Privacy Policy

Last Updated: March 2026

MERACH, LLC (collectively with our affiliates, "MERACH", "we", "our", or "us") is committed to empowering your fitness journey while safeguarding your personal data.

This Privacy Policy explains how we collect, use, and share information across our ecosystem, including the website (https://merachfit.com/), the MERACH mobile application (the "App"), our smart fitness equipment (such as rowing machines, exercise bikes, and treadmills), and our customer support channels (collectively, the "Services").

Table of Contents

Information We Collect
How We Use Your Information
Data Security and Retention
Data Sharing and Disclosure
Your Data Control Rights (GDPR & CCPA Compliance)
International Data Transfers
Region-Specific Notices
Cookies and Tracking Technologies
Children’s Privacy
Third-Party Links and Services
How to Contact Us
Additional U.S. State Privacy Disclosures (California)
Updates to This Policy

1. Information We Collect

We believe that providing a world-class fitness experience requires a transparent understanding of the data we collect. Depending on your interaction with our Services, we collect personal data from the following categories and sources:

1.1 Information You Actively Provide to Us

Account and Authentication Data: When you register for a MERACH account, we collect your name, email address, telephone number, username, and password. If you use third-party "Single Sign-On" (SSO) providers—such as Google, Apple, or Facebook—we receive your profile information and avatar from those entities.
Fitness, Health, and Wellness Profiling: To provide tailored training recommendations and accurate health metrics, you may provide physical attributes including gender, date of birth, height, weight, and fitness goals.
Core Functionality Requirement: We only request health-related information when necessary for core functionality, such as calculating your Body Mass Index (BMI), Basal Metabolic Rate (BMR), or customized calorie-burning algorithms.
Commercial and Transactional Information: When you purchase MERACH equipment from our Site, we collect your shipping address, billing address, phone number, and purchase history. Your payment details (e.g., credit card numbers) are processed directly by our PCI-compliant third-party payment processors; we do not store full financial data on our servers.
User Content and Communications: We collect the content of your communications with us, including feedback, customer service inquiries via email (info.us@merachfit.com) or live chat, and any photos, videos, or audio you upload for troubleshooting or community sharing.

1.2 Information Collected Automatically from Technology and Equipment

When you use our Site, App, or connected fitness equipment, we and our partners automatically collect information via cookies, SDKs, and hardware sensors:

Hardware and IoT Device Telemetry: We collect specific data from your MERACH smart equipment, including:
- Device Identifiers: Model name, Serial Number (SN), MAC address, and firmware version. Where possible, identifiers are pseudonymized or hashed before transmission to our cloud servers.
- Equipment Status: Battery levels, Wi-Fi/Bluetooth signal strength, hardware error logs, and operating environment data (e.g., device temperature).
Real-time Fitness Metrics: During a workout, our sensors collect exercise performance data, including:
- Power and Intensity: Watts, resistance levels, cadence (RPM), stroke rate, and incline.
- Physical Output: Heart rate (via connected monitors), total calories burned, distance covered, and active duration.
App and Web Usage Data: We collect interaction data from our digital platforms, including IP addresses, browser types, operating system versions, time zone settings, pages visited, classes viewed, and session duration.
Precise Location Information: For features such as Bluetooth pairing, time zone synchronization, and local leaderboards, we may collect precise GPS coordinates (latitude and longitude), but only with your explicit permission.

1.3 Information from Third Parties

Integrated Health Ecosystems: If you sync MERACH with platforms like Apple Health, Google Fit, or Strava, we receive data to unify your fitness profile (e.g., step counts and external workouts). We maintain full transparency regarding Third-Party SDKs and explicitly define which metrics are read or written.
Publicly Available Information: We may collect information you make public on social media (e.g., comments on Facebook or Instagram) to improve our community engagement.
Marketing and Business Partners: We may receive information from partners who assist in fraud prevention or targeted marketing to ensure our offers remain relevant.

1.4 Voluntary Nature of Information

You are not required to provide the personal data we request. However, please note that if you withhold certain information (such as weight for calorie calculations or Bluetooth access for equipment pairing), we may be unable to provide full functionality or respond to specific service requests.

2. How We Use Your Information and Legal Bases

We process your personal data only when a valid legal basis exists. We use your information for the following specific purposes:

2.1 To Provide and Maintain Our Services (Contractual Necessity)

Account Management: Authenticating your identity and enabling SSO across our platforms.
Order Fulfillment: Processing transactions, arranging delivery, and managing warranty claims.
Fitness Tracking and Analytics: Processing workout data to generate performance reports and display real-time metrics on the App or equipment console.
Customer Support: Troubleshooting technical issues and providing after-sales services.

