Legal

Privacy Policy

Effective date: January 1, 2025  ·  Last updated: January 1, 2025

Summary: We collect only what we need to run your account and deliver the Service. We do not sell your data. Your business records live in an isolated database. You can request deletion at any time.

1. Overview

MERPP Inc. ("MERPP", "we", "us") operates a cloud-based ERP platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding that data. It applies to visitors of merpp.com, prospective customers, and paying customers.

2. Data We Collect

Account and onboarding data

When you request a workspace, we collect your name, business email, company name, chosen subdomain, and the account details needed to provision your workspace manually.

Usage data

We collect logs of actions taken within the platform (page views, feature usage, errors) to monitor reliability and improve the product. This data is aggregated and does not include the content of your business records.

Customer data

Data you and your team enter into MERPP modules (invoices, contacts, inventory records, etc.) is stored in your isolated tenant database. We treat this as your confidential business data and do not analyze or share it.

Communications

If you email us or submit a support ticket, we retain those communications to resolve your issue and improve support quality.

Cookies and tracking

We use essential session cookies for authentication and optional analytics cookies (e.g., first-party analytics) to understand aggregate usage. We do not use third-party advertising cookies.

3. How We Use Your Data

We use your data to: (a) provision and operate your MERPP account; (b) manage onboarding and service communications; (c) send transactional emails (password resets, system alerts, and workspace notices); (d) respond to support requests; (e) detect and prevent fraud and abuse; (f) improve the platform through aggregated, anonymized usage analysis; (g) comply with legal obligations. We do not sell your personal data to third parties. We do not use your Customer Data for advertising.

4. Data Sharing

We share personal data only with: (a) cloud infrastructure providers (e.g., AWS or similar) who process data on our behalf under data processing agreements; (b) email delivery providers for transactional emails; (c) legal authorities when required by law or to protect MERPP's rights. All sub-processors are contractually bound to confidentiality and security obligations at least as protective as those in this Policy.

5. Data Retention

We retain account data for the duration of your subscription plus 30 days after cancellation to allow for data export. After 30 days, your tenant database and associated data are permanently deleted. Billing records are retained for 7 years as required for tax compliance. Anonymized usage analytics may be retained indefinitely. You may request earlier deletion by contacting privacy@merpp.com.

6. Security

MERPP employs technical and organizational measures to protect your data, including: encryption in transit (TLS 1.2+) and at rest (AES-256); per-tenant database isolation; role-based access controls; regular security assessments; and incident response procedures. No system is 100% secure. In the event of a data breach affecting your account, we will notify you as required by applicable law.

7. Your Rights

Depending on your location, you may have the right to: access a copy of your personal data; correct inaccurate data; request deletion of your data; restrict or object to certain processing; and data portability. To exercise these rights, contact us at privacy@merpp.com. We will respond within 30 days. MERPP does not discriminate against users who exercise their privacy rights.

8. GDPR and International Transfers

If you are located in the European Economic Area (EEA), MERPP processes your data on the legal bases of contractual necessity (to provide the Service), legitimate interests (product improvement, fraud prevention), and legal compliance. Data may be transferred to and processed in the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard such transfers. You may contact our Data Protection Officer at dpo@merpp.com.

9. California Privacy Rights (CCPA/CPRA)

California residents may request: disclosure of personal data we have collected and with whom it was shared; deletion of personal data; and correction of inaccurate personal data. MERPP does not sell personal information as defined by the CCPA. To submit a request, email privacy@merpp.com with "California Privacy Request" in the subject line. We will verify your identity before fulfilling requests.

10. Children's Privacy

MERPP's Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us at privacy@merpp.com and we will delete it promptly.

11. Cookie Policy

We use the following types of cookies: (a) Strictly necessary — session cookies required for authentication and security; (b) Functional — preferences such as language and UI settings; (c) Analytics — first-party analytics to understand aggregate usage patterns. You can control non-essential cookies via your browser settings. Disabling cookies may affect certain features of the Service.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you by email or in-app notice at least 14 days before material changes take effect. The "effective date" at the top indicates when the current version was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

13. Contact Us

For privacy inquiries, data subject requests, or concerns, contact us at privacy@merpp.com or by mail at MERPP Inc., Privacy Office, 1 Enterprise Plaza, Wilmington, DE 19801, USA. We aim to respond to all requests within 30 days.

Questions? privacy@merpp.com or contact support.

Also read our Terms of Service.