Privacy Policy

Effective Date: April 10, 2026 · Last Updated: April 10, 2026

1. Introduction

Merlin Tech LLC ("Merlin," "we," "our," or "us") is a Colorado limited liability company. We operate the Merlin AI automation platform, including our website, web application, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use the Service.

By accessing or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

Account information: name, email address, company name, billing information, and password when you register for an account.
Business documents and content: files, documents, email content, social media content, course materials, and other data you upload or connect to the Service so Merlin can perform automation tasks.
Communications: messages you send to our support team or through in-app feedback tools.
OAuth credentials: authorization tokens from third-party platforms (Gmail, Outlook, LinkedIn, Instagram, Facebook, YouTube, TikTok, Google Drive, Dropbox, etc.) that you connect to the Service. We do not store your passwords for these platforms.

2.2 Information Collected Automatically

Usage data: pages visited, features used, actions taken within the platform, and time spent.
Device and technical data: IP address, browser type, operating system, device identifiers, and referring URLs.
Log data: server logs, error reports, and performance data.
Cookies and similar technologies: session cookies, preference cookies, and analytics identifiers. See Section 8 for details.

2.3 Information from Third-Party Integrations

When you connect third-party accounts (email providers, social platforms, document storage systems, CRMs), we receive data from those platforms as authorized by you. The scope of data we receive is limited to what is necessary to provide the automation features you activate. This may include email metadata, message content, social media account data, and document contents.

3. How We Use Your Information

We use the information we collect to:

Provide and operate the Service: process your business documents, generate email drafts, schedule social media posts, and create educational content on your behalf.
Maintain context and continuity: use prior email threads, uploaded documents, and account history to generate contextually accurate outputs.
Communicate with you: send transactional emails (account confirmations, billing receipts), product updates, and support responses.
Improve the Service: analyze usage patterns, diagnose technical issues, and develop new features.
Ensure security: detect and prevent fraud, abuse, and unauthorized access.
Comply with legal obligations: respond to lawful requests from government authorities, enforce our Terms of Service, and meet applicable regulatory requirements.
Process payments: facilitate billing through our payment processors.

We do not sell your personal information or your business content to third parties. We do not use your business documents or email content to train AI models without your explicit written consent.

4. How We Share Your Information

We may share your information with:

AI and cloud service providers: third-party AI services (including but not limited to Anthropic and OpenAI) and cloud infrastructure providers (Vercel, Supabase) that process data on our behalf under confidentiality obligations. These providers are not permitted to use your data for their own commercial purposes.
Third-party platforms you authorize: when you connect a platform (e.g., Gmail, LinkedIn), data is transmitted to and from that platform per your authorization.
Payment processors: billing information is shared with our payment processors, who maintain their own privacy and security controls.
Professional advisors: attorneys, accountants, and auditors under professional confidentiality obligations.
Business transfers: in connection with a merger, acquisition, or sale of assets, your information may be transferred to a successor entity. We will notify you of any such change.
Law enforcement and legal process: when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Merlin, our users, or the public.

5. Data Retention

We retain your account information and business content for as long as your account is active or as necessary to provide the Service. When you delete your account, we will delete or anonymize your personal information within 90 days, unless we are required by law to retain it longer or it is necessary for legitimate business purposes such as resolving disputes or enforcing agreements.

You may request deletion of specific content at any time through your account settings or by contacting us at the address in Section 13.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

Encryption of data in transit (TLS) and at rest
Role-based access controls (RBAC) limiting employee access to your data
Organization-level resource isolation
Regular security assessments

No method of transmission or storage is completely secure. While we take these precautions seriously, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

Access: request a copy of the personal information we hold about you.
Correction: request that we correct inaccurate or incomplete information.
Deletion: request deletion of your personal information, subject to legal retention requirements.
Portability: request your data in a structured, machine-readable format.
Opt-out of marketing: unsubscribe from marketing emails at any time using the unsubscribe link in any email or by contacting us directly. Transactional emails are not subject to opt-out.
Revoke third-party access: disconnect any third-party platform integration at any time through your account settings.

To exercise any of these rights, contact us at privacy@merlintech.ai. We will respond within 30 days.

8. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. You may configure your browser to refuse all cookies or to indicate when a cookie is being set; however, some features of the Service may not function properly without cookies.

We use analytics tools to understand how users interact with the Service. Analytics data is aggregated and does not identify individual users.

9. Third-Party Services

Our service integrates with third-party platforms (Gmail, Outlook, LinkedIn, Instagram, Facebook, YouTube, TikTok, Google Drive, Dropbox, OneDrive, Notion, HubSpot, Salesforce, and others). Your use of these integrations is governed by those platforms' own terms of service and privacy policies. We are not responsible for the privacy practices of any third-party platform.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. If you believe we have collected information from a minor, contact us at privacy@merlintech.ai.

11. International Data Transfers

Merlin Tech LLC is based in Colorado, United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure that appropriate safeguards are in place for any international transfers of personal data.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice in the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email: privacy@merlintech.ai
Merlin Tech LLC
Colorado, United States