Effective Date: January 1, 2019

MerlinOne, Inc. (“us”, “we”, or “our”) manage and operate the Merlin Digital Asset Management applications (collectively, the “Services”). This informs you of our policies and practices regarding the collection, use and disclosure of information which personally identifies you (“Personal Information”) when you or our customers (data controllers) use our Services. We will not use or share your information with anyone except as described in this privacy policy (the “Privacy Policy”). We use your Personal Information for providing and improving the Services.

Personal Information Collection and Use

We may ask you to provide us, or our customers (data controllers) may provide us, with certain Personal Information that can be used to contact or identify you. Personal Information may include, but is not limited to, your name, job title, email address, IP address, LinkedIn URL, phone number, mailing address, picture, and employer. We process Personal Information for the purpose of providing the Services, responding to your requests or inquiries, servicing your purchase orders, improving our Services, and identifying and communicating with you about our Services, discounts, and promotions.

Retention of Personal Information

How long we keep information we collect about you depends on the type of information, as described in further detail below. We will either delete or anonymize your information or, if this is not possible due to our contractual obligations to our customers (data controllers), then we will securely store your information until deletion is possible.

Account Information

We retain your account information for as long as your account is active and for a reasonable period thereafter in case you decide to reactivate the Services. We also retain your information as necessary to comply with our legal obligations, resolve disputes, enforce our agreements, and continue to develop and improve our Services. Where we retain information for Service improvement and development, it will be anonymized and used to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.

Managed Accounts

If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by your employer under our agreement with your employer as required by the administrator of your account. If your account is deactivated, your information and conversations you may have had and actions you may have taken on the Services will remain to allow your team members to make full use of the Services.

Marketing Information

If you have elected to receive marketing emails from us, we retain information about your marketing preferences for two (2) years from the date you last expressed interest in our Services. Every marketing email we send will provide you with the option to opt out of receiving future emails.

Accessing and Correcting Your Personal Information

We acknowledge individuals’ rights to access their personal information. You may access, update, correct or have removed from our systems and records the Personal Information you provided to us by emailing a request to privacy@merlinone.com or contacting us by telephone or postal mail as further specified in the How to Contact Us clause of this Privacy Policy. To protect your privacy and security, we will also take reasonable steps to verify your identity before updating or removing your information.

In addition, you may access, update, correct or have removed from our systems and records the Personal Information our customers (data controllers) have provided about you by contacting them directly.

Information Collected Directly from You

We collect information about you when you provide it to us and automatically when you use the Services.

Log Data

We collect information that your browser sends whenever you visit our website or use our Services (“Log Data”). This Log Data may include information such as your computer’s IP address, browser type, browser version, pages you visit, time and date of your visit, time spent on those pages, and other statistics. In addition, we use third-party services from HubSpot and Google that collect, monitor and analyze this type of information in order to increase our Services’ functionality. These third-party service providers have their own privacy policies addressing how they use such information. When you access the Services by or through a mobile device, we collect certain information automatically, including the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and your general location information as described further below.

Location Information

We may use and store information about your general location. We use this information to provide features of our Services and to improve and customize our Services.


Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and transferred to your device. We use cookies to collect information in order to improve our Services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. The “Help” feature on most browsers provides information on how to accept cookies, disable cookies, or notify you when receiving a new cookie. If you do not accept cookies, you may not be able to use some features of our Services and we recommend that you leave them turned on.


You may enhance the Services by enabling integrations with third-party products. If you provide third-party account credentials to us, you understand some content and/or information in those accounts (“Third-Party Account Information”) will be transmitted into your account with us, and that Third-Party Account Information transmitted to our Services is covered by this Privacy Policy.

Other Users of the Services

Other users of our Services may provide information about you when they use the Services. For example, we receive your name and digital assets containing your picture from other Service users acting as data controllers when they use the services we provide.

