Privacy Policy – Mercilia

Last updated: 30/10/2025

This Privacy Policy describes how HiveTek (Kuwait W.L.L.) (“HiveTek,” “we,” “us,” or “our”) collects, uses, stores, and protects personal data in connection with the Mercilia mobile application, website, and related digital services (collectively, the “Services”). By accessing or using the Services, you acknowledge that you have read and understood this Policy.

1. Data Controller and Contact

For residents of the European Economic Area (EEA) and the United Kingdom, HiveTek acts as the data controller under Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018.

2. Personal Data We Collect

We collect limited personal data necessary to operate and improve Mercilia. This includes:

  • Account Data: Name and email address obtained through Apple ID or Google Sign-In.
  • Subscription Data: Transaction ID, subscription tier, and renewal status. HiveTek does not collect or store credit card information; all payments are processed by Apple or Google.
  • Usage & Diagnostics: Device type, OS version, session length, in-app preferences, crash logs, and anonymized analytics.
  • Support Data: Messages or attachments you send to our support team when contacting us.

3. Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by Article 6 of the GDPR:

  • Performance of Contract – to deliver and maintain the Services you requested.
  • Legal Obligation – to comply with accounting, tax, or regulatory duties.
  • Legitimate Interest – to enhance security, app functionality, and performance.
  • Consent – for optional marketing or communication preferences.

4. How We Use Your Data

  • To provide and personalize the Mercilia experience.
  • To manage subscriptions and verify access status.
  • To respond to customer inquiries and technical support requests.
  • To improve performance, reliability, and stability.
  • To comply with legal, tax, and platform obligations.

We do not sell, rent, or trade personal data under any circumstances.

5. Data Sharing and Disclosure

  • App Stores: Apple Inc. and Google LLC for billing and authentication purposes.
  • Service Providers: Google Firebase Analytics and Crashlytics to collect diagnostic and performance data.
  • Legal Authorities: When required by applicable law, regulation, or court order.

All third parties handling data on our behalf operate under confidentiality and data-processing agreements consistent with Article 28 GDPR.

6. Data Retention and Deletion

HiveTek retains data only for as long as necessary for the purposes described in this Policy:

  • Account & Subscription Data: Stored while the account is active and up to ten (10) years thereafter for tax and audit compliance.
  • Usage & Diagnostics Data: Retained up to 24 months in aggregated, anonymized form.
  • Support Data: Retained until the support request is resolved, plus 90 days for quality review.

You may request deletion of your personal data at any time by emailing contact@mercilia.app. Verified deletion requests will be fulfilled except where retention is legally required.

7. Your Rights (EEA & UK Users)

  • Access – request a copy of your data (Art. 15).
  • Rectification – correct inaccurate or incomplete information (Art. 16).
  • Erasure – request deletion of your data (“right to be forgotten,” Art. 17).
  • Restriction or Objection – limit or oppose processing (Arts. 18–21).
  • Portability – receive your data in a structured, machine-readable format (Art. 20).
  • Withdraw Consent – revoke consent at any time (Art. 7).

HiveTek will respond to verified requests within 30 days. EU residents may lodge a complaint with their national data-protection authority.

8. Children’s Privacy

Mercilia is not directed to children under 13 years old. We do not knowingly collect data from minors. If such data are identified, they will be deleted immediately.

9. Security Measures

HiveTek employs industry-standard security controls, including:

  • Transport Layer Security (TLS 1.2+) for encrypted data transmission.
  • Access controls, firewalls, and role-based permissions for internal data.
  • Routine security audits and vulnerability testing.

While we maintain strict safeguards, no system is fully immune to intrusion. You acknowledge that use of Mercilia is at your own risk.

10. Marketing and Notifications

Service notifications, such as billing or subscription updates, are considered essential. Marketing messages are sent only with explicit consent and include opt-out options in accordance with GDPR Article 21.

11. International Data Transfers

Your data may be processed in Kuwait, the European Union, the United Kingdom, or other jurisdictions. HiveTek applies EU Standard Contractual Clauses (SCCs) or equivalent safeguards under Article 46 GDPR to ensure adequate protection for cross-border transfers.

12. Wellness Disclaimer

Mercilia offers yoga, breathwork, and wellness content for general wellbeing. It does not constitute medical or therapeutic advice. Always consult a licensed professional before undertaking any new exercise or mindfulness regimen.

13. Data Breach Notification

In the unlikely event of a personal-data breach, HiveTek will notify affected users and competent supervisory authorities within 72 hours as required by law.

14. Changes to This Policy

HiveTek may update this Privacy Policy to reflect legal, technical, or business changes. The latest version will always be available at https://mercilia.app/privacy. Continued use of the Services after an update constitutes acceptance of the revised Policy.

15. Contact and Complaints

EU and UK residents may also contact their local data-protection authority if they believe their rights have been infringed.

16. Governing Law and Language

This Policy is governed by the laws of the State of Kuwait and interpreted consistently with EU data-protection standards. It is drafted in English; translations are provided for convenience only, and the English version prevails.

End of Privacy Policy – Mercilia v 1.28 (International Compliance Edition)