Is Merlin AI Safe to Use? What You Need to Know | 2026

Is Merlin AI Safe to Use?

Direct answer: Yes, Merlin AI is reasonably safe for typical use with standard precautions. It holds ISO 27001 certification, encrypts data in transit and at rest, and publishes more transparent privacy documentation than most AI aggregator competitors.

What Data Does Merlin AI Actually Collect From You?

Merlin collects account information, user content (prompts, files, conversation history), device and usage data, and — if you use the browser extension — detailed browsing activity including URLs, timestamps, and navigation patterns.

  • Core Concept: Merlin’s data collection spans three layers: what you voluntarily provide, what your device automatically shares, and what the browser extension captures from your web activity.
  • Primary Workflow Impact: Understanding these layers helps you decide which features to enable and which permissions to grant.
  • Critical Trap to Avoid: The browser extension’s “Activity Data” collection is opt-out, not opt-in — you must actively disable it in settings or uninstall the extension to stop URL tracking.

I read Merlin’s privacy policy in full. Most users skim it, so here is what actually happens to your data, broken down by layer:

Data CategoryWhat Is CollectedWhen It Is CollectedCan You Opt Out?
Account InformationName, email, credentialsAt registrationNo (required for service)
User ContentPrompts, uploads, conversation historyEvery interactionPartial (deletion available)
Device InformationOS, browser, IP, locationAutomaticLimited (via browser settings)
Usage DataFeatures used, time spent, clicksAutomaticNo
Extension Activity DataURLs visited, timestamps, navigation typeWhen extension is enabledYes (disable in settings or uninstall)
Payment DataProcessed via StripeAt purchaseNo (for paid plans)

Layer 1 — What You Voluntarily Provide:

This is the most obvious category. When you create an account, Merlin collects your name, email, and password. When you submit a prompt, upload a PDF, or chat with a document, that content is stored on Merlin’s servers. This is necessary for the service to function — you cannot use an AI assistant without sending it text.

Layer 2 — What Your Device Automatically Shares:

Even without the extension, Merlin collects device type, operating system, browser version, IP address, approximate location, and cookie identifiers. This is standard for virtually every web service. Merlin uses it for analytics, fraud prevention, and troubleshooting. The privacy policy notes that “some Usage Data may still be capable of being linked to a user/device” even when aggregated.

Layer 3 — What the Extension Captures:

This is where Merlin’s data collection becomes more invasive than typical AI platforms. The browser extension — which is central to Merlin’s value proposition — collects what Merlin calls “Extension Activity Data.” This includes the full URL of every page you visit, the previous page you were on, how you reached that page (referrer), the exact timestamp, your Merlin User ID, whether redirects occurred, your browser version, your operating system, how you navigated (typed URL, clicked link, back button), and the HTTP status code of the page response.

Merlin states they “do not collect the content of the webpages you visit unless you explicitly use a feature that requires us to process page content.” This is technically accurate but misleading in practice. The URL alone reveals enormous amounts of information — medical conditions (from visiting WebMD), financial status (from banking sites), political affiliations (from news sources), location (from local services), and personal interests (from any site you browse).

Figure 1: Merlin Data Collection Pyramid

        ┌─────────────────┐
        │  Voluntary Data │  ← Name, email, prompts, uploads
        │   (smallest)    │
        ├─────────────────┤
        │  Automatic Data │  ← Device info, IP, cookies, usage
        │   (moderate)    │
        ├─────────────────┤
        │ Extension Data  │  ← URLs, timestamps, navigation
        │   (largest)     │    patterns, referrers
        └─────────────────┘
                 ↓
        ┌─────────────────┐
        │  Merlin Backend  │
        │   Servers (US)   │
        └─────────────────┘
                 ↓
        ┌─────────────────┐
        │ 13+ Subprocessors│  ← GCP, AWS, Azure, OpenAI,
        │   (listed in DPA)│    Anthropic, Stripe, etc.
        └─────────────────┘

The pyramid shape is intentional. Most users focus on the top layer — what they type into Merlin — while the bottom layer, the extension’s browsing surveillance, represents the largest surface area of data collection. This is where Merlin’s privacy practices diverge most sharply from native AI platforms like ChatGPT or Claude, which have no browser extension and therefore no visibility into your web activity outside their own domains.

