Privacy Policy

This Merge “Privacy Policy” applies to our various websites, applications and services located or accessed at https://www.merge.dev/ (“Services”), which is owned and operated by Merge API, Inc.  (“Merge,” “Company” or “we” or “us”). We recognize and respect your privacy. This Privacy Policy explains how we collect, use and disclose personally identifying information (“Personal Information”) gathered through the Services. 

While this Privacy Policy may reference aspects of our other terms and agreements, use of the Services is subject to our Terms of Use, Subscriber Agreement, End Customer Terms and Master Services Agreement. All such terms are located at: https://www.merge.dev/terms/ and referred to collectively as “Terms.” Capitalized terms used but not defined in this Privacy Policy have their meaning set forth in the various agreements within the Terms. 

We reserve the right to change this Privacy Policy from time to time without notice to you. You should check here periodically to review the current Privacy Policy, which is effective as of the revision date listed above. Your use of the Services and submission of any information, including Personal Information, to us constitutes acceptance and understanding of this Privacy Policy.

Types of Information & Personal Information Collected Through the Services

Our Services enable our users to connect applications (i.e., End Customer Applications and Customer Applications) with Partner Applications (e.g., third party services and applications such as for HRIS, ATS, ticketing, accounting services and platforms etc.) via APIs and Merge Integrations made available by us. We may collect, store and process, on your and/or your organization’s behalf, any data (including Personal Information) transmitted to Merge from an End Customer Application, Customer Application or Partner Application through a Merge Integration .

We may also collect data, including Personal Information, directly from you or your organization through the Services such as:

  • Your contact information (such as name, address, email address and phone number);
  • Personal information contained in legal agreements (such as invoices and orders);
  • Information posted by you to the Services (such as comments, suggestions, feedback, opinions, or media); 
  • About third parties, but solely pursuant to their express permission, collected and processed by an End Customer, Customer, or Partner (e.g., job candidate information originally stored within End Customer’s systems, a Customer Application or Partner Application); and
  • Any other Personal Information you submit to us in the form of an email or via any function within the Services (e.g., requests for demos, contact forms, job postings, etc.).

Types of Uses of Information & Personal Information

We collect, store and use the information as well as Personal Information you provide to us in various ways always in accordance with this Privacy Policy and as follows:

  • To provide the Services; 
  • To process product orders received through the Services or other ways you communicate them to us (e.g., email, phone);
  • To evaluate business opportunities; 
  • To effectuate or enforce a transaction or agreement; 
  • To adjust offerings or services provided by us to you;
  • To provide you with information about our products and services that we believe you may find of interest, including to send you mailing lists, and marketing and promotional e-mails;
  • To authenticate visitors to the Services; 
  • To generate de-identified and aggregated statistics data for any lawful purpose and as specified in the Terms;
  • To be able to respond to requests or inquiries, and for similar, customer-service-related purposes;
  • To respond to job applications. If you decide to apply for a job with us, you may submit your Personal Information and resume online. If you apply for a job with us through a third-party platform (such as Glassdoor or LinkedIn), we will collect certain Personal Information you make available to us through such third-party platform;
  • We automatically collect through the Services information that is often not personally identifying, such as the website from which visitors came to the Services, Services visitors’ IP address, browser type and other information relating to the device through which they access the Services. We may combine this information with the Personal Information we have collected from you; and
  • To improve the Services and offerings or services provided by us and to better understand how users access and use the Services and offerings provided by us.

For clarity, we do not make any warranty, express, implied or otherwise, that we will be able to prevent loss, misuse, unauthorized access to, or alteration of personally identifiable information you provide to us. You make any disclosure of personally identifiable information to us at your own risk.

Types of Sharing of or Disclosures of Personal Information

We may share or disclose Personal Information to third parties for the following purposes:

  • To third parties in aggregated, or non-personally identifying, forms of information about our Services users for marketing, advertising, research or other reasonable business purposes;
  • To provide you with information relating to products or services that we believe you may find of interest;
  • In response to a subpoena or other legal process by a governmental entity or third party, or if otherwise required by law;
  • To protect or enforce our rights including with respect to our assets and properties; 
  • In the event of the sale or dissolution (bankruptcy) of assets, in whole or in part, of our business or any of its affiliates;
  • To third parties involved in the process of fulfilling orders, providing, or performing functions on our behalf and as aspects necessary to provide our products and the Service (e.g., such as third-party integration partners, service providers, contractors, payment processors, banks, and collection agencies); and 
  • To provide products or services requested.

Cookies, Beacons and Analytics

When you interact with the Services, we strive to make your experience easy and meaningful. Our Services uses technology, or those of third-party service providers, such as cookies, web beacons (clear GIFs, web bugs) and similar technologies to track user activity and collect site data. We may combine this data with the Personal Information we have collected from you.

Cookies

We (including our chosen third-party service providers) use cookies to track visitor activity on the Services. A cookie is a text file that a website transfers to your computer’s hard drive for record-keeping purposes. Our cookies assign a random, unique number to each visitor’s computer. They do not contain information that would personally identify the visitor, although we can associate a cookie with any identifying information that is or has been provided to us while visiting the Services. We use cookies that remain on your computer for a specified period of time or until they are deleted (persistent cookies). We may also use cookies that exist only temporarily during an online session (session cookies) – these cookies allow us to identify you temporarily as you move through the Services. Most browsers allow users to refuse cookies but doing so may impede the functionality of some portions of our Services.

