak usage times, common query types)
System performance metrics (response times, error rates)
Feature adoption and usage trends
This data is anonymized and does not identify individual end users. It relates solely to the functioning of the application and does not include specific personal data belonging to Customers' end users. For this anonymized data, Synergy Shock acts as Data Controller.
6. Legal Basis for Processing
Depending on the jurisdiction and type of data, we process information based on:
Contract Performance: Processing necessary to provide our services
Legitimate Interests: Improving our services, security, fraud prevention
Legal Obligations: Compliance with applicable laws
Consent: Where required by law or for optional features
For End User data processed on behalf of Customers, our Customers are responsible for establishing the appropriate legal basis.
7. Data Sharing and Disclosure
7.1 Sub-processors
We use third-party service providers to help operate the Platform. Current sub-processors include:
| Provider | Service | Location | Data Processed |
|---|---|---|---|
| Google Cloud Platform | Cloud infrastructure | United States | Aggregated usage metrics, session data |
| OpenAI | AI/NLP processing (Realtime API) | United States | Text and audio sent for inference, real-time processing |
| Cloudflare | CDN, security | Global | Web traffic, IP addresses, static files |
| Vercel | Hosting | Global | HTTP requests, server logs |
| Sentry | Error monitoring | United States | Error logs, stack traces, device metadata |
| Resend | Email delivery | United States | Email addresses, email content |
| Meta Platforms | WhatsApp/Instagram APIs | United States/Global | Phone numbers, usernames, message content |
Note regarding OpenAI: Audio and text data sent to OpenAI for processing is retained for a maximum of 30 days for API abuse monitoring, then deleted. OpenAI does not use API data to train models.
A complete list with Data Processing Agreement links is available in the Sub-processors Annex or upon request.
7.2 Payment Processors
Payment processing is handled by third-party providers (such as Nave, Payway, or others selected by Customers). We do not store or process credit card numbers or sensitive payment data.
7.3 Other Disclosures
We may disclose information:
With Customer consent
To comply with legal obligations or valid legal process
To protect our rights, privacy, safety, or property
In connection with a merger, acquisition, or sale of assets (with notice)
We do not sell, rent, or trade personal information. We do not use data obtained from Meta platforms for purposes other than providing our services to Customers.
8. International Data Transfers
Data may be transferred to and processed in countries outside your country of residence, including the United States.
We implement appropriate safeguards for international transfers, including:
Standard Contractual Clauses (SCCs)
Data Privacy Framework certifications (where applicable)
Technical measures (encryption, access controls)
9. Data Retention
9.1 Audio and Images (Kiosks)
Audio and images from kiosk interactions are not permanently stored. They are processed in real-time and discarded immediately after processing.
9.2 Customer Data
We retain Customer account data for the duration of the business relationship and for a reasonable period thereafter for legal and business purposes.
9.3 End User Data
We retain End User data according to our Customers' instructions and our agreements with them. Upon termination of a Customer relationship, we will delete or return End User data as instructed.
9.4 Messaging Data
Conversation history and messaging data are retained while the messaging module is active. Upon deactivation or contract termination, data is deleted according to Customer instructions and Meta's requirements.
9.5 Technical Logs
Technical logs are retained for the time necessary for diagnostics and troubleshooting, generally no more than ninety (90) days, and then deleted.
9.6 Aggregated Metrics
Aggregated usage metrics may be retained indefinitely given their anonymous and non-personal nature.
10. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to:
Maintain session state
Remember preferences
Analyze website traffic
Improve user experience
You can control cookies through your browser settings. Some features may not function properly if cookies are disabled.
11. Data Security
We implement appropriate technical and organizational measures to protect data, including:
Encryption in transit (TLS) and at rest
Access controls and authentication
Regular security assessments
Employee training and confidentiality obligations
Incident response procedures
12. Your Rights
Depending on your location, you may have rights regarding your personal data, including:
Access: Request information about data we hold
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Receive your data in a portable format
Objection: Object to certain processing
Restriction: Limit how we use your data
Non-discrimination: Not be discriminated against for exercising privacy rights (California residents)
Important: Since the System in its basic kiosk configuration does not collect or store identifiable personal data, these rights may be of limited application in that context. However, we will address any inquiry or request a user wishes to make.