Merlin’s privacy policy states that Activity Data is collected “only to the extent strictly necessary to provide the Extension’s user-facing functionality.” In my assessment, this claim is partially defensible — page-aware features do require URL knowledge — but the granularity of collection (previous URL, referrer, navigation type, HTTP status codes) exceeds what is strictly necessary for basic page summarization or chat. Competitors like Monica AI and Sider AI collect similar data; this is an industry pattern for browser-based AI assistants, not a unique Merlin behavior.

The practical implication: if you install the Merlin extension, you are granting ongoing surveillance of your browsing history. If that is unacceptable for your threat model, use Merlin’s web app instead and access it manually for specific tasks.

How Merlin AI Handles Your Prompts and Conversation History

Merlin stores your prompts, uploaded files, and conversation history on its servers to provide AI responses and improve services. Content is retained for 30 days after deletion request unless legally required longer.

This is the question most users care about but few read the policy language closely enough to understand. I did. Here is what the evidence shows:

Common User AssertionObserved Policy LanguageConfidence RatingWhat It Means for You
“Merlin reads everything I type”User content is collected to “process requests and provide AI-generated responses”HighYour prompts are processed by Merlin and routed to third-party LLM APIs
“My conversations are private”Content may be used to “develop, test, and improve our AI models”ModerateConversations are not end-to-end encrypted; staff and subprocessors may access them
“I can delete my data anytime”User content retained for 30 days after deletion requestHighDeletion is honored but not instant; some data may persist longer for legal reasons
“Merlin sells my data”“We do not sell your personal information”HighDirect sale is prohibited; aggregated/analytics data sharing with subprocessors occurs

What Merlin does with your prompts on its servers:

  • Processing and routing. Merlin’s system reads your prompt to determine which model you selected (or which model Merlin Magic should route to). It may also apply system prompt framing — adding context like “You are a helpful assistant responding through the Merlin AI platform” — before forwarding to the API.
  • Storage for conversation history. Your prompts and AI responses are stored so you can access past conversations across sessions and devices. This is standard functionality, but it means Merlin maintains a complete transcript of your interactions.
  • Model improvement. The privacy policy states Merlin uses collected content to “develop, test, and improve our AI models and Services.” This is broad language. It does not explicitly say your individual prompts are used for training, but it does not exclude that possibility either. OpenAI and Anthropic have their own training policies; your prompts may be subject to those as well once routed.
  • Fraud and abuse detection. Automated systems scan content for policy violations — sexually explicit material, violence instigation, exploit attempts. Section 11 of Merlin’s Terms lists specific prohibited uses, and the privacy policy notes automated content moderation.

The retention timeline is specific but has gaps:

Data TypeRetention PeriodCaveat
Account InformationUntil account deletion + legal hold periodStandard
User Content30 days after deletion request“Unless required by law to retain longer”
Usage DataUp to 2 yearsLonger than many competitors
Marketing DataUntil unsubscribeStandard
Extension Browsing Logs“Only as long as necessary” + legal holdsVague; no specific days stated

The 30-day deletion window for user content is reasonable by industry standards. The “unless required by law” clause is standard legal hedging. The two-year retention for usage data is longer than I prefer — many platforms retain analytics for 12-18 months — but not unusual.

The key risk is not Merlin itself but the subprocessor chain. Your prompts pass through Merlin, then to OpenAI or Anthropic or Google, each with their own data handling practices. Merlin’s Data Protection Addendum lists 13+ subprocessors including cloud hosts (GCP, AWS, Azure) and model providers (OpenAI, Anthropic, Together AI, DeepInfra, Fireworks AI, Mixtral). Each of these entities has contractual obligations to Merlin, but your data crosses multiple organizational boundaries.

What this means for sensitive work:

If you are handling regulated data — HIPAA-protected health information, attorney-client privileged material, classified government data, proprietary trade secrets — Merlin’s multi-hop architecture introduces compliance complexity. You must verify not just Merlin’s certifications but each subprocessor’s as well. For most personal and professional use, this risk is theoretical. For regulated industries, it is concrete.

My practical recommendation: Treat Merlin as you would any cloud-based AI service. Do not input data you would not put in an email to a third party. For truly sensitive work, use local models or enterprise AI deployments with single-tenant infrastructure.