Web Beacons

Web beacons are tiny graphics with a unique identifier, similar in function to cookies, that are used to track the online movements of Web users. In contrast to cookies, which are stored on your computer’s hard drive, Web beacons are embedded invisibly on webpages and may not be disabled or controlled through your browser.

Third Parties

We may also engage third parties to track and analyze Services activity on our behalf. To do so, these third parties may place cookies or web beacons to track user activity on our Services. We use the data collected by such third parties to administer and improve the quality of the Services, analyze usage of the Services, and provide a more enhanced user experience on the Services, such as personalizing and delivering relevant offers and content based on user activity on the Services. We do not provide these third parties with your Personal Information.

We may use third party analytics services (such as Google Analytics and other similar services) to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources.

Merge’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

User Content

The Services allow users to post information. Any information that you post to the Services becomes public information and may be viewable by other users, as well as visitors to the Services. In addition, your name, as well as other optional information you choose to submit along with the information you post, will be publicly displayed along with your comment or blog. We are not responsible for the privacy of any information that you choose to post to the Services, or for the accuracy of any information contained in those postings. We cannot prevent such information from being used by others in a manner that may violate this Privacy Policy, the law, or your personal privacy. Your posting of any content to any of the Services is subject to our Terms of Use.

Third-Party Links

The Services contain links to other, third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites. 

Email Policy

We may use your email address to communicate with you about orders you have placed, inquiries you have made about our products and services, or information you have shared with us through the Services or email. We may send you emails from time-to-time, about information that we believe may be of interest to you. We may also send you news and offers about our products and services, or those of our chosen partners. Examples include, but are not limited to, our blog, newsletter, information about special offers, or other products or offerings.

If, at any time, you would like to stop receiving these promotional e-mails, you may follow the opt-out instructions contained in any such e-mail. Please note that it may take a few business days for us to process opt-out requests. If you opt-out of receiving emails or promotions, we still may send you e-mails to you in accordance with this Privacy Policy, as requested by you, or in reference to other customer service purposes.

Your Data Protection Rights (California Residents)

If you are a resident of California and interact with us as a consumer, you have certain rights under the California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.), including to request access to and deletion of your Personal Information (as defined in the CCPA). You may exercise these rights by contacting us at hello@merge.dev. We do not sell your Personal Information, but we may allow our advertising partners to collect certain device identifiers and electronic network activity that allows them to show ads within their systems that are targeted to your interests. To opt out of having your Personal Information used for targeted advertising purposes, please visit www.aboutads.info/choices.

Children’s Privacy

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no parts of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at hello@merge.dev.

International Users

If you are accessing the Services from outside the United States and are providing your information directly to Merge (i.e. Merge is serving in a data controller role for your personal data), you are consenting to and authorizing the transfer of your information to the United States for storage, use, processing, maintenance and onward transfer of such information to other entities, regardless of their location, in accordance with this Privacy Policy and the other applicable Terms. For clarity, and as outlined in the Terms, you are also consenting to the application of United States law in all matters concerning the Services.

Personal data collected from the European Economic Area, UK and Switzerland and processed by Merge as a data controller will, for example, be transferred to and processed by us in the United States or another country outside of the European Economic Area, UK or Switzerland. In such instances, we shall ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that the transfer is consistent with an approved transfer mechanism, such as the Standard Contractual Clauses approved by the EU Commission.

Data subjects from the European Economic Area and the UK are entitled to certain rights with respect to their personal data, including the right to access, from the data controller, any personal data being processed, and to obtain more information on the purpose of processing, categories of data being processed, sharing with third parties, and other information. Merge serves as data controller for personal data of Merge’s personnel, applicants, and business contacts. Data subjects for whom Merge serves as data controller can limit Merge’s use and disclosure of their personal data in a variety of ways depending on the circumstances. These choices may include selecting what data to share with Merge, requesting Merge delete data, and opting out of marketing correspondence.

Data Privacy Framework

Merge complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce.  Merge has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Merge is committed to subject to the DPF Principles all personal data received from the European Union and, as applicable the United Kingdom (and Gibraltar), in reliance on the relevant part(s) of the DPF program.  Merge maintains contracts with third parties with whom we share personal data that restrict their access, use and disclosure of personal data in compliance with our Data Privacy Framework obligations, including the onward transfer provisions, and Merge remains liable if they fail to meet those obligations and we are responsible for the event giving rise to damage.

If you have a concern that Merge has not handled your personal data appropriately under the DPF or UK Extension, please contact Merge at hello@merge.dev. If your issue cannot be resolved directly with Merge, in compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Merge commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from Merge, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If neither Merge nor our dispute resolution provider resolves your complaint, you may be able to pursue binding arbitration through the Data Privacy Framework Panel. For more information on this option, please see Annex I of the EU-U.S.Data Privacy Framework Principles.

Merge is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). 

Please be aware that Merge may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

How to Contact Us

While we strive for error free performance, we cannot always catch an unintended privacy issue. As a result, we encourage your questions and comments about any privacy concerns. Please direct them to us by an email to the following: hello@merge.dev.

Last Revised: December 18, 2023