Privacy Policy
Last updated: May 3, 2026 · Effective date: May 3, 2026
The short version. We collect only what is needed to operate our website and apps. We do not sell your personal information. You can ask us to access, correct, or delete your data at any time by emailing info@meralte.io.
- Scope and Definitions
- Information We Collect
- Sensitive Personal Information
- How We Use Information
- Legal Bases (EEA / UK / Switzerland)
- How We Share Information
- Third-Party Services
- International Data Transfers
- Data Retention
- Cookies, Tracking, and Global Privacy Control
- Push Notifications and Communications
- Advertising and Analytics Identifiers
- Your Rights and Choices
- California Privacy Rights (CCPA / CPRA)
- EEA, UK, and Switzerland Rights
- Brazil (LGPD) Rights
- Automated Decision-Making
- Children's Privacy
- Security and Data Breach Notification
- App Store and Google Play Privacy Disclosures
- Changes to This Policy
- Contact Us
1. Scope and Definitions
Meralte Labs LLC ("Meralte Labs," "we," "us," or "our") operates the website meralte.io and develops mobile and web applications (collectively, the "Services"). This Privacy Policy explains how we collect, use, disclose, and protect personal information, and describes the rights and choices available to you.
"Personal information," "personal data," and similar terms refer to information that identifies, relates to, describes, or could reasonably be linked with an identified or identifiable natural person. This policy applies across our Services. Individual apps may publish supplemental privacy notices for app-specific practices; where there is a conflict, the app-specific notice controls.
2. Information We Collect
Information you provide
- Account information such as name, email address, and password (or authentication identifiers from sign-in providers).
- Communications with us, including support requests and the contents of messages and attachments.
- User content you submit through the Services, such as uploads, settings, and preferences.
- Payment information, where applicable, processed by our payment providers (we do not store full card numbers).
Information collected automatically
- Device data: device model, operating system, language, time zone, app version, and unique device identifiers.
- Usage data: features used, in-app actions, session duration, referring URL, and similar telemetry.
- Diagnostic data: crash logs, performance metrics, and error reports.
- Log data: IP address, access times, and pages or screens viewed.
- Approximate location derived from IP address. We collect precise (GPS) location only with your explicit permission and only where it is necessary for a feature you have requested.
- Cookies and similar technologies on our website (see Section 10).
Information from third parties
- Authentication providers (e.g., Sign in with Apple, Google) that share the data you authorize them to share, typically a name, email, and a stable user identifier.
- Analytics, attribution, and crash-reporting providers in pseudonymized or aggregated form.
- Payment processors that confirm transactions for purchases made through us.
3. Sensitive Personal Information
We do not knowingly collect "sensitive personal information" as defined under the California Privacy Rights Act, the GDPR's "special categories," or comparable laws (for example: government identifiers, racial or ethnic origin, religious beliefs, union membership, genetic data, biometric data used to identify you, health information, sex life or sexual orientation, or precise geolocation), except where you voluntarily provide such information through a feature that explicitly requests it (for example, an app that processes health-related data with your consent). We do not use sensitive personal information to infer characteristics about you and do not sell or share sensitive personal information.
4. How We Use Information
- To provide, operate, maintain, secure, and improve the Services.
- To authenticate users and prevent unauthorized access.
- To respond to support requests and communicate about your account or the Services.
- To analyze usage and trends, debug issues, and improve user experience.
- To detect, investigate, and prevent fraudulent, abusive, or unlawful activity, and to enforce our Terms of Service.
- To comply with legal obligations and respond to lawful requests.
- For other purposes disclosed at the time of collection or with your consent.
5. Legal Bases for Processing (EEA, UK, Switzerland)
If you are in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases:
- Performance of a contract — to provide the Services you request.
- Legitimate interests — to operate, secure, and improve the Services, where not overridden by your rights and freedoms.
