Mervella

GDPR Compliance

Last updated: April 15, 2026

1. Our Commitment

MERVELLA LLC ("Mervella", "we", "us") is committed to protecting the privacy and personal data of all users in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

2. Data Controller

MERVELLA LLC acts as the data controller for personal data collected through our platform. Our contact details:

  • Company: MERVELLA LLC
  • Address: 1910 Thomes Ave, Cheyenne, WY 82001, United States
  • Email: privacy@mervella.ca
  • Phone: +1 (307) 248-6938

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined by GDPR Article 6:

  • Consent: Where you have given explicit consent for processing (e.g., marketing communications)
  • Contract: Where processing is necessary for the performance of our service agreement with you
  • Legitimate Interest: Where processing is necessary for our legitimate business interests (e.g., platform security, fraud prevention)
  • Legal Obligation: Where processing is required to comply with a legal obligation

4. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access (Article 15): Request a copy of your personal data
  • Right to Rectification (Article 16): Request correction of inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Request restriction of processing your personal data
  • Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used format (CSV export)
  • Right to Object (Article 21): Object to the processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@mervella.ca. We will respond to your request within 30 days.

5. Data We Collect

We collect and process the following categories of personal data:

  • Identity Data: Name, email address, company name
  • Technical Data: IP address, browser type, device information
  • Usage Data: Platform interaction data, feature usage statistics
  • Financial Data: Payment information (processed by Stripe; we do not store card details)
  • Content Data: Asset information, employee records, and other data you enter into the platform

6. Data Transfers

Your data may be transferred to and processed in the United States, where MERVELLA LLC is headquartered. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data processing agreements with all sub-processors
  • Encryption of data in transit and at rest

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Active account data: retained while your account is active
  • Deleted account data: removed within 30 days of account deletion
  • Billing records: retained for 7 years as required by law
  • Contact form submissions: retained for 2 years

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Row-level security policies on all database tables
  • Regular security audits and vulnerability assessments
  • Access controls and authentication requirements
  • Automated backups with point-in-time recovery

9. Sub-Processors

We use the following sub-processors to deliver our service:

  • Supabase: Database hosting and authentication (US/EU regions)
  • Stripe: Payment processing (PCI DSS Level 1 certified)
  • Cloudflare: CDN and DDoS protection

10. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected data subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  • Document all breaches and remediation steps taken

11. Contact & Complaints

For GDPR-related inquiries or to file a complaint:

  • Email: privacy@mervella.ca
  • Phone: +1 (307) 248-6938
  • Address: MERVELLA LLC, 1910 Thomes Ave, Cheyenne, WY 82001, United States

You also have the right to lodge a complaint with your local data protection supervisory authority.