Privacy Policy

Last updated: June 2026

MERITO ("we", "our", "us") operates getmerito.com. This policy explains what data we collect, why, and how we protect it. It applies to all users in the EU, UK, and worldwide.

1. What we collect

Account data: email address, name (optional), and profile information you add to your EPK.

Usage data: pages visited, time spent, device type, and approximate city — used to power EPK analytics and improve the product.

Payment data: handled entirely by Stripe. We never store card numbers.

Cookies: authentication session cookie (required), analytics cookies (optional — see our Cookie Policy).

2. Legal basis (GDPR)

We process your data under: (a) contract performance — to provide the service you signed up for; (b) legitimate interest — product analytics and security; (c) consent — marketing emails, which you can withdraw at any time.

3. How we use it

To operate your account, deliver EPK analytics, send transactional emails (magic links, notifications), and improve MERITO. We do not sell your data. We do not use it for advertising.

4. Third parties

Supabase (database, auth — EU region), Stripe (payments), Cloudflare (CDN, R2 storage), Resend (transactional email), Google Analytics (aggregated site analytics).

5. Your rights

Under GDPR/UK GDPR you have the right to access, correct, delete, or export your data at any time. Email us at hello@getmerito.com and we'll respond within 30 days.

6. Data retention

We keep your data while your account is active. If you delete your account, all personal data is deleted within 30 days except where required by law (e.g. payment records for 7 years).

7. Contact

Data controller: MERITO / getmerito.com. Email: hello@getmerito.com