- Consent — for non-essential cookies, marketing communications, and other purposes that require it. You may withdraw consent at any time.
- Legal obligation — to comply with applicable law.
6. How We Share Information
We do not sell personal information for money. We do not share it with third parties for cross-context behavioral advertising. We disclose personal information only as described below:
| Category of Recipient | Purpose |
|---|---|
| Hosting and infrastructure providers | To host the Services and store data. |
| Authentication providers | To enable secure sign-in. |
| Analytics and product measurement | To understand usage and improve the Services. |
| Crash reporting and diagnostics | To identify and fix bugs. |
| Customer support tools | To respond to your requests. |
| Payment processors | To process purchases and prevent fraud. |
| Legal, regulatory, and law enforcement | When required by law or to protect rights, property, or safety. |
| Acquirers and successors | In connection with a merger, acquisition, financing, or sale of assets. |
| With your consent | For any other disclosed purpose. |
All service providers are bound by contractual obligations to use personal information only for the purposes for which it was disclosed and to protect it appropriately.
7. Third-Party Services
The Services rely on third-party providers for infrastructure, analytics, crash reporting, authentication, and payments. The specific providers used by each app are listed in that app's in-product privacy disclosures and on its store listing. Each provider's processing of personal information is governed by its own privacy policy.
8. International Data Transfers
We are based in the United States and our Services are operated from there. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws different from those of your country. Where required by law, we use appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, or the EU–U.S. Data Privacy Framework, and we apply additional safeguards where necessary.
9. Data Retention
We retain personal information only as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Typical retention periods include:
- Account data — while your account is active, and up to 90 days after account deletion to allow recovery of an accidentally-deleted account.
- Support communications — up to 3 years after the last interaction.
- Diagnostic and crash logs — up to 90 days, then deleted or anonymized.
- Server access logs — up to 30 days.
- Transaction records — for the period required by tax, accounting, and consumer-protection laws (typically up to 7 years).
When data is no longer required, we delete or anonymize it.
10. Cookies, Tracking, and Global Privacy Control
Our website uses strictly necessary cookies and may use measurement or analytics cookies. You can configure your browser to refuse cookies, but some site features may not function properly. We do not use cookies for cross-context behavioral advertising.
Some browsers transmit "Do Not Track" or Global Privacy Control (GPC) signals. Where required by law (including for California residents), we treat a GPC signal as a valid request to opt out of the sale or sharing of personal information.
11. Push Notifications and Communications
If you grant permission, our apps may send push notifications for service-related or feature updates. You can disable push notifications at any time in your device settings. We may also send transactional emails (e.g., security alerts, billing). Marketing emails, where applicable, will include an unsubscribe link, and you can opt out at any time.
12. Advertising and Analytics Identifiers
Some Services may use device-level advertising identifiers (such as Apple's IDFA or Google's Advertising ID) for measurement, attribution, or fraud prevention, only with your permission where required (including via Apple's App Tracking Transparency framework). You can reset or limit these identifiers in your device settings. We do not currently engage in interest-based advertising. If we begin to do so, we will update this policy and provide an opt-out before the practice begins.
13. Your Rights and Choices
Depending on where you live, you may have rights to:
- Access — request a copy of the personal information we hold about you.
- Correct — ask us to correct inaccurate or incomplete data.
- Delete — request deletion of your personal information (see our Data Deletion page).
- Port — receive your data in a structured, commonly used, machine-readable format.
- Restrict or object to certain processing.
- Opt out of any sale or sharing of personal information, or of profiling for decisions that produce legal or similarly significant effects.
- Withdraw consent where processing is based on consent.
- Lodge a complaint with your local data protection authority.
To exercise any of these rights, email info@meralte.io from the email address associated with your account, or include sufficient information for us to verify your identity. We will respond within the timelines required by applicable law (typically 30–45 days). We will not discriminate against you for exercising your rights. If you are an authorized agent making a request on behalf of a consumer, we will require written authorization and may verify the consumer's identity directly.