12.1 How to Exercise Your Rights
For End Users (kiosk users, loyalty program members, WhatsApp/Instagram contacts):
You may exercise your rights by contacting either:
The business (Customer) where you interacted with the System or whose WhatsApp/Instagram you contacted, OR
Synergy Shock directly at luciano@synergyshock.com
If you contact Synergy Shock directly, we will:
Respond to your request
Communicate with the relevant Customer to coordinate the response
Ensure your rights are fulfilled within the timeframes established by applicable law
For Customers and Website Visitors: Contact us directly using the information below.
We will respond to requests within the timeframes established by applicable law in each jurisdiction.
13. Children's Privacy
The Platform is not directed to children under 18. Our Customers' loyalty programs are restricted to adults (18+). We do not knowingly collect personal information from children.
If features requiring personal data are implemented in the future, parental or guardian consent will be required for minor users, in accordance with applicable law in each jurisdiction.
14. Future Collection of Personal Data
If in the future we incorporate features that involve the collection of personal data (such as name, email, phone, or other identifiers), we will implement:
A mechanism for prior, express, and informed consent within the System's interaction flow;
Clear information about the purpose of collection and user rights;
An update to this Privacy Policy.
No personal data will be collected without the user's prior consent.
15. Future Processing of Biometric or Demographic Data
In the future, the System may incorporate features that allow the processing of biometric data or the obtaining of demographic estimates from users (such as age range or perceived gender).
If such features are implemented:
This Privacy Policy will be updated to describe the new processing;
The informational notice located next to the device will be updated;
Where required by applicable law in each jurisdiction, a mechanism for informed consent will be implemented prior to processing;
Data will be processed in accordance with applicable data protection regulations.
16. Business Information Disclaimer
Any data related to products, prices, promotions, hours, or commercial operations corresponds exclusively to the business where the System is installed. Synergy Shock LLC is not responsible for such information.
17. California Privacy Rights (CCPA/CPRA)
California residents have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:
Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale/sharing of personal information
Right to non-discrimination for exercising rights
We do not sell personal information.
To exercise your rights, contact us at the information below.
18. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date.
19. Meta Platform Compliance
This Privacy Policy complies with Meta's Platform Terms, Developer Data Use Policy, and WhatsApp Business Policy. Specifically:
We process data from Meta platforms only as permitted and as described in this Policy
We do not sell data obtained from Meta to third parties
We do not use Meta data to build or augment user profiles for purposes unrelated to our services
We maintain appropriate security measures as required by Meta's policies
We will delete data obtained from Meta upon request from Meta or when required by their policies
Our privacy practices do not supersede or conflict with Meta's Platform Terms
20. Contact Us
For questions about this Privacy Policy or to exercise your rights:
Data Protection Officer:
Luciano Ganga
Email: luciano@synergyshock.com
Synergy Shock LLC
Email: privacy@synergyshock.com
Website: https://morsis.com
21. Additional Information for Specific Jurisdictions
21.1 European Economic Area (EEA)
If you are in the EEA, you have the right to lodge a complaint with your local data protection authority.
21.2 Argentina
Processing complies with Law 25.326 (Personal Data Protection Act). The Agency for Access to Public Information (AAIP) is the supervisory authority.
21.3 Brazil
Processing complies with Lei Geral de Proteção de Dados (LGPD). Data subjects have rights under Articles 17-22 of the LGPD.
21.4 Mexico
Processing complies with the Federal Law on Protection of Personal Data Held by Private Parties (LFPDPPP). Data subjects have ARCO rights (Access, Rectification, Cancellation, Opposition).
21.5 Other Latin American Jurisdictions
Processing complies with applicable data protection laws in Chile (Law 19.628), Peru (Law 29.733), Colombia (Statutory Law 1581 of 2012), and other jurisdictions where the Platform operates.
By using MORSIS, you acknowledge that you have read and understood this Privacy Policy.