MerlinRead Privacy Policy
Effective date: 15 November 2025
MerlinRead (“we,” “us,” or “our”) is the organization that provides the MerlinRead mobile application, related backend services, and this landing page (collectively, the “Services”). This Privacy Policy explains how we handle information when you access or use the Services. Questions or privacy requests should be sent to support@mail.merlinread.com, our official compliance mailbox.
1. Overview
MerlinRead is the controller responsible for the personal data processed through the MerlinRead mobile application, related backend services, and this landing page (collectively, the “Services”). You can contact us at support@mail.merlinread.com for any privacy-related questions.
2. Scope
This Privacy Policy applies to anyone who installs or uses the Services, including parents/guardians who register accounts for children. It explains what information we collect, how we use it, and the choices available to you. It does not cover third-party services accessed through the Services (e.g., Apple or Google app stores), which are governed by their own policies.
3. Information we collect
We collect only the data necessary to operate a safe reading experience for children. The categories include:
- Account and authentication data: Parent/guardian identity, email address, and Firebase identifiers obtained through Google Sign-In, Apple Sign-In, or similar identity providers. Authentication tokens are stored securely on the device.
- Child reading activity: Selected books, EPUB locators, completion percentages, timestamps, and library status so a child can resume reading across sessions.
- Chat and voice transcripts: Questions submitted to AI helpers, generated responses, and text transcriptions of optional voice input. We do not store raw audio; only the converted text becomes part of chat history.
- Device and diagnostic data: Device model, operating system, app version, screen metrics, crash logs, and general usage analytics collected via Firebase, React Native Device Info, and Sentry.
- Subscription and purchase metadata: RevenueCat identifiers, App Store/Play Store purchase tokens, and entitlement status. Payment card details are never shared with us.
- Support communications and legal compliance: Emails, support tickets, and any information supplied when you request assistance or exercise privacy rights.
4. How we use information
- Authenticate accounts and keep sessions secure.
- Provide reading synchronization, chat history, and educational progress tracking.
- Process subscriptions, renewals, and entitlement checks through RevenueCat and the relevant app store.
- Deliver conversational guidance by sending prompts and necessary context to our backend and authorized AI providers.
- Maintain safety, debug issues, and prevent fraud or misuse.
- Comply with Project Gutenberg licensing requirements by recording acknowledgments that users have verified local legality for each title.
- Respond to support requests and communicate important service updates to parents/guardians.
5. Legal bases (where applicable)
- Contractual necessity: Operating the Services you request, including reading synchronization and premium subscriptions.
- Consent: Obtained from parents/guardians for children’s accounts, microphone access, and optional communications.
- Legitimate interests: Securing the platform, preventing abuse, and improving quality.
- Legal obligations: Meeting tax, accounting, consumer protection, and Project Gutenberg licensing requirements.
6. Sharing and processors
We never sell personal data. We share limited information with trusted processors necessary to run the Services:
- Firebase / Google Cloud: Authentication, analytics, remote configuration, and cloud messaging.
- Apple and Google sign-in services: Account verification for parents/guardians.
- RevenueCat, Inc.: Subscription management and validation of store receipts.
- OpenAI, LLC and Groq, Inc.: Processing chat prompts to generate responses, using context we supply.
- Sentry (Functional Software, Inc.): Crash and performance diagnostics.
- Hosting and infrastructure providers: Securely running backend APIs and databases.
We may also disclose information if required by law, to enforce our terms, or to protect users’ safety.
7. International transfers
We operate primarily from the United States, and many of our processors store data there or in other jurisdictions. When information is transferred internationally, we rely on contractual safeguards such as Standard Contractual Clauses or equivalent mechanisms offered by our vendors.
8. Retention
- Account and authentication data are retained while the parent/guardian maintains an active account.
- Reading progress and chat transcripts remain until the parent/guardian deletes them in-app or requests removal.
- Diagnostic logs are typically deleted within 30 days unless needed for security investigations.
- Subscription and financial metadata are kept for the period required by tax and accounting rules.
9. Security
We use technical and organizational safeguards such as TLS encryption, access controls, and continuous monitoring. No system is completely secure; please notify us immediately at support@mail.merlinread.com if you suspect unauthorized access.
10. Children’s privacy and parental controls
The Services are designed for children but must be managed by a parent or legal guardian. We collect only the information necessary to provide the reading experience and rely on the guardian’s consent for any processing of the child’s data. Parents may review, correct, or delete their child’s data at any time by contacting us. If we learn that a child is using the Services without verifiable parental consent, we will suspend the account and delete the information unless the guardian promptly authorizes continued use.
11. Your rights and choices
Depending on your jurisdiction, you may have the right to request access, correction, deletion, portability, restriction, or objection to processing. You can also withdraw consent where we rely on it. Submit requests to support@mail.merlinread.com; we will respond within the timeframe required by law and may verify your identity before fulfilling a request.
12. Project Gutenberg compliance
Because MerlinRead distributes public-domain books from Project Gutenberg, we remind users to ensure that accessing each work is legal in their country. We log acknowledgments of that reminder to demonstrate compliance with the Project Gutenberg license. We do not provide legal advice and cannot guarantee that a work is lawful in every jurisdiction.
13. Changes and contact
We may revise this Privacy Policy as the Services evolve. Material updates will be posted with a new effective date and, when appropriate, communicated through in-app notices or email. Continued use after changes take effect constitutes acceptance.