Privacy Policy

1. Introduction

Merrion AI (“Merrion”, “we”, “us”, or “our”) operates the website at https://www.merrion.ai and the Merrion platform (the “Service”), an AI-powered business platform for service businesses that combines CRM, work management, finance tools, and AI-powered communication features.

This Privacy Policy explains what information we collect, how we use and share it, and the rights you have in relation to it. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Who This Policy Applies To

This policy applies to:

• Merrion customers — business users who sign up for an account and their team members.
• Your customers and contacts — individuals whose information you import into, receive into, or create within Merrion. When Merrion processes this information, we act as a data processor on your behalf; you are the data controller. A Data Processing Agreement is available to customers on request at support@merrion.ai.
• Visitors to the merrion.ai website.

3. Information We Collect

3.1 Information you provide directly

• Account information, such as your name, email, phone number, business name, and password.
• Billing information, such as billing name and email. Payment card details are collected and stored by our payment processor; we do not receive or store full card data.
• Business profile, such as services, pricing, hours, service areas, and brand assets you configure in the Service.
• Customer and contact records, such as names, email addresses, phone numbers, and addresses of your customers and leads.
• Content you create in the Service, including quotes, proposals, invoices, messages, notes, and tickets.

3.2 Information collected automatically

• Usage data, such as features used and session activity.
• Device and log data, such as IP address, browser type, and timestamps.
• Cookies and similar technologies (see Section 11).

3.3 Information from connected accounts and integrations

When you connect a third-party account or provision a communication channel through Merrion, we receive data from those services to provide the features you enable — including email messages from connected Gmail accounts (see Section 4), SMS messages sent to phone numbers you provision, and phone calls handled by our AI receptionist.

4. Google User Data and Gmail

When you connect a Google account to Merrion, we access Google user data on your behalf to provide features of the Service.

4.1 Scopes we request and why

4.2 What we store

We store the OAuth tokens Google issues, the email content and metadata needed to keep your Merrion inbox in sync, and the notification subscriptions needed to receive new-message events.

4.3 How we use Gmail data

Gmail data is used only to provide features of Merrion that are visible in the user interface:

• Displaying your inbox and threads within Merrion.
• Sending email on your behalf when you, or an automation you configure, initiate a send.
• Classifying incoming messages and routing them within the app.
• Generating suggested replies, and sending automated replies when you enable the email AI agent.

To enable classification and drafted replies, we send the content needed to generate a response to a large language model provider that processes this data under contractual terms prohibiting its use for model training.

4.4 Limited Use

Merrion's use and transfer to any other application of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular, with respect to data we obtain from Google APIs:

• Service-only use. We use Google user data only to provide or improve user-facing features that are prominent in the Merrion user experience.
• No unauthorized transfers. We do not transfer Google user data to third parties except (a) as necessary to provide or improve the features described in this policy, (b) to comply with applicable law, or (c) as part of a merger, acquisition, or sale of assets where the acquiring entity honors this policy, in which case we will notify you.
• No advertising use. We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• No human access, except narrowly. We do not allow any human to read Google user data unless (i) we have your explicit consent for specific messages, (ii) it is necessary for security investigations or to resolve a bug reported by you, (iii) it is necessary to comply with applicable law, or (iv) the data has been aggregated and de-identified and is used only for internal operations.
• No AI or ML training. We do not use Google user data, including data accessed via the Gmail API, to develop, improve, or train generalized AI or ML models.

4.5 Disconnecting and deletion

You can disconnect your Google account at any time from your Merrion settings, which revokes our OAuth tokens and stops further syncing. You can also revoke Merrion's access at https://myaccount.google.com/permissions.

After disconnection, Gmail data already synced into your workspace is retained for up to 30 days to support reconnection, after which it is permanently deleted unless you request earlier deletion. Email support@merrion.ai to request immediate deletion.

5. How We Use Your Information

We use the information described above to:

• Provide, operate, and maintain the Service and its features.
• Process transactions, manage subscriptions, and send billing notices.
• Communicate with you about your account, product updates, security notices, and support requests.
• Power AI-enabled features you turn on, including email, SMS, voice, and content-generation tools.
• Improve the Service, including troubleshooting, measuring performance, and analyzing aggregate usage.
• Detect, prevent, and investigate fraud, abuse, and security incidents.
• Send marketing communications about Merrion where permitted; you can opt out at any time.
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information. We do not use customer content — including messages, call transcripts, CRM records, or Gmail data — to train generalized AI or ML models.

