Privacy Policy

Last updated: April 3, 2026

At Merios ("we," "us," "our," or the "Company"), operated by Merios LLC, a US-based corporation, we are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your information. This Privacy Policy explains our practices regarding personal data and health information.

Please read this policy carefully. By using Merios, you consent to the practices described herein.

1. Information We Collect

We collect information you provide directly and automatically through your use of Merios:

Personal Information

Email address, name, age, gender, and other profile information you provide when creating an account.

Health Data

Blood test results, biomarkers, Apple Health data (steps, heart rate, sleep), daily health check-ins, symptoms, medications, and other health metrics you choose to share. This health information is highly sensitive and is treated with the highest level of care.

Usage Data

Device information, browser type, IP address, pages visited, time spent on features, and interaction patterns. We use this to improve the app and understand user behavior.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Merios service
  • Calculate your personalized health scores and insights
  • Send you service-related announcements and account notifications
  • Respond to your requests and support inquiries
  • Improve our algorithms and analytics capabilities
  • Detect and prevent fraud or misuse of the platform
  • Comply with legal obligations and enforce our terms
  • With your consent, send you wellness tips and marketing communications

3. Data Storage & Security

We take the security of your data very seriously. Your information is:

  • Encrypted at rest using industry-standard encryption (AES-256)
  • Encrypted in transit using TLS/SSL protocols
  • Stored on Supabase, a secure PostgreSQL platform with enterprise-grade infrastructure
  • Hosted in secure data centers located in the United States and European Union with redundancy and backup systems
  • Protected by access controls limiting who can view or modify your data

While we employ best practices, no system is perfectly secure. We encourage you to use strong passwords and protect your account credentials.

4. Third-Party Services

We use third-party service providers to help us operate Merios:

Supabase

Our database and backend infrastructure provider. Your data is encrypted and stored securely within their systems. See their privacy policy at supabase.com.

OpenAI

We use OpenAI's API for health data analysis and insight generation. OpenAI operates under a zero retention policy, meaning your data is not stored or used to train their models. Your health data is processed exclusively for your benefit within the Merios platform.

RevenueCat

We use RevenueCat for subscription management and billing. Payment data is handled securely and complies with PCI-DSS standards.

Apple HealthKit

If you choose to connect Apple Health, we access health metrics with your explicit permission. You can revoke access at any time through iOS Settings.

We do not share your health data with third parties except as necessary to provide the service and in compliance with your consent and applicable law.

5. Your Rights

Depending on your location, you have the following rights regarding your data:

  • Right to Access: Request a copy of all personal data we hold about you
  • Right to Rectification: Correct inaccurate information
  • Right to Deletion: Request deletion of your data (subject to legal retention requirements)
  • Right to Data Portability: Receive your data in a portable format
  • Right to Withdraw Consent: Opt out of non-essential data processing
  • Right to Object: Object to processing of your data for marketing or analytics

To exercise any of these rights, contact us at privacy@merios.life.

6. GDPR Compliance

For users in the European Union and those subject to GDPR:

Legal Basis for Processing

We process your data on the basis of: (1) your explicit consent, (2) contract performance (providing the service), (3) legal compliance, and (4) legitimate interests (improving service quality and security).

Data Controller

Merios LLC, US. For GDPR inquiries, contact legal@merios.life.

Data Subject Rights

You have rights outlined in Section 5, plus the right to lodge a complaint with your local data protection authority.

7. Data Retention

We retain your personal and health data for as long as your account is active. If you request deletion of your account:

  • Your data will be deleted within 30 days of your request
  • Backups may retain data for an additional 30 days for safety and recovery purposes
  • Data required for legal compliance or to resolve disputes will be retained as needed

8. Children's Privacy

Merios is not intended for individuals under 18 years old. We do not knowingly collect information from minors. If we become aware that a user is under 18, we will delete their account and associated data. Parents or guardians who believe a child's information has been collected should contact us immediately at privacy@merios.life.

9. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice in the app. Your continued use of Merios after changes constitutes your acceptance of the updated policy. We encourage you to review this policy regularly.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our privacy practices, please contact:

Merios LLC

Email: privacy@merios.life

United States