Privacy Policy

1. Scope & Applicability

This Privacy Policy applies to:

• Website visitors
• Prospective customers and demo users
• Registered users of Launch™
• Communications with Mergen AI via email, forms, or support channels

This policy does not apply to third-party websites or services that may be linked from our site. Their privacy practices are governed by their own policies.

2. Information We Collect

We collect only the information necessary to operate an execution-grade compliance platform.

a. Information You Provide Directly

This may include:

• Name, email address, job title, and company information
• Account credentials and authentication data
• Information provided during onboarding interviews
• Regulatory inputs, structured data, and uploaded documents submitted as part of compliance workflows
• Support requests and correspondence

b. Product, Workflow, and Decision Data

When you use Launch™, we collect:

• Product configuration and regulatory workflow inputs
• AI execution plans, outputs, and human approvals or rejections
• Decision metadata required for traceability and audit readiness
• System interaction and usage logs

c. Automatically Collected Technical Information

We may collect limited technical metadata such as:

• IP address and general location
• Browser type, device type, and operating system
• Pages viewed and interaction timestamps

We do not collect sensitive personal data unless it is explicitly required to execute regulatory workflows as directed by the user.

3. How We Use Information

We use information exclusively to:

• Provide, operate, and maintain Launch™
• Execute regulatory compliance workflows as instructed by users
• Generate regulatory forms, documents, and submission-ready dossiers
• Maintain traceability, auditability, and decision records
• Improve automation quality, accuracy, and system reliability
• Secure the platform and prevent misuse
• Communicate product, security, or service updates
• Meet legal, regulatory, and contractual obligations

We do not sell personal data.
We do not use customer data for advertising purposes.

4. AI Processing & Human-in-the-Loop Control

Launch™ uses AI agents to assist with regulatory execution, including information validation, form generation, and document generation.

All AI activity operates under human-in-the-loop governance:

• Humans review and approve AI execution plans before work proceeds
• Humans review, accept, or reject all AI-generated outputs
• No regulatory output is considered final without human authorization

This ensures scientific judgment, regulatory accountability, and safe deployment in regulated environments.

5. Compliance Context Graph & Decision Records

Launch™ captures regulatory executions, approvals, and rationales as first-class decision records within a persistent Compliance Context Graph.

This graph:

• Links products, regulations, evidence, approvals, and AI agent actions
• Preserves the "why" behind every regulatory decision
• Enables full traceability, auditability, and reproducibility

Decision records are used solely to support compliance execution, audits, and continuous improvement of automation quality. They are not shared externally.

6. Data Sharing & Disclosure

We share information only in limited circumstances:

• With vetted service providers operating under confidentiality and security obligations
• When required by applicable law, regulation, or legal process
• To protect the rights, safety, or integrity of Mergen AI, our users, or the public

We do not disclose customer data for marketing or resale.

7. Data Security

Mergen AI implements security controls designed for regulated, enterprise environments. We apply layered administrative, technical, and organizational safeguards to protect data against unauthorized access, disclosure, alteration, and loss.

Our security practices include:

• Role-based access controls and least-privilege enforcement
• Encryption of data in transit and at rest
• Environment isolation and secure deployment practices
• Continuous monitoring and logging
• Comprehensive audit trails for all regulatory executions and approvals
• Internal access policies, reviews, and incident response procedures

We design our systems to align with widely recognized enterprise security and risk-management frameworks, including principles associated with SOC 2 and ISO 27001, and we continuously strengthen our security posture as the platform scales.

No system is immune to risk, but confidentiality, integrity, and availability are enforced as core platform requirements.

8. Data Retention

We retain data only for as long as necessary to:

• Provide and support our services
• Maintain regulatory traceability and audit readiness
• Meet legal, regulatory, and contractual obligations

Upon request, and subject to applicable law, customers may request data access, export, or deletion.

9. International Data Transfers

Mergen AI operates globally and may process data in jurisdictions where we or our service providers operate. Where required, we apply appropriate safeguards for cross-border data transfers.

10. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access your personal information
• Correct inaccurate or incomplete data
• Request deletion or restriction of processing
• Object to certain processing activities
• Receive a portable copy of your data

Requests may be submitted to: hello@mergenai.ca

11. Cookies & Analytics

We use limited cookies and analytics tools to understand website performance and improve user experience. You may control cookies through browser settings.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated "Last updated" date.

13. Contact Information

Mergen AI

Email: hello@mergenai.ca

Mailing address:

35 McCaul Street
Toronto, ON M5T 1V7
Canada