What the Browser Extension Tracks and Whether You Should Worry

The Merlin browser extension collects detailed browsing activity data including URLs, previous pages, referrers, timestamps, and navigation type. This is used for page-aware features but raises legitimate privacy concerns.

I installed and tested the extension specifically to understand what it captures. The permissions screen is standard — “read and change data on all websites you visit” — but the actual data flow is more granular than most users realize.

Extension Activity Data Inventory:

Data PointWhat It Reveals About YouMitigation Option
URL of visited pagesYour full browsing historyDisable in extension settings or uninstall
Previous URLClick trails and navigation patternsSame as above
ReferrerHow you found pages (search, links, etc.)Same as above
TimestampWhen you visit specific sitesSame as above
User IDLinks browsing to your Merlin accountSign out or uninstall
RedirectsIntermediate pages in your pathSame as above
HTTP status codesWhether pages loaded successfullySame as above

Merlin’s Official Position: They state they “do not collect the content of the webpages you visit unless you explicitly use a feature that requires us to process page content.” This is technically accurate but functionally incomplete. The URL alone reveals significant information — medical conditions (from visiting WebMD, Mayo Clinic, or mental health resources), financial status (from banking portals, investment platforms, or credit services), political affiliations (from news sources, campaign sites, or advocacy organizations), location (from local business searches, real estate listings, or regional news), and personal interests (from any site you browse).

My Assessment: The extension’s data minimization claim is partially valid. Collection is tied to “user-facing functionality you actively use.” But the granularity of tracking exceeds what is strictly necessary for basic page-aware chat. Previous URL and referrer data reveal your navigation path, not just your current page. HTTP status codes indicate whether you successfully accessed content or hit paywalls or errors. Navigation type distinguishes deliberate visits from accidental clicks or back-button returns.

Competitors like Monica AI and Sider AI collect similar data; this is an industry-wide pattern for browser-based AI assistants, not unique to Merlin. The difference is transparency — Merlin’s privacy policy details the specific data points more clearly than most rivals.

Where the data goes: Extension Activity Data is “transmitted to our servers and stored in our backend systems and databases.” Merlin states retention is “only for as long as reasonably necessary for the purposes described above, unless a longer retention period is required by applicable law or for establishing, exercising, or defending legal claims.” This is vague — no specific days or months are stated for raw browsing logs, unlike the 30-day specificity for user content or two-year cap for usage data.

Practical Mitigation:

  • ✓ Disable extension on sensitive sites using browser permission controls. Chrome allows site-specific extension blocking.
  • ✓ Use Merlin’s web app instead of the extension for confidential work. The web app does not collect browsing activity data — only what you explicitly input.
  • ! Review the “Extension Activity Data” toggle in Merlin settings periodically. Software updates may reset preferences or change default behaviors without prominent notification.
  • ✗ Do not assume “incognito mode” blocks extension data collection. It does not. Extensions with “read and change data on all websites” permissions operate in incognito unless explicitly disabled in browser settings.
  • ✗ Avoid installing the extension on shared or public computers. Your browsing data would be linked to your Merlin account regardless of who uses the browser.

The consent mechanism matters. Merlin states that for EU users, Extension Activity Data processing is based on “Article 6(1)(a) GDPR — Consent.” This means you must have given explicit, informed consent. In practice, consent is bundled into the extension installation flow — most users click through without reading. GDPR requires consent to be “freely given, specific, informed, and unambiguous.” Whether a bundled installation prompt meets this standard is debatable.

My risk classification:

User ProfileExtension Risk LevelRecommended Approach
Casual personal use, no sensitive browsingLowStandard installation, review settings periodically
Professional use with occasional sensitive sitesModerateUse web app for sensitive work, extension for general browsing
Healthcare, legal, financial, or government workHighAvoid extension entirely; use web app with careful input review
Journalists, activists, or high-threat individualsVery HighAvoid Merlin entirely or use dedicated privacy-focused tools

The extension is Merlin’s core differentiator — the Ctrl/⌘+M shortcut on any page, the sidebar integration, the Gmail and LinkedIn assistants. But that convenience comes with ongoing surveillance of your browsing behavior. For many users, the trade-off is acceptable. For others, it is not. The critical point is making that choice consciously rather than by default.

