Privacy Policy

Merdilo App

Effective date: March 19, 2026

1. Data Controller

The controller of your personal data is:

Software Damian Wiliński

ul. Władysława Łokietka 5

87-100 Toruń, Poland

Tax ID (NIP): 9562270904

REGON: 341538899

For matters related to data protection, you can contact us at: contact@merdilo.com

The Controller has not appointed a Data Protection Officer, as they are not required to do so under Art. 37 GDPR (sole proprietorship not processing data on a large scale).

2. Definitions

  • App - the Merdilo application available on iOS, Android, macOS and Windows
  • User - a natural person using the App
  • Personal data - information relating to an identified or identifiable natural person
  • GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
  • Processing - any operation or set of operations performed on personal data

3. Scope of Collected Data

When using the App, we collect the following categories of data:

3.1. User Account Data

  • Email address (required)
  • Password (hashed, stored securely)
  • Name (optional)
  • Profile photo (optional)
  • Registration and last login date
  • Preferred app language

3.2. Dog Data

  • Dog name
  • Breed, age and gender
  • Weight (optional)
  • Dog photo (optional)
  • Living environment and daily routine information (optional)
  • Health history and veterinary notes (optional)
  • Known stress triggers and calming methods (optional)
  • Behavioral data (AI analysis results)

3.3. Device Data

  • Device identifier
  • Device name
  • Platform (iOS/Android)
  • Push notification token (FCM)

3.4. Monitoring Session Data

  • Session start and end time
  • AI classification results (sound type: barking, whimpering, howling)
  • Classification confidence level
  • Number and type of alerts
  • Dog behavior metadata (calm, alerted, stressed)

Important: Raw audio recordings are processed exclusively on your device by the ML model (artificial intelligence). Only classification results (metadata) are sent to our servers, not the actual audio recordings.

3.5. Technical Data

  • IP addresses (during WebRTC connection)
  • Error and diagnostic logs
  • App and operating system version information

3.6. Payment Data

  • Subscription history (plan, start/end date)
  • Payment status

Payments are processed by App Store or Google Play. We do not store credit card data or other payment details.

4. Purposes of Data Processing

We process your personal data for the following purposes:

  • Providing the monitoring service - enabling the use of App features, including video/audio streaming and behavioral analysis
  • AI analysis - classifying dog sounds and detecting behavioral patterns
  • Sending push notifications - informing about events detected by AI
  • Payment and subscription management - managing premium accounts
  • Service quality improvement - analyzing aggregated data to improve the App
  • User communication - responding to inquiries and technical support
  • Legal compliance - storing data as required by law

5. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

Processing purpose Legal basis
Providing the monitoring service Art. 6(1)(b) GDPR (performance of a contract)
Payment processing Art. 6(1)(b) GDPR (performance of a contract)
Sending push notifications about dog behavior Art. 6(1)(b) GDPR (performance of a contract - core monitoring feature)
AI behavioral analysis (Google Cloud) Art. 6(1)(b) GDPR (performance of a contract)
Usage statistics collection (Analytics) Art. 6(1)(a) GDPR (consent)
App stability monitoring (Crashlytics) Art. 6(1)(f) GDPR (legitimate interest - ensuring app stability)
Service quality improvement Art. 6(1)(f) GDPR (legitimate interest - analyzing aggregated data to improve app functionality)
Accounting documentation storage Art. 6(1)(c) GDPR (legal obligation)

6. Audio and Video Processing

The Merdilo App uses advanced technologies for dog monitoring. Here is how we process multimedia data:

6.1. Audio Analysis (ML)

  • The AI model runs locally on your device
  • Raw audio recordings are NOT sent to our servers
  • Only classification results are sent to servers (e.g., "barking", confidence level, timestamp)
  • Audio is analyzed in real time and is not permanently stored

6.2. Video/Audio Streaming (WebRTC)

  • Streaming occurs directly between devices (peer-to-peer)
  • Transmission is encrypted using the DTLS-SRTP protocol
  • Firebase servers are used only for connection establishment (signaling)
  • We do not record or store video/audio streams

6.3. AI Behavioral Analysis (Google Cloud)

To provide detailed behavioral reports after monitoring sessions, we use the Google Cloud AI service. Here is how it works:

  • After a monitoring session ends, aggregated session metadata (types of detected sounds, their frequency, duration, behavioral patterns) is sent to Google Cloud AI
  • The AI service generates a readable behavioral report with advice for the owner
  • Processing takes place on Google Cloud servers in the EU region (europe-east / Warsaw, Poland)
  • Raw audio and video recordings are NOT sent to the AI service - only aggregated ML classification results
  • Data is not used by Google to train AI models

Your privacy is our priority: Thanks to on-device audio processing (on-device ML), end-to-end encryption (WebRTC), and AI processing exclusively within the European Union, your data remains secure.

7. Data Recipients

Your data may be shared with the following entities:

  • Firebase (Google LLC) - backend services, authentication, database, push notifications, analytics, crash reporting. Servers in the EU region (Warsaw, Poland)
  • Google Cloud AI Service (Google LLC) - generating behavioral reports based on aggregated session metadata. Servers in the EU region (Warsaw, Poland)
  • RevenueCat Inc. - subscription management and entitlement verification. Does not receive personal data other than user identifier and subscription status
  • Apple Inc. / Google LLC - payment processing via App Store / Google Play
  • STUN/TURN Servers (Cloudflare) - WebRTC services (only IP addresses for connection establishment). Servers in the EU

We do not sell or share your personal data with third parties for marketing purposes.