2.2 To Personalize Your Experience (Consent and Legitimate Interest)

Customized Recommendations: Utilizing profile data (age, weight, BMI) and history to suggest classes or trainers that align with your goals.
Interactive Features: Enabling community leaderboards and challenges. You may opt for "Privacy Mode" or hide your profile via App settings.
Ecosystem Integration: Syncing with third-party health platforms (Apple Health, Google Fit) upon your explicit grant of permission.

2.3 To Optimize and Improve Our Products (Legitimate Interest)

Product Development: Analyzing equipment usage and error logs to identify hardware defects and improve rowing/cycling algorithms.
Software Optimization: Using click-stream data to refine user interface design and ensure App stability.
Over-the-Air (OTA) Updates: Using device information (SN, firmware version) to push mandatory security patches and updates.

2.4 For Marketing and Communication (Consent)

Promotional Messaging: Sending emails or push notifications about new products and seasonal challenges. You may opt-out at any time via the "Unsubscribe" link.
Personalized Ads: Working with third-party partners to show relevant MERACH advertisements on other platforms based on your browsing behavior.

2.5 Security and Legal Compliance (Legal Obligation)

Account Security: Monitoring for suspicious login activity and protecting against "bot" attacks.
Legal Requirements: Complying with tax obligations, responding to subpoenas, and enforcing our Terms of Service.
Sensitive Data Protection: For biometric processing (e.g., heart rate), we process data locally whenever possible and only upload it to the cloud with separate, explicit consent.

3. Data Security and Retention

3.1 Industry-Standard Encryption

Data in Transit (HTTPS): We utilize SSL/TLS-based HTTPS protocols to create a secure, encrypted tunnel for all data moving between your equipment, the App, and our servers.
Data at Rest (AES-256): All sensitive personal data stored on our cloud servers is protected using Advanced Encryption Standard (AES-256). We employ salted cryptographic hashing for passwords.

3.2 Smart Hardware and IoT Security

Secure OTA Updates: Firmware updates are delivered via encrypted channels and digitally verified to ensure your equipment only executes official MERACH software.
On-Device Processing: Certain raw data, such as sensor calibrations, are processed locally on your equipment to reduce the data footprint in the cloud.

3.3 Advanced Technical Measures

Access Control: We implement the "Principle of Least Privilege" (PoLP). Access to your data is strictly limited to authorized staff who require it for specific tasks.
Network Defense: We utilize web application firewalls (WAF) and intrusion detection systems (IDS) to mitigate threats in real-time.

3.4 Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Policy, or as required by law (e.g., tax or accounting). Once the retention period expires, we will securely delete or anonymize your data.

3.5 Your Shared Responsibility

Security is a collaborative effort. While MERACH provides robust cloud, app, and hardware protections, we urge you to take the following steps to safeguard your account:

Account Integrity: Choose a strong, unique password and avoid reusing credentials from other platforms. Do not share your MERACH login details with third parties.
Home Network Safety: Ensure your home Wi-Fi network is secured with modern encryption (WPA2 or WPA3) to prevent local data leakage before your information reaches our secure HTTPS tunnel.
Immediate Notification: If you suspect your account has been compromised or notice unauthorized activity, please notify us immediately at info.us@merachfit.com.

3.6 Data Breach Notification

In the unlikely event of a data breach that results in a high risk to your rights and freedoms, MERACH will take immediate remedial action.

Regulatory Reporting: We will notify the relevant regulatory authorities (such as the EU DPAs or the UK ICO) in accordance with applicable laws, typically within 72 hours of discovery.
User Notification: If the breach poses a significant risk to your personal data, we will notify you directly via email or through a prominent notice within the App without undue delay, providing clear instructions on how to protect yourself.

3.7 Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, or as required by applicable laws (e.g., tax, accounting, or legal requirements).

Active Accounts: Fitness metrics and profile data are retained as long as your account remains active to provide you with historical progress reports.
Account Deletion: Upon a formal request for account deletion, your personal data will be securely deleted or permanently anonymized, unless we are legally obligated to retain specific transaction records for tax and audit purposes.
Anonymization: Data that has been fully anonymized (so that it can no longer be linked to you) may be retained indefinitely for research and product development purposes.

