Legal

Privacy Policy

Last updated: June 2026

Merzm ("we", "our", or "us") operates the Merzm platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information we collect

We collect information you provide directly to us, such as your name, email address, company name, and account details. We also collect the business data you add to Merzm, including CRM records, contacts, companies, deals, tasks, notes, meetings, emails, voice notes, GTM inputs, scripts, AI prompts, feedback, and usage events generated while using the service.

How we use your information

We use your information to provide and improve our service, process payments, send transactional emails, operate integrations, generate AI outputs, prevent abuse, monitor reliability, and communicate with you about updates. We do not sell your personal data to third parties.

AI processing and customer isolation

Merzm uses AI providers to generate sales guidance, scripts, GTM strategy, summaries, enrichment, transcription, and related outputs. We may send the relevant CRM data, prompts, files, public enrichment context, or voice-note content needed to complete the requested feature. Private customer data and private feedback are used only to serve and improve that customer's Merzm experience. We do not use one customer's private CRM data to train or personalize another customer's workspace.

Data storage and security

Your data is stored securely using Supabase (PostgreSQL). We use row-level security to ensure your organization's data is isolated from other customers. Data is encrypted at rest and in transit. OAuth tokens for connected Google services are additionally encrypted by the application before storage. Access to production systems is limited to authorized personnel and monitored through operational logs and security tooling.

Third-party services

We use Supabase for database, authentication, and storage; Stripe for payment processing; Anthropic and OpenAI for AI, generation, and transcription features; Google APIs for Gmail and Calendar integrations; enrichment providers and public web sources where configured; Resend for transactional email; and Sentry for error monitoring. Each provider processes data according to its own privacy and security commitments.

Retention and deletion

We retain account and workspace data while your account is active or as needed to provide the service, meet legal obligations, prevent abuse, and maintain backups. You can disconnect integrations to remove stored OAuth tokens, and you may request export or deletion of your account or workspace data by contacting us. Some records may remain for a limited period in backups, logs, billing records, or audit trails where required for security, legal, or operational reasons.

Contact

Questions about this policy? Email us at hello@merzm.com.