Meraki.so LLC ("Meraki", "we", "us", "our") is the controller of all personal data processed through our website, applications and related services.
How We Collect Data
Information you provide – account details, billing info, messages and any content you upload.
Information we obtain automatically – cookies, log files, usage analytics, device and browser data, approximate location and referring URLs.
Information from third parties – payment processors, authentication providers and marketing partners (only where you have authorised them to share).
Legal Basis (GDPR)
We process personal data only when at least one of these grounds applies:
Consent (Art. 6 (1)(a));
Contract performance or pre-contract steps (Art. 6 (1)(b));
Legitimate interests that do not override your rights (Art. 6 (1)(f));
Compliance with a legal obligation (Art. 6 (1)(c)).
Purposes of Processing
Account registration, authentication and service delivery;
Payment processing and invoicing;
Service improvement, security monitoring and fraud prevention;
Customer support and communications;
Marketing (only with opt-in consent or soft opt-in for existing customers);
Legal and regulatory compliance.
Cookies & Similar Technologies
We use two categories of cookies and local-storage technologies:
Essential cookies (strictly necessary) – keep you signed in, route traffic to the nearest server, prevent fraud and remember your privacy settings. They are set automatically when you log in. Disabling them may break core functionality.
Optional cookies – analytics, personalisation and marketing cookies that are disabled by default and only activated after you grant explicit consent. You can withdraw consent at any time.
We keep personal data only as long as needed for the purposes described or as required by law. Back-ups are routinely deleted after 30 days. If you delete your account, most data is erased within 14 days unless retention is legally required.
Disclosure & International Transfers
Trusted processors who help us run the service (hosting, analytics, email, payments).
Professional advisers (lawyers, accountants, insurers).
Authorities or courts when legally compelled.
Where data is transferred outside the EEA or UK, we rely on adequacy decisions, Standard Contractual Clauses or Binding Corporate Rules.
Your Rights
You can access, rectify, erase, restrict, object and port your data; withdraw consent; and lodge a complaint with a Supervisory Authority. California residents additionally have CCPA/CPRA rights to know, delete and opt-out of "sharing" for cross-context behavioural advertising.
Children's Privacy
Meraki.so is not directed to children under 16. We do not knowingly collect data from minors. Contact us if you believe a child has provided data without parental consent.
Security
We use encryption in transit and at rest, strict access controls, regular penetration tests and staff training. No system is 100% secure; please use strong, unique passwords.
Changes to This Policy
Material changes will be announced via email and a banner on our site at least 14 days before they take effect. Archived versions are kept for transparency.