Privacy Policy

This Privacy Policy explains how Cailin Killian, doing business as Merova ("Merova", "we", "us", "our"), collects, uses, shares, and protects personal data when you use the Merova website, software, or consulting services (the "Service"). Merova is a solo-operated business based in the State of Nevada, United States, and acts as the data controller for the personal data described below.

1. Personal data we collect

Account data: name, email address, login credentials, workspace name, role, and team-member invitations.
Customer Content: SOPs, binders, checklists, training, exception notes, and other operational content you upload or create. Treated as confidential.
Consulting data: information you share during scoping calls, audits, or written engagements (org charts, process documents, screenshots, etc.). Used only to deliver the engagement.
Support data: messages and attachments you send to support.
Usage and telemetry: pages viewed, features used, timestamps, device and browser identifiers, IP address, and error logs — used to operate, secure, and improve the Service.
Billing data: handled by Paddle, our Merchant of Record. We receive limited metadata (customer ID, subscription status, plan, country, last 4 digits of card) but never full card numbers.

2. How we use it

Create and operate your account and workspace.
Provide, maintain, and improve the Service.
Deliver consulting engagements you have signed up for.
Process payments and manage subscriptions via Paddle.
Respond to support requests and customer communications.
Detect, prevent, and investigate security incidents, abuse, and fraud.
Send transactional emails (account, billing, security, product notices).
Comply with legal, tax, and accounting obligations.

We do not sell your personal data. We do not use Customer Content to train any general-purpose AI model.

3. Legal bases

Performance of a contract — to deliver the Service or consulting engagement you signed up for.
Legitimate interests — to keep the Service secure, prevent abuse, and improve product quality.
Consent — where required (e.g. optional marketing emails or non-essential cookies).
Legal obligation — to comply with tax, accounting, and law-enforcement requirements.

4. Who we share data with

Service providers / subprocessors acting on our instructions — including hosting and database (Supabase / Cloudflare), email delivery (Resend), analytics and error monitoring, and customer support tooling. Each is bound by confidentiality and data-protection obligations.
Paddle — Merchant of Record for the sale of the Service. Handles checkout, subscription management, payments, sales tax / VAT, invoicing, and refunds. See Paddle's Privacy Notice.
Professional advisers — legal, tax, and accounting advisers under duties of confidentiality.
Authorities — where required by law, court order, subpoena, or to protect our rights, your safety, or the safety of others.
Successors — in connection with a merger, acquisition, or sale of assets, subject to equivalent protections.

5. International transfers

Merova is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the U.S. Where we transfer personal data of UK or EEA residents outside the UK/EEA, we rely on appropriate safeguards such as the EU/UK Standard Contractual Clauses or equivalent adequacy mechanisms.

6. Retention

Account & Customer Content: retained for the life of your account, then deleted from active systems within 30 days of account closure (backups purged within 90 days), unless we are required by law to retain longer.
Billing records: retained for at least 7 years to meet U.S. tax and accounting requirements.
Support and consulting records: retained for up to 3 years after the end of the engagement.

7. Security

We use reasonable technical and organisational measures, including TLS encryption in transit, encryption at rest for the database, role-based access controls, least-privilege admin access, audit logging, and regular dependency updates. No system is perfectly secure; we will notify affected users of material data incidents as required by applicable law.

8. Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion ("right to be forgotten") subject to legal retention duties.
Request restriction of or object to processing.
Request a portable copy of your data.
Withdraw consent where processing is based on consent.
Lodge a complaint with your local data-protection authority (UK / EEA), or with your state Attorney General if you live in a U.S. state with applicable privacy laws (e.g. California, Colorado, Virginia).

California residents have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect, the right to delete, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under California law.

To exercise any of these rights, email support@merovaops.com. We aim to respond within 30 days. We may need to verify your identity before acting on a request.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, contact us and we will delete it.

10. Cookies and similar technologies

We use strictly necessary cookies to keep you signed in and remember your preferences. We may use limited first-party analytics to understand how the Service is used. You can manage cookies through your browser settings; turning off essential cookies will break sign-in.

11. Changes to this Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice. The "Last updated" date above always reflects the current version.

12. Contact

Privacy questions, requests, or complaints:

Email: support@merovaops.com
Web: /contact
Controller: Cailin Killian, d/b/a Merova — Nevada, United States