6. AI Features

Merrion uses AI to generate drafts, classify messages, and handle voice and SMS interactions on your behalf. You control which AI features are enabled for your workspace. Outputs are reviewable before sending where you configure human review.

When Merrion's AI receptionist or SMS agent interacts with your customers, you are responsible for providing any notice and obtaining any consent required by the laws that apply to you — for example, call-recording disclosures and electronic-communications consent.

7. How We Share Your Information

7.1 Subprocessors

We share information with third-party service providers that help us operate the Service, including cloud infrastructure, payment processing, communication providers, large language model providers, and maps and location services. A current list is available at https://www.merrion.ai/subprocessors. Each subprocessor is contractually obligated to process data only on our instructions, to maintain appropriate security, and — where they process customer content for AI features — not to use that content to train generalized AI or ML models.

7.2 Legal and protective disclosures

We may disclose information when we believe in good faith that it is necessary to: comply with a law, regulation, subpoena, or legal process; protect the rights, property, or safety of Merrion, our users, or the public; investigate or prevent fraud or security incidents; or enforce our Terms of Service.

7.3 Business transfers

If Merrion is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

7.4 With your direction

We share information with other third parties at your direction — for example, when you integrate Merrion with another service.

8. Data Storage and International Transfers

Merrion's primary database is hosted in the European Union. Several of our subprocessors are based in the United States and process data there. Where data is transferred from the European Economic Area, United Kingdom, or Switzerland to a country not recognized as providing an adequate level of data protection, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses and the UK International Data Transfer Addendum.

9. Data Retention

We retain your personal information for as long as your Merrion account is active and afterward as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

• Account data: retained while your account is active; deleted or anonymized within 90 days of account closure on request.
• Gmail-synced messages: retained for up to 30 days after disconnection.
• Messaging and call records: retained for the lifetime of your workspace unless you delete them or request deletion.
• Backups: retained for up to 35 days following deletion.
• Billing records: retained for at least 7 years for tax and financial compliance.

You can request deletion at any time by emailing support@merrion.ai.

10. Data Security

We implement technical and organizational measures designed to protect your information, including encryption in transit and at rest, multi-tenant access controls, authentication safeguards, and monitoring of administrative and security events.

No method of electronic transmission or storage is 100% secure. If we become aware of a security incident affecting your personal information, we will notify you and applicable regulators in accordance with the law.

11. Cookies and Similar Technologies

We use cookies and similar technologies for three purposes:

• Strictly necessary — to keep you signed in and operate the Service.
• Preference — to remember your settings.
• Analytics — to understand aggregate usage. We do not use third-party advertising cookies.

You can control cookies through your browser settings. Disabling strictly necessary cookies will prevent you from signing in.

12. Your Rights

Depending on where you live, you may have the following rights regarding your personal information:

• Access a copy of what we hold about you.
• Correction of inaccurate or incomplete information.
• Deletion of your personal information.
• Restriction or objection to certain processing.
• Portability of your information in a machine-readable format.
• Withdraw consent where processing is based on consent.
• Complain to a data protection authority. For EU/EEA residents, this is your local supervisory authority; for UK residents, the Information Commissioner's Office.

If you are a contact of a Merrion user — a data subject whose information was added by our customer — please direct rights requests to that customer in the first instance. We will support them in responding.

To exercise your rights, email support@merrion.ai. We respond within 30 days, or within the shorter timeframe required by applicable law.

13. Children's Privacy

The Service is not directed to individuals under 16, or the minimum age required in your jurisdiction, and we do not knowingly collect personal information from them. Contact support@merrion.ai if you believe a child has provided us with personal information and we will delete it.

14. California Privacy Notice

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) provides the rights described in Section 12. We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under California law.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy here with a revised “Last updated” date and, where appropriate, notify you by in-app notice or email at least 30 days before changes take effect.

16. Contact Us

Merrion
Email: support@merrion.ai
Website: https://www.merrion.ai