Legal

Privacy Policy

Your mind is yours. Here's exactly what we collect, why, and how to stay in control.

Last updated: 23 May 2026 ยท Effective: 23 May 2026

Demo notice This site is a design demonstration for internal review only and is not live. The text below is a representative template and is not legal advice โ€” a real product should have policies reviewed by qualified counsel.

1. Who we are

Melern Labs, Inc. ("Melern," "we," "us," or "our") provides a playful brain-health and learning application and related websites (the "Service"). For users in the European Economic Area (EEA) and UK, Melern is the data controller of your personal data. Our registered studio address is Storgatan 12, 111 51 Stockholm, Sweden.

This Privacy Policy explains how we handle personal data when you visit our website, create an account, or use the Service. It should be read together with our Terms of Service and Cookie Policy.

2. Data we collect

We aim to collect the minimum needed to run a great product. Depending on how you use Melern, this may include:

  • Account data โ€” name, email address, password (hashed), and country.
  • Profile & preferences โ€” chosen programs, goals, age band, and accessibility settings.
  • Usage & progress data โ€” sessions completed, streaks, scores, and in-app activity used to personalize difficulty.
  • Optional reflections โ€” any journal notes or mood check-ins you choose to enter.
  • Device & technical data โ€” IP address, device type, browser, app version, and diagnostic logs.
  • Billing data โ€” handled by our payment processor; we receive limited details (e.g., plan, last 4 digits, billing country) and never store full card numbers.
  • Communications โ€” messages you send us via support or forms.

We do not intend to collect special-category health data. Mood and reflection entries are treated as sensitive and protected accordingly; please avoid entering clinical or diagnostic information.

3. How we use your data

  • To create and manage your account and deliver the Service.
  • To personalize sessions, difficulty, and recommendations.
  • To process payments and manage subscriptions.
  • To send service messages and, with consent, our newsletter.
  • To improve the product through aggregated, de-identified analytics.
  • To keep the Service secure and prevent fraud or abuse.
  • To comply with legal obligations.

We do not sell your personal data, and we do not use your reflections to train third-party advertising models.

  • Contract โ€” to provide the Service you signed up for.
  • Consent โ€” for the newsletter, non-essential cookies, and optional features. You may withdraw consent at any time.
  • Legitimate interests โ€” to secure, debug, and improve the Service, balanced against your rights.
  • Legal obligation โ€” to meet tax, accounting, and regulatory duties.

5. How we share data

We share personal data only with trusted processors acting on our instructions, including:

  • Cloud hosting and storage providers;
  • Payment processors;
  • Email and customer-support tools;
  • Privacy-respecting analytics providers.

We may also disclose data if required by law, to enforce our terms, or in connection with a merger or acquisition (with notice). Every processor is bound by a data-processing agreement.

6. Cookies & similar technologies

We use a small number of cookies and local storage to keep you logged in, remember preferences, and understand usage. You control non-essential cookies via our consent banner. For full details, see our Cookie Policy.

7. Data retention

We keep personal data only as long as needed for the purposes above. Account data is retained while your account is active and for a limited period afterward; billing records are kept as required by law (typically up to 7 years). When you delete your account, we delete or anonymize your data within 30 days, except where retention is legally required.

8. Your privacy rights

Depending on where you live (e.g., under the GDPR or California's CCPA/CPRA), you may have the right to:

  • Access a copy of your personal data;
  • Correct inaccurate data;
  • Delete your data ("right to be forgotten");
  • Restrict or object to certain processing;
  • Port your data to another service;
  • Withdraw consent at any time;
  • Opt out of the "sale" or "sharing" of personal data (we don't sell data);
  • Lodge a complaint with your local supervisory authority.

To exercise any right, email privacy@melern.example. We respond within 30 days and will not discriminate against you for exercising your rights.

9. International data transfers

We are based in the EU and prefer EU/EEA hosting. Where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and adequacy decisions.

10. Children's privacy

Melern is intended for users 13 and older. Family-plan profiles for under-13s may be created and managed only by a parent or guardian, who provides consent and controls the child's settings. We do not knowingly collect data from children under 13 without verifiable guardian consent. If you believe a child has provided us data improperly, contact us and we will delete it.

11. How we protect your data

We use encryption in transit (TLS) and at rest, access controls, least-privilege practices, and regular security reviews. No system is perfectly secure, but we work hard to protect your information and will notify affected users and regulators of any qualifying breach as required by law.

12. Changes to this policy

We may update this policy from time to time. We'll post the new version here with a revised "Last updated" date and, for material changes, notify you in-app or by email.

13. Contact & Data Protection

Questions or requests? Email privacy@melern.example or write to: Melern Labs, Inc., Attn: Data Protection, Storgatan 12, 111 51 Stockholm, Sweden. EEA users may also contact our EU representative at the same address.

See also: Terms of Service ยท Cookie Policy ยท DMCA Policy ยท Health Disclaimer