4. Data Sharing and Disclosure

MERACH values your privacy. We do not sell your personal information. We only share your information in the limited circumstances described in this section:

4.1 Authorized Service Providers

We engage trusted third-party companies to perform functions on our behalf. These service providers have access only to the personal information needed to perform their functions and are contractually prohibited from using it for any other purposes:

Logistics and Fulfillment: Carriers (e.g., FedEx, UPS) to deliver equipment and handle returns.
Payment Processing: PCI-compliant gateways (e.g., Stripe, PayPal).
Cloud Infrastructure: Hosting services (e.g., AWS) for account data and workout history.
Marketing and Communication: Third-party platforms to manage customer support tickets and live chats.

4.2 Social and Community Interaction

Leaderboards and Challenges: Other members may see your display name and performance metrics if you participate in community features.
Third-Party Health Platforms: Data transmission to Apple Health, Google Fit, or Strava as directed by you.

4.3 Advertising and Analytics

Analytics Partners: We use tools like Google Analytics to understand how users interact with our Site and App.
Advertising Partners: Sharing device identifiers or hashed email addresses with partners (e.g., Meta, Google Ads) to show tailored advertisements.

4.4 Corporate Transactions

In the event that MERACH is involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice if such a transfer occurs.

4.5 Legal Obligations and Safety

We may disclose your information if we believe in good faith that such disclosure is necessary to:

Legal Process: Comply with a subpoena, court order, or other legal process.
Protection: Protect the rights, property, or safety of MERACH, our members, or the public.
Security: Detect, prevent, or otherwise address fraud, security, or technical issues.
Enforcement: Enforce our Terms of Service or other agreements.

4.6 Sharing with Affiliates

To provide consistent global support and services, we may share your information among MERACH’s affiliated entities (including those in the US, UK, EU, and Asia). All such transfers are conducted under appropriate data protection safeguards.

5. Your Data Control Rights (GDPR & CCPA Compliance)

At MERACH, we empower our members with full autonomy over their personal information. Regardless of where you live, we provide a unified global standard of privacy rights inspired by the highest regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

5.1 Your Core Privacy Rights

Right to Access and Portability: You have the right to request a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format. This includes the categories of data collected and the purposes of processing.
Right to Correction (Rectification): You may update or correct inaccurate profile information (such as weight, height, or contact details) directly through the "Profile" or "Settings" section of the MERACH App at any time.
Right to Deletion ("Right to be Forgotten"): You may request that we delete your personal information and account.
Self-Service Deletion: You can exercise this right by using the "Delete Account" feature within the App settings. Upon your request, MERACH will permanently remove all authorized data linked to your profile, subject to limited exceptions required by law (e.g., transaction records for tax purposes).
Right to Restriction and Objection: You have the right to object to the processing of your data for marketing purposes or request that we limit how we use your information (e.g., opting out of automated profiling or certain data analytics).
Right to Opt-Out of Sale or Sharing: While MERACH does not sell your personal data for monetary compensation, we may "share" information (as defined under CCPA) for cross-contextual behavioral advertising. You have the right to opt-out of such sharing through our "Do Not Sell or Share My Personal Information" link or App privacy toggles.
Right to Withdraw Consent: Where our processing is based on your consent (e.g., Bluetooth equipment pairing, GPS tracking, or health metric synchronization), you may withdraw that consent at any time via your mobile device settings or by contacting our privacy team.

5.2 Exercise of Rights and Verification

To protect the security of your account, we may require you to verify your identity before we can fulfill your request.

How to Submit a Request: You may exercise your rights through the MERACH App privacy dashboard or by emailing us at info.us@merachfit.com with the subject line "Privacy Rights Request."
Authorized Agent: In certain jurisdictions (like California), you may designate an authorized agent to make a request on your behalf. We will require proof of the agent’s authority and direct verification of your identity.
Response Timeline: We aim to respond to all legitimate requests within one month (GDPR) or 45 days (CCPA). If we require more time, we will inform you of the reason and the extension period in writing.

5.3 Non-Discrimination Commitment

We respect your privacy choices. MERACH will not discriminate against you for exercising any of your privacy rights.

This means we will not deny you goods or services, charge different prices, or provide a different level of quality solely because you made a privacy-related request.

5.4 Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

MERACH uses algorithms to provide workout recommendations, but these are intended to enhance your fitness experience and do not constitute "legal effects" as defined under the GDPR.

