Privacy Policy
Last updated: April 3, 2026
Mera7 (“we”, “us”, “our”) operates the web application at app.mera7.com and the marketing site at mera7.com. This policy explains what data we collect, why, and how we protect it.
1. What we collect
| Data | When | Purpose |
|---|---|---|
| Email address | Sign-in (Google OAuth or magic link) | Authentication, memo sharing, communication |
| Company name | You start an evaluation | Research and generate a fit analysis |
| Uploaded files (PDF, DOCX) | You enrich your evaluation | Improve the fit analysis with your context |
| Google Drive files | You connect Google Drive | Extract relevant context (files stay on your Drive, never copied) |
| Chat messages | You use Q&A after a memo | Answer your questions grounded in the analysis |
| Feedback (stars, text) | You rate a memo | Improve memo quality |
We do not use third-party analytics, tracking pixels, advertising cookies, or any form of cross-site tracking. We do not sell or share personal data with advertisers.
2. Cookies
We only use strictly necessary cookies for authentication (Supabase session tokens). These are required for the application to work and are exempt from consent requirements under GDPR. We do not use analytics or marketing cookies.
3. How we use your data
- Fit analysis: your company name and any enrichment data are processed by AI (Anthropic Claude) to generate a fit memo.
- Memo sharing: when you share a memo, the recipient sees the public memo content and your company name. They do not see your uploaded files or private enrichment data.
- Vendor analytics: vendors see aggregated engagement data (company names, verdicts, chat activity counts). They never see your private documents, uploaded files, or internal memo content.
- Product improvement: we use anonymized usage patterns (not your documents) to improve the product.
4. Public vs. private data
Mera7 maintains a strict separation between public and private data:
- Public Company Profile: built from publicly available information (websites, press, etc.). May be shared with the vendor.
- Private enrichment: your uploaded files, Google Drive extracts, and answers to questions. Never shared with the vendor.
- Internal memo: if you enrich your evaluation, a private version of the memo is generated for your eyes only.
5. Third-party services
We use trusted third-party services for infrastructure (hosting, database, authentication), AI processing, web research, and transactional email. All infrastructure is hosted in the EU. We only share the minimum data necessary for each service to function, and we do not sell or provide your data to any third party for their own purposes.
6. Data storage and retention
- All data is stored on servers located in the European Union.
- Evaluations and memos are retained as long as your account is active.
- You can request deletion of your data at any time (see section 8).
- Google Drive files are accessed in real-time and never stored on our servers.
7. Security
- All traffic is encrypted via HTTPS/TLS.
- Authentication via Google sign-in or magic link.
- Row-level access controls enforced at the database level.
- Rate limiting and security headers on all endpoints.
8. Your rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Delete your data (“right to be forgotten”)
- Export your data in a portable format
- Object to processing
- Withdraw consent at any time
To exercise any of these rights, email us at contact@mera7.com. We will respond within 30 days.
9. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice in the application. The “last updated” date at the top reflects the most recent revision.
10. Contact
Questions or concerns? Reach us at contact@mera7.com.