14. California Privacy Rights (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights described in this section.
Categories of personal information collected (last 12 months)
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, account ID, IP address, device ID | Yes |
| Customer records (Civ. Code §1798.80) | Name and contact information | Yes |
| Commercial information | Purchase history, subscription status | If applicable |
| Internet/network activity | Usage data, interactions, diagnostics | Yes |
| Geolocation | Approximate location from IP; precise location only with permission | Approximate; precise with consent |
| Audio/visual | Photos, audio, or video you submit to a feature | Only if you submit |
| Professional/employment | — | No |
| Education information | — | No |
| Inferences | Limited usage-based inferences for product improvement | Limited |
| Sensitive personal information | See Section 3 | Generally no |
We collect personal information from the sources described in Section 2 and use it for the purposes described in Section 4. We disclose personal information for business purposes only, to the categories of recipients listed in Section 6.
Your California rights
- Right to know what personal information is collected, used, disclosed, and the sources and purposes.
- Right to delete personal information, subject to limited exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under California law.
- Right to limit the use and disclosure of sensitive personal information.
- Right to non-discrimination for exercising your rights.
To exercise these rights, email info@meralte.io. California residents may also designate an authorized agent to act on their behalf with proper written authorization.
Shine the Light (Cal. Civ. Code §1798.83): California residents may request information about disclosures of personal information to third parties for direct marketing. We do not disclose personal information to third parties for their own direct marketing purposes.
15. EEA, UK, and Switzerland Rights
If you are in the EEA, UK, or Switzerland, you have the rights described in Section 13 under the GDPR, UK GDPR, or Swiss FADP. You may also lodge a complaint with the data protection authority in your country of residence, place of work, or place of the alleged infringement.
EU/UK Representative. Meralte Labs is a small organization that does not currently meet the thresholds requiring an EU representative under Article 27 GDPR or a UK representative under the UK GDPR. If you have questions about our processing of EEA or UK personal data, contact us at info@meralte.io. If our activities require us to designate a representative in the future, we will update this policy with the representative's contact details.
16. Brazil (LGPD) Rights
If you are in Brazil, the Lei Geral de Proteção de Dados (LGPD) gives you rights to confirmation of processing, access, correction, anonymization or deletion, portability, information about sharing, withdrawal of consent, and the right to object. Contact us at info@meralte.io to exercise these rights. You may also contact the Brazilian National Data Protection Authority (ANPD).
17. Automated Decision-Making
We do not use personal information to make decisions that produce legal or similarly significant effects about you through solely automated means within the meaning of Article 22 GDPR. Where the Services use automated systems to detect fraud, abuse, or security threats, the outcomes of those systems are reviewable by humans on request.
18. Children's Privacy
The Services are not directed to children under the age of 13 (or 16 in jurisdictions that set a higher minimum age for digital consent). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information without parental consent, contact us at info@meralte.io and we will promptly delete it.
19. Security and Data Breach Notification
We implement administrative, technical, and physical safeguards designed to protect personal information against loss, misuse, unauthorized access, disclosure, alteration, or destruction. These include encryption in transit, access controls, and regular security review. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, affected individuals, in accordance with applicable timelines.
20. App Store and Google Play Privacy Disclosures
Each of our mobile apps publishes a privacy summary on its Apple App Store "Privacy Nutrition Label" and Google Play "Data safety" listing. Those summaries describe, on a per-app basis, the categories of data collected, whether the data is linked to your identity, and whether it is used for tracking. Read alongside this Privacy Policy for the most accurate picture of an individual app's practices.
21. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the "Last updated" date above. For material changes, we will provide additional notice through the Services or by other appropriate means before the change takes effect.
22. Contact Us
For questions about this Privacy Policy or our data practices, or to exercise any of your rights, contact:
Meralte Labs LLC
Wyoming, United States
Email: info@meralte.io