8. Data Transfers Outside the European Economic Area

The main infrastructure of the Merdilo App (Firebase Auth, Firestore, Storage, Analytics, Crashlytics, Google Cloud AI) is located in the European Union (Warsaw, Poland). Your data is not transferred to the USA as part of core app operations.

Some ancillary services may process limited data outside the EEA:

  • RevenueCat (USA) - user identifier and subscription status. Transfer based on EU-US Data Privacy Framework
  • Apple APNs (USA) - delivering push notifications to iOS devices. Transfer based on EU-US Data Privacy Framework
  • Apple / Google (USA) - Sign in with Apple / Google Sign-In authentication. Transfer based on EU-US Data Privacy Framework

For questions about data transfers, contact us at contact@merdilo.com.

9. Data Retention Period

Data category Retention period
User account data Until account deletion
Dog data (profile, behavioral data) Until dog profile or account deletion
Device data Until device removal or account deletion
Monitoring session data and behavioral reports Until account deletion
App crash reports (Crashlytics) 90 days
Connection diagnostic logs (WebRTC) 7 days
Analytics data (with consent) Until account deletion or consent withdrawal
Payment data and accounting records 5 years (as required by law)

10. Your Rights

Under the GDPR, you have the following rights:

  • Right of access - you can obtain information about processed data and receive a copy
  • Right to rectification - you can correct inaccurate or complete incomplete data
  • Right to erasure ("right to be forgotten") - you can request deletion of your data
  • Right to restriction of processing - you can limit the scope of data processing
  • Right to data portability - you can receive your data in a structured format
  • Right to object - you can object to processing based on legitimate interest (e.g., Crashlytics, service quality improvement)
  • Right to withdraw consent - if processing is based on consent (analytics), you can withdraw it at any time in the app settings. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal
  • Right not to be subject to automated decisions - you have the right not to be subject to decisions based solely on automated processing if they produce legal effects or similarly significantly affect you

To exercise the above rights, contact us at contact@merdilo.com.

11. Voluntariness of Providing Data

Providing personal data is voluntary, however:

  • Account data (email, password) - necessary to use the App. Not providing this data will prevent account creation and use of the service (contractual requirement)
  • Dog data (name, breed) - necessary to use monitoring features. Not providing will prevent starting monitoring sessions
  • System permissions (camera, microphone) - necessary for monitoring features. Denial will prevent transmission and sound analysis
  • Analytics consent - entirely voluntary, does not affect the ability to use the App

12. Automated Decision-Making

The App uses a machine learning model for automatic classification of dog sounds. We inform you that:

  • Audio classification is performed automatically on your device - the ML model analyzes sounds in real time and assigns them a category (barking, whimpering, howling)
  • Based on classification, automatic push notifications and behavioral reports are generated
  • These decisions do not produce legal effects and do not similarly significantly affect your situation - they are purely informational and auxiliary
  • AI analysis does not replace veterinary care or direct care of the animal
  • Classification accuracy depends on environmental conditions (background noise level, distance of the dog from the microphone) and is not guaranteed

13. Consent Management

When you first launch the App, we display a consent management dialog where you can choose:

  • Analytics (disabled by default) - collection of pseudonymized usage statistics to improve the App
  • Crash reporting (operating under legitimate interest) - you can disable it in settings

You can change your consents at any time in: Settings > Privacy.

Withdrawing consent is as easy as giving it and does not affect your ability to use the App.

14. Account and Data Deletion

You can delete your account and all associated data in two ways:

  • In the app: Go to Settings > Account > Delete Account
  • By email: Send a request to contact@merdilo.com

After account deletion:

  • All your personal data will be permanently deleted within 30 days
  • Data required by law (e.g., accounting records) will be retained for the legally required period
  • Deletion is irreversible - you will not be able to recover your account or data

15. Data Security

We implement the following technical and organizational measures to protect your data:

  • Transmission encryption - all connections are secured with HTTPS/TLS
  • WebRTC encryption - video/audio stream is encrypted with DTLS-SRTP
  • Secure password storage - passwords are hashed using Firebase Auth algorithms
  • Database access rules - Firebase Security Rules restrict data access
  • Local processing - ML analysis runs on device, without sending audio to servers
  • Regular security reviews - we monitor and update security measures

16. Cookies and Similar Technologies

The mobile app does not use cookies. However, we use the following technologies:

  • Firebase Analytics (optional, with consent) - for collecting pseudonymized usage statistics
  • SharedPreferences / UserDefaults - for storing local app settings (e.g., theme, preferences)

You can disable analytics data collection in the app settings.

17. Minors

The Merdilo App is not intended for persons under 16 years of age.

We do not knowingly collect personal data from persons under 16. If you learn that a minor has provided us with their data, please contact us - we will delete it immediately.

18. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the supervisory authority:

President of the Personal Data Protection Office (PUODO)

ul. Stawki 2

00-193 Warsaw, Poland

www.uodo.gov.pl

19. Changes to the Privacy Policy

We reserve the right to make changes to this Privacy Policy.

We will inform you of significant changes:

  • Via an in-app notification
  • By email (if you have an account)

We recommend regularly checking this page for current terms.

20. Contact

If you have questions about this Privacy Policy or the processing of your personal data, contact us:

Email: contact@merdilo.com

Address: ul. Władysława Łokietka 5, 87-100 Toruń, Poland

Software Damian Wiliński | Merdilo

© 2026 All rights reserved