Service Providers who may Receive Your Personal Information

We may employ third-party companies and individuals (our “agents”) to facilitate our Services, provide the Services on our behalf, perform complementary services and/or assist us in analyzing how our Services are used. Examples may include storing data, delivering messages, analyzing data, providing marketing assistance, managing our agreements with you, supplementing the information you provide us in order to provide you with better service, and providing customer service. At this time, we employ HubSpot and Google to provide marketing assistance. These third parties have access to your Personal Information only to perform specific tasks on our behalf and are under written obligation not to disclose or use your Personal Information for any purpose other than those disclosed in this Privacy Policy.

Notwithstanding such legal and contractual obligations between us and such service providers, we remain potentially liable for any misuse of your Personal Information. We will disclose Personal Information when we are required to do so in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Communications Options

Once you opt-in, we may use your Personal Information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by emailing, privacy@merlinone.com.

Security of Personal Information

The security of your Personal Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.

International Transfer of Personal Information

Your Personal Information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. If you are located outside the United States and choose to provide Personal Information to us, please note that we transfer Personal Information to the United States and process and maintain it in the United States. By submitting your Personal Information, you are agreeing to this transfer, storing or processing. If we transfer your information outside of the European Economic Area in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.

For EU Users

This section applies only to Users located in the European Union.

Contact Information for the Data Controller

This paragraph pertains only to individuals for whom MerlinOne is a “controller” within the meaning of Regulation (EU) 2016/679 of the German Parliament and of the Council of 27 April 2016 (“GDPR”):

Controller of your Personal Information:

MerlinOne, Inc.

50 Braintree Hill Office Park Suite 308
Braintree, MA 02184

Phone: +1 617-328-6645

Email: privacy@merlinone.com

Data Protection Officer:

Jeff Seidensticker

Data Protection Officer & COO

50 Braintree Hill Office Park Suite 308
Braintree, MA 02184

Email: DPO@merlinone.com

Legal Bases for Processing EU Users’ Personal Information

We only process your information when we have the legal basis to do so. That is, we will only process your Personal Information when:

  • We need it to provide you the Services
  • You give us consent for a specific purpose
  • It satisfies legitimate interests (which are not overridden by your data protection interests), such as for improving, marketing, and promoting the Services and protecting our legal rights
  • We need to process your data to comply with our legal obligations to our customers

Transfer of EU Users’ Personal Information Outside the EU

Since we are a US-based company with no facilities or representatives in the EU, we will transfer your Personal Information to the United States for processing and maintenance.

Personal Information

You have control over your Personal Information. Below are the rights you have and the steps you can take to exercise them. Please note that your rights may be limited in certain cases: for example, if fulfilling your request would reveal information about another person, or if you ask to delete information which we or your employer are permitted by law or have compelling legitimate interests to keep, and it may take time for us to investigate your request. If you believe that we are not respecting your rights with regard to your Personal Information, you may lodge a complaint with your local supervisory authority.

Right to Access

You have a right to request a copy of the Personal Information that we hold. To request this information, please email us at privacy@merlinone.com.

Right to Rectification

If you believe that any Personal Information that we hold is incorrect, you have the right to correct that information. You can request a change your personal information by emailing us at privacy@merlinone.com.

Right to Erasure, Restriction, or Objection to Processing

If you believe we do not have the right to process your information or you object to our processing for a particular purpose, or if you want us to erase your Personal Information altogether, please email us at privacy@merlinone.com.

Right to Withdraw Consent

If you gave us consent to process your Personal Information for a particular purpose, you have the right to withdraw that consent by emailing us at privacy@merlinone.com. Your withdrawal of consent does not affect the lawfulness of our processing of your Personal Information prior to the withdrawal.

Data Portability

You have the right to obtain the Personal Information that you have directly submitted to us. If you want to exercise this right, please email us at privacy@merlinone.com.

Changes to This Privacy Policy

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Services after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy. If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

How to Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at: privacy@merlinone.com 50 Braintree Hill Office Park Suite 308, Braintree, MA 02184, 617-328-6645.