6. International Data Transfers

MERACH is a global fitness brand. As our sub-sites and regional markets (including the United States, Canada, Australia, the United Kingdom, the European Union, and Japan) are managed and operated primarily by our United States-based entity, your personal information will be transferred to, stored, and processed in the United States.

6.1 Global Data Processing Architecture

By using our Services, you acknowledge that your personal information may be accessed by our technical, support, and fulfillment teams across different jurisdictions to provide you with a seamless global experience.

Regardless of where your data is processed, we apply a consistent and high standard of protection as described in this Policy.

6.2 Safeguards for UK and European (EEA) Residents

For users located in the United Kingdom or the European Economic Area (EEA), we comply with applicable legal requirements to provide adequate safeguards for the transfer of personal information to countries outside of the EEA or UK.

Standard Contractual Clauses (SCCs): We implement the European Commission’s Standard Contractual Clauses (and the UK Addendum, where applicable) among our affiliates and with our third-party service providers. These clauses contractually require the recipient to protect your data according to the data protection standards of the European Union and the United Kingdom.
Adequacy Decisions: In certain instances, we may rely on "Adequacy Decisions" issued by the European Commission regarding specific countries (such as Japan or Canada) that are recognized as providing an equivalent level of data protection.

6.3 Compliance in Other Key Markets

Canada: Personal information transferred from Canada to the United States is managed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws. We ensure our service providers maintain comparable levels of protection.
Australia: We take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles (APPs) in relation to your personal information, in compliance with the Privacy Act 1988.
Japan: For our Japanese members, we comply with the Act on the Protection of Personal Information (APPI). We ensure transparency in the "joint use" of data among our global affiliates and implement necessary safety management measures for international transfers.

6.4 Data Localization and Security

While your data resides in the United States, it is protected by the same robust encryption standards (AES-256) and transmission protocols (SSL/TLS) mentioned in Section 3 of this Policy.

We conduct regular privacy impact assessments to ensure that the laws of the destination country do not adversely affect the protection of your fundamental rights.

6.5 Your Consent to Transfer

By creating a MERACH account or using our fitness equipment, you consent to the transfer of your information to the United States and other jurisdictions where our service providers may be located.

We remain responsible for your personal data and ensure that all third parties are contractually bound to maintain its confidentiality and security.

7. Region-Specific Notices

This section provides additional disclosures required under the specific privacy laws of various jurisdictions where MERACH operates. As our Services are primarily managed by our United States entity, these notices supplement our global Privacy Policy for residents of the following regions:

7.1 United States (California and State-Level Privacy)

In addition to the general rights mentioned in Section 5, U.S. residents (particularly in California under CCPA/CPRA, Virginia, Colorado, and other states with comprehensive privacy laws) have specific rights:

Shine the Light: California Civil Code Section 1798.83 permits users who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
Sensitive Personal Information: We process sensitive personal information (such as heart rate or fitness metrics) only to provide the core Services you expect. We do not use this data to infer characteristics about you for other purposes.
Opt-Out of "Sharing" for Behavioral Advertising: While we do not sell data for money, we may "share" identifiers with advertising partners for cross-contextual behavioral advertising. You may exercise your right to opt-out via our App settings or the "Do Not Sell or Share My Personal Information" link on our website.
Detailed Disclosures: Please refer to Section 12 for detailed disclosures specific to California residents under the CCPA/CPRA.

7.2 Canada (PIPEDA and Provincial Laws)

For residents of Canada, our privacy practices comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial laws (such as BC PIPA, Alberta PIPA, and Quebec’s Law 25):

Consent: By using MERACH products and App services, you provide meaningful consent to the collection of your fitness data for the purposes of tracking and performance analysis.
Data Residency: You acknowledge that your data will be stored on servers located in the United States, and as such, may be subject to access requests from U.S. law enforcement in accordance with local laws.

7.3 United Kingdom and European Economic Area (EEA)

Our processing for UK and EU residents is governed by the UK GDPR and EU GDPR, respectively.

Data Controller: MERACH, LLC (USA) serves as the primary Data Controller.
Legal Bases for Processing: We process your data under the following legal grounds: (1) Contractual Necessity (e.g., shipping your equipment); (2) Legitimate Interests (e.g., improving fitness algorithms); (3) Compliance with Law; and (4) Your Explicit Consent (e.g., for health-related metrics).
Supervisory Authorities: You have the right to lodge a complaint with your local Data Protection Authority (e.g., the ICO in the UK or the CNIL in France).

