Effective date: July 15, 2026
1. Who we are
Merindly (“Merindly,” “we,” “us,” or “our”) is a digital publishing service operated by Ameridian Publishing, LLC, doing business as Ameridian Press. Ameridian Publishing, LLC is the data controller responsible for personal information processed through the Merindly website, mobile-web experience, and related services (collectively, the “Service”).
For privacy questions, requests, or complaints, contact us through the Contact page or by writing to Ameridian Publishing, LLC, Attn: Privacy Office.
2. Scope of this policy
This policy applies to personal information we collect when you visit or use the Service, create an account, read or listen to works in our library, contact us, or otherwise interact with Merindly. It does not apply to third-party websites, services, or platforms that we do not control, even if we link to them.
3. Information we collect
3.1 Information you provide
- Account information: name or display name, email address, and a password (stored in hashed form, never in plaintext).
- Profile preferences: reading preferences, text-size and theme settings, saved categories, and other personalization choices.
- Library activity: works you add to your personal library, reading progress, listening progress, and bookmarks.
- Correspondence: messages you send through the Contact form or by email, including any information you choose to include.
3.2 Information collected automatically
- Device and log data: IP address, browser type and version, operating system, referring pages, timestamps, and pages viewed. These are used for security, diagnostics, and abuse prevention.
- Cookies and similar technologies: strictly necessary cookies for authentication and session integrity, and (where applicable) optional cookies for analytics or preferences. See Section 8.
3.3 Information from third parties
We may receive limited information from service providers that help us operate the Service (for example, our hosting, database, and email infrastructure providers). We do not purchase personal information from data brokers.
3.4 Sensitive information
We do not knowingly collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health, or sexual orientation) under Article 9 of the GDPR. Please do not submit such information through the Service.
4. How we use your information
We use personal information to:
- Provide, maintain, and improve the Service and your account.
- Save your reading and listening progress and personal library.
- Authenticate users, prevent fraud, secure the Service, and enforce our Terms of Use.
- Respond to inquiries, provide customer support, and send service-related communications (such as password resets or material changes to these terms).
- Comply with legal obligations and respond to lawful requests from public authorities.
- Conduct internal analytics on aggregated, de-identified usage in order to improve reliability, accessibility, and content curation.
5. Legal bases for processing (EEA, UK, Switzerland)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR:
- Contract (Art. 6(1)(b)): to create and operate your account, deliver the Service, and save your library and reading progress.
- Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent abuse, detect fraud, maintain infrastructure, and improve our features. We balance these interests against your rights and freedoms.
- Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, and other statutory duties, and to respond to lawful requests.
- Consent (Art. 6(1)(a)): for optional cookies, optional communications, or any processing that requires your explicit permission. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
6. How we share information
We do not sell personal information, and we do not “share” it for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA/CPRA). We disclose personal information only as follows:
- Service providers / processors: vetted vendors that host our infrastructure, database, storage, email delivery, and error monitoring, bound by written agreements requiring confidentiality and appropriate security.
- Legal and safety: when required by law, subpoena, court order, or to protect the rights, property, or safety of Ameridian Publishing, LLC, our users, or the public.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections and, to the extent required, notice to affected users.
- With your direction: when you ask us to share information with a third party.
7. International data transfers
The Service is operated from the United States, and information we collect may be transferred to, stored, and processed in the United States or other countries whose data-protection laws may differ from those in your country. Where personal information of individuals in the EEA, UK, or Switzerland is transferred outside of those jurisdictions, we rely on appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum), together with supplementary measures where required. You may request a copy of the relevant transfer mechanism through the Contact page.
8. Cookies and similar technologies
We use a small number of cookies and similar technologies:
- Strictly necessary: required for authentication, session security, and to remember your consent choices. These cannot be disabled through our interface without breaking the Service.
- Functional: to remember display preferences such as text size or theme.
- Analytics (if enabled): limited, privacy-respecting measurement of aggregated usage. Any non-essential analytics are enabled only where permitted, and, in regions requiring consent, only with your prior consent.
You can control cookies through your browser and, where offered, a cookie-preferences control on the Service.
9. Data retention
We retain personal information only for as long as necessary for the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is kept for the life of your account and deleted or anonymized within a reasonable period after account closure, subject to legal retention requirements. Aggregated or de-identified data may be retained indefinitely.
10. Security
We use administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit (TLS), hashed passwords, role-based access controls, row-level security on our database, and least-privilege administrative access. No system can be guaranteed 100 % secure; you use the Service at your own risk and are responsible for keeping your login credentials confidential.
11. Your rights
11.1 Rights under the GDPR and UK GDPR
If you are located in the EEA, UK, or Switzerland, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete personal data.
- Erase your personal data (“right to be forgotten”), subject to legal exceptions.
- Restrict or object to certain processing.
- Data portability: receive your personal data in a structured, commonly used, machine-readable format.
- Withdraw consent, where processing is based on consent.
- Lodge a complaint with your local supervisory authority. A list of EEA authorities is maintained by the European Data Protection Board; UK residents may contact the Information Commissioner’s Office (ICO).
11.2 Rights under U.S. state laws (California, Virginia, Colorado, Connecticut, Utah, Texas, and others)
- Know what personal information we collect and how we use it.
- Access and obtain a copy of your personal information.
- Correct inaccurate personal information.
- Delete personal information, subject to legal exceptions.
- Opt out of “sale” or “sharing” of personal information (we do neither).
- Non-discrimination for exercising your privacy rights.
11.3 How to exercise your rights
Submit a request through the Contact page. We will verify your identity before acting on the request and will respond within the timeframes required by applicable law (generally 30 days under the GDPR/UK GDPR, and 45 days under U.S. state privacy laws, extendable as permitted). You may use an authorized agent where the law allows.
12. Children
The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16 (under 13 in the United States as defined by COPPA). If you believe a child has provided us with personal information, please contact us so we can delete it.
13. Automated decision-making
We do not use personal information for automated decision-making, including profiling, that produces legal or similarly significant effects concerning you within the meaning of Article 22 of the GDPR.
14. Do Not Track and Global Privacy Control
The Service does not respond to browser “Do Not Track” signals in a standardized way, because no common industry standard has been finalized. Where required by law, we honor recognized Global Privacy Control (GPC) signals as a valid opt-out request.
15. Changes to this policy
We may update this policy from time to time. When we do, we will revise the “Effective date” above and, for material changes, provide additional notice (such as an email to account holders or a prominent notice on the Service). Your continued use of the Service after changes take effect constitutes acceptance of the revised policy, to the extent permitted by law.
16. Contact us
Ameridian Publishing, LLC, doing business as Ameridian Press, is the controller of your personal information. Contact us through the Contact page for privacy questions, requests, or complaints. EEA and UK residents may also contact their local supervisory authority.