MergeLoom Customer-hosted ticket-to-code
Start free Log in
MergeLoom Customer-hosted ticket-to-code
Menu
Start free Log in

Privacy policy

How MergeLoom handles personal information across the website, controller, support, and customer conversations.

Last updated: 30 April 2026

Who this policy covers

This privacy policy explains how MergeLoom handles personal information from website visitors, controller users, trial users, customers, prospects, and people who contact us.

Personal information we collect

  • Contact details such as name, work email address, company name, role, and messages you send to us.
  • Account and controller information such as workspace membership, plan, billing status, integration configuration, workflow settings, and worker enrollment metadata.
  • Website and analytics information such as pages visited, approximate location, device/browser details, referral source, and interaction events.
  • Support and live chat information such as issue details, screenshots, logs you choose to provide, chat messages, and communication history.

How we use personal information

  • To provide the website, controller, account access, onboarding, support, billing, and product communications.
  • To respond to enquiries, enterprise pricing requests, procurement reviews, security questions, and technical evaluation requests.
  • To maintain security, prevent misuse, troubleshoot issues, improve documentation, and understand which pages or features are useful.
  • To comply with legal, tax, accounting, regulatory, and contractual obligations.

Legal bases

Where UK GDPR or GDPR applies, we rely on legal bases including contract performance, legitimate interests, consent where required, and legal obligation. Our legitimate interests include running a secure B2B SaaS website and controller, supporting customers, improving the product, and communicating with business contacts.

Customer code, tickets, context, and AI execution

MergeLoom is designed around a customer-hosted worker. Code checkout, ticket context, context assembly, AI execution, validation commands, repair attempts, and PR or MR preparation run on customer-controlled infrastructure. The MergeLoom controller coordinates workflow state and configuration, but it is not intended to be the place where repository execution happens.

Sharing information

We may share limited information with service providers that help us operate the website, controller, hosting, analytics, live chat, support, billing, security, and communications. We do not sell personal information. Customer AI provider and code host choices are controlled through the customer's configured workflow and approved tools.

Retention

We keep personal information for as long as needed to provide the service, maintain security and auditability, support customers, resolve disputes, meet legal obligations, and run normal business records. We delete or anonymise data when it is no longer needed.

Your privacy rights

Depending on where you are located, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal information. To make a request, email support@mergeloom.ai.

Security

We use technical and organizational measures intended to protect personal information. No internet service is completely risk-free, so customers should also secure their own worker infrastructure, repositories, identity provider, AI providers, and secrets.

Contact

For privacy questions, email support@mergeloom.ai.