How MergeLoom approaches GDPR, UK GDPR, privacy rights, and customer-controlled AI coding execution.
Last updated: 30 April 2026
MergeLoom is built for data minimisation, customer control, clear execution boundaries, and accountable AI coding workflows. We aim to process only the personal data needed to operate the website, controller, accounts, support, billing, security, and customer communications.
Where GDPR or UK GDPR applies, individuals may have rights to be informed, access personal data, correct inaccurate data, request deletion, restrict processing, object to processing, request portability, and complain to a supervisory authority.
Email support@mergeloom.ai with enough information for us to identify the account, workspace, or communication involved. We may need to verify your identity before acting on a request.
The MergeLoom worker performs code checkout, context assembly, AI execution, tests, validation, repair attempts, and branch push inside the customer environment. This design helps keep sensitive customer execution data out of vendor-hosted agent infrastructure.
Some service providers may process data outside the UK or EEA. Where transfer safeguards are required, we aim to use appropriate contractual, organizational, and technical safeguards. Customers can request information about relevant subprocessors for commercial or security review.
We use reasonable technical and organizational measures to protect personal data. If we become aware of a personal data incident that requires notice, we will assess it and notify affected parties or regulators where legally required.
For GDPR, UK GDPR, or data protection requests, email support@mergeloom.ai.