7.4 Australia (Privacy Act 1988)

We manage personal information in accordance with the Australian Privacy Principles (APPs):

Direct Marketing: If we use your information for direct marketing, we will always provide a clear, simple way to opt-out.
Cross-Border Disclosure: We take reasonable steps to ensure that the U.S. entity and any third-party recipients handle your personal information in a manner consistent with the APPs.

7.5 Japan (APPI)

For users in Japan, we adhere to the Act on the Protection of Personal Information (APPI):

Joint Use: Personal data may be used jointly among MERACH affiliates to provide integrated customer support and global warranty services. MERACH, LLC (USA) remains responsible for the management of such jointly used data.
Safety Management: We implement necessary and appropriate measures to prevent the leakage, loss, or damage of personal data across our global infrastructure.

8. Cookies and Tracking Technologies (Detailed)

To provide you with a seamless and personalized fitness experience, MERACH and our third-party partners use cookies, pixels, web beacons, mobile SDKs, and similar tracking technologies (collectively, "Cookies") across our Site (https://merachfit.com/) and our App.

8.1 How We Categorize Our Cookies

We use different types of Cookies to optimize your interaction with our global fitness ecosystem:

Strictly Necessary Cookies: These are essential for the operation of our Site and App. They enable core functions such as secure log-in, shopping cart stability, and security fraud prevention. These cannot be disabled in our systems as the Services cannot function properly without them.
Functionality Cookies: These allow our Site to remember choices you make (such as your username, language, or region) to provide an enhanced, more personalized experience.
Performance and Analytics Cookies: We utilize these to collect information on how visitors use our Site and App—for instance, which workout classes are most popular or where technical errors occur.
Key Tool (Google Analytics): Google Analytics helps us understand traffic patterns and improve Site performance. The data is typically aggregated and de-identified.
Targeting and Advertising Cookies: These track your browsing habits across different websites to enable us to show MERACH advertisements that are more likely to be of interest to you. They also help us limit the frequency of ads and measure the ROI of our marketing.
Key Tools (Meta and Google): The Meta (Facebook) Pixel and Google Ads allow us to deliver tailored promotions to our community members.

8.2 Web Beacons and Mobile SDKs

In addition to traditional browser cookies, we use:

Web Beacons: Small graphic files (pixels) in our emails to track whether you have opened our fitness newsletters or clicked a specific link, helping us refine our communications and ensure we provide relevant content.
Mobile SDKs: Our App incorporates Software Development Kits (SDKs) (such as Firebase or Facebook SDK), which function similarly to Cookies in a mobile environment to analyze App crashes and track the success of our mobile campaigns.

8.3 Your Management Rights and Opt-Out Choices

We respect your privacy choices across our global markets. You can manage your preferences through the following channels:

Cookie Preference Center: When you first visit our Site, you can choose to "Accept All" or "Reject Non-Essential" Cookies via our interactive banner.
Global Privacy Control (GPC): Our Site is configured to recognize GPC signals. If you have enabled GPC in your browser, we will automatically treat this as a request to opt-out of non-essential tracking Cookies, in compliance with CCPA/CPRA.
Browser Controls: You can set your browser to block or alert you about these Cookies, but please note that some parts of the Site may not function as intended as a result.

Regional Opt-Out Provisions:

EU, UK, and Canada Residents: We obtain your explicit, affirmative consent before deploying any non-essential Cookies on your device.
U.S. Residents: You may exercise your "Do Not Sell or Share My Personal Information" right by disabling Targeting Cookies through our interactive settings or the dedicated link in our footer.

9. Children’s Privacy

At MERACH, we are committed to protecting the privacy of children. Our Services are intended for a general audience and are primarily designed for adults.

9.1 Age Restriction

Our Services are not directed to children under the age of 16 (or the minimum age of digital consent in your jurisdiction, such as 13 in the U.S. under COPPA).

We do not knowingly collect, share, or sell personal information from children without verifiable parental consent.

9.2 Fitness Equipment Safety

Please note that our smart fitness hardware and App-based training programs are designed for users who meet the age requirements specified in our Terms of Service.

Minors should only use MERACH equipment under the direct supervision of a parent or legal guardian to ensure safety and proper data management.

9.3 Inadvertent Collection

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at info.us@merachfit.com.

