Privacy Policy

Your account data (name, email, username, etc.) identifies you as a Meritt user. End-customer data (identifiers and repayment rows you upload or sync) is information about your customers that you choose to process through Meritt. Depending on jurisdiction, you may be a controller of that end-customer data and Meritt may act as a processor, providing software on your instructions. You are responsible for lawful bases, notices, and contracts with your customers as required by law.

• Account & workspace: name, email, username, password hash, phone (if provided), authentication events, business profile fields (company name, type, website, branding, onboarding answers).
• Customer & repayment data: fields you import or create—such as customer identifiers, amounts, dates, status, notes—stored to power dashboards, scores, and API responses.
• API & technical: API keys (hashed or stored securely), request metadata, rate-limit counters, error logs.
• Usage & device: pages or features used, timestamps, browser type, IP address in standard server logs.
• Meritt Plus billing: when you subscribe (e.g., the published $99/mo USD plan plus tax, unless another price is shown at checkout), Stripe receives payment information; Meritt receives subscription status, customer id, and billing-related metadata from Stripe—not your full card number on our own databases.

Meritt is not designed to collect full payment card numbers, bank login credentials, or government IDs through the core product. We do not access your or your customers' bank or wallet apps. Settlement of debts between you and your customers happens outside Meritt.

• Provide, secure, and improve the service (dashboards, imports, scores, APIs, email verification).
• Communicate about the product, security, and legal requirements.
• Detect abuse, enforce terms, and comply with law.
• Process Meritt Plus subscriptions via Stripe.
• We do not sell personal information for cross-context behavioral advertising.

We share data with service providers who help us run Meritt, under contractual safeguards:

• Supabase — database and authentication hosting; hosts application data you submit, including customer repayment rows you provide.
• Vercel — application hosting and edge delivery.
• Resend — transactional email (e.g., verification, notices).
• Stripe — payment processing and subscription management for Meritt Plus.

We may also disclose information if required by law or to protect rights and safety.

If you enable public profile sharing, a limited reputation summary may be available via link (fields depend on product settings). You can turn this off in Settings → Privacy.

We retain account and business data while your account is active. End-customer rows you store may be deleted when you delete them or your account, subject to legal holds or backups for a limited time. If you delete your account, we work to remove personal data within a reasonable period unless retention is required by law.

• meritt_token (required): session. Typical expiry as configured in product.
• meritt_cookie_consent (required): stores analytics consent choice.
• meritt_analytics (optional): only if you consent.

We do not use advertising cookies for third-party ad networks.

We use industry-standard measures appropriate to the service (encryption in transit, access controls, secure credential handling). No method of transmission or storage is 100% secure.

Meritt is a business service not directed at children under 13. We do not knowingly collect personal information from children under 13.

Depending on your location, you may have rights to access, correct, delete, or export personal information, or to object to certain processing. Contact founder.meritapi@gmail.com. If you are in the EEA/UK, you may also lodge a complaint with a supervisory authority.

We operate primarily in the United States. If you access Meritt from other countries, your information may be processed in the U.S. or other jurisdictions where we or our subprocessors operate.

We will notify you of material changes via email or in-product notice where appropriate.

founder.meritapi@gmail.com · Terms of Service