9.4 Our Response and Deletion

If we become aware that we have inadvertently collected personal data from a child under the legal age threshold, we will take immediate steps to deactivate the associated account.

Furthermore, we will permanently delete such information from our servers in accordance with global legal requirements, including COPPA, GDPR, and APPI.

10. Third-Party Links and Services

For your convenience and to enhance your fitness experience, the MERACH Site and App may contain links to or integrations with third-party websites, applications, and services.

10.1 Scope of This Policy

This Privacy Policy applies solely to information collected by MERACH. We do not control, and are not responsible for, the privacy practices or content of third-party platforms.

The presence of a link does not imply an endorsement of the third party’s privacy standards.

10.2 Common Third-Party Integrations

Our Services may interact with the following types of external entities:

Social Media Plugins: This includes "Share" or "Like" buttons for platforms such as Facebook, Instagram, or YouTube.
Health Ecosystems: External fitness tracking platforms like Apple Health, Google Fit, or Strava that you choose to sync with your MERACH workout data.
Payment Gateways: Third-party processors like PayPal, Stripe, or Shopify Pay used during the checkout process to ensure secure transactions.

10.3 User Responsibility

We strongly encourage you to review the privacy policies of any third-party service before interacting with them or providing them with your personal information.

The collection, use, and disclosure of your data by these third parties are governed by their respective privacy statements and terms of service, not by MERACH.

11. How to Contact Us

If you have any questions about this Privacy Policy, your data rights, or our privacy practices, please contact our global privacy team:

Primary Contact Email: info.us@merachfit.com
U.S. & Global Headquarters:

MERACH, LLC

10785 W. Twain Ave., Ste. 228

Las Vegas, Nevada 89135

United States

Regional Support:
- Canada: info.us@merachfit.com
- United Kingdom: info.uk@merachfit.com
- European Union: info.eu@merachfit.com
- Australia: info.us@merachfit.com
- Japan: info@merach.jp

12. Additional U.S. State Privacy Disclosures (California)

This section applies solely to residents of California and supplements the information contained in our general Privacy Policy. It complies with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

12.1 Categories of Personal Information Collected

In the preceding 12 months, MERACH has collected the following categories of personal information:

Identifiers: Name, alias, postal address, unique personal identifier, IP address, email address, and account name.
Protected Classifications: Gender and age (collected specifically for fitness profiling and metabolic calculations).
Commercial Information: Records of products purchased, obtained, or considered, as well as purchase histories.
Health Data:Exercise metrics (such as heart rate, calories burned, and power output) provided through connected MERACH equipment.
Internet and Network Activity: Browsing history, search history, and detailed information regarding your interaction with our App or Website.
Geolocation Data: General location (IP-based) and precise location (only if explicit Bluetooth and GPS permissions are granted).

12.2 Purposes for Collecting Personal Information

We use these categories for specific business purposes, including:

Service Delivery: Fulfilling orders and providing personalized fitness Services.
Security and Integrity: Detecting security incidents and protecting against fraudulent or illegal activity.
Technical Maintenance: Debugging to identify and repair errors that impair existing functionality.
Innovation: Internal research for technological development and product enhancement.

12.3 Your California Privacy Rights

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you.
Right to Delete: You may request the deletion of your personal information, subject to certain legal exceptions.
Right to Correct: You have the right to request the correction of inaccurate personal information that we maintain about you.
Right to Limit Sensitive Data: You have the right to direct us to limit our use of your sensitive personal information to that which is necessary to perform the Services.
Right to Opt-Out of Sale or Sharing: MERACH does not sell your personal information for monetary compensation. However, we may "share" information with third-party advertising partners for cross-contextual behavioral advertising. You have the right to opt-out of this sharing.
Right to Non-Discrimination: We will not discriminate against you (e.g., by changing prices or service levels) for exercising any of your CCPA rights.

12.4 How to Exercise Your Rights

California residents may submit a verified request by emailing info.us@merachfit.com with the subject line "California Privacy Rights Request."

You must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information.

13. Updates to This Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technological advancements, or legal obligations.

Notification of Changes: When we make material changes, we will update the "Last Updated" date at the top of this document.
Proactive Communication: Where required by law, we will notify you via email or through a prominent notice within the MERACH App or on our Website before the changes take effect.
Periodic Review: We encourage you to review this policy periodically to stay informed about how we are protecting your information and empowering your fitness journey.

Merach App

FantomFite By Merach

Merach App

FantomFite By Merach

Privacy Policy