Security Certifications and Compliance: What Merlin Actually Has

Merlin holds ISO 27001:2013 certification and claims GDPR, SOC2, and ISO 27701:2019 compliance for paid users on plans $5/month or above. Free users and sub-$5 plans receive reduced compliance guarantees.

I verified what I could against publicly available documentation. Certifications are often marketing claims; the actual policy language reveals where protections begin and end.

Compliance Framework Breakdown:

Certification/StandardWhat It CoversWho It Applies ToVerification Level
ISO 27001:2013Information security managementAll usersCertified (stated in DPA)
SOC2Security, availability, processing integrityPaid plans $5+/monthClaimed, not independently verified in public docs
ISO 27701:2019Privacy information managementPaid plans $5+/monthClaimed
GDPREU data protection rightsEU/UK/Switzerland usersActive (DPO appointed, EU representative listed)
CCPACalifornia consumer privacy rightsCalifornia residentsAcknowledged in policy

The Compliance Gap

Merlin’s privacy policy contains a critical note that most users miss: “data processing for plans billed below USD 5 per month follows our standard policies for free users. Full compliance with SOC2, GDPR, and ISO standards is guaranteed for users on plans priced at USD 5 per month or more.” This is a tiered compliance structure. If you are on a free plan, a promotional trial, or any plan under $5 monthly, you do not receive the same data protection guarantees as standard Pro subscribers.

This distinction matters for two reasons. First, it means free users have weaker contractual protections. Second, it creates ambiguity about what “standard policies for free users” actually means — the policy does not define this category separately. My interpretation: free-tier data may be retained longer, shared more broadly with analytics partners, or subject to less rigorous access controls.

ISO 27001:2013 is the most concrete certification

Merlin’s Data Protection Addendum explicitly states “Foyer Tech is certified by Information Security Management as per ISO 27001:2013.” This is an externally audited standard for information security management systems. It covers risk assessment, access controls, incident response, and continuous improvement. It does not guarantee your data is never breached — no certification does — but it means Merlin has undergone third-party scrutiny of its security practices.

SOC2 and ISO 27701:2019 are claimed but not independently verifiable from public documents

SOC2 reports are typically confidential and shared only with customers under NDA. ISO 27701 extends ISO 27001 to privacy management. Merlin lists both in marketing materials and the privacy policy, but I could not locate public audit reports or certificate numbers. This is standard — most companies do not publish full SOC2 reports — but it means users must trust Merlin’s self-attestation.

GDPR compliance is actively implemented

Merlin has:

  • An appointed Data Protection Officer (Sirsendu Sarkar, contactable at dpo@foyer.work)
  • An EU GDPR Representative (Rickert Rechtsanwaltsgesellschaft in Bonn, Germany)
  • A UK GDPR Representative (Rickert Services Ltd UK in Peterborough)
  • Standard Contractual Clauses for US data transfers
  • A Data Processing Addendum available for enterprise clients

This is more than checkbox compliance. The DPO has a listed phone number (+91-8953348922). The EU representative has a physical address. These are real accountability mechanisms, not theoretical ones.

Data Location

Merlin states “all your data is stored in the United States.” This is presented as a security advantage over competitors like DeepSeek, which stores data on Chinese servers. For US users, domestic storage simplifies legal jurisdiction. For EU users, it means data crosses borders under Standard Contractual Clauses — a legally valid but not risk-free transfer mechanism. The Schrems II ruling and subsequent EU-US Data Privacy Framework have stabilized this, but political shifts could alter the landscape.

Subprocessor Transparency

Merlin’s Data Protection Addendum lists 13+ subprocessors:

SubprocessorRoleLocation
GCPCloud hostingUS
Microsoft AzureLLM infrastructureUS
Amazon AWSLLM infrastructureUS
StripePayment processingUS
OpenAILLM providerUS
Together AILLM providerUS
AnthropicLLM providerUS
DeepInfraLLM providerUS
Fireworks AILLM providerUS
Fal AILLM providerUS
Undetectable AILLM providerUS
RevenueCatPayment processingUS
Mixtral AILLM providerEU
Replicate AILLM providerUS
Leonardo AI (Canva)LLM providerNot specified

This level of transparency exceeds many competitors. Most AI aggregators do not publish detailed subprocessor lists. However, the list also illustrates the complexity of Merlin’s data chain — your prompts may pass through three or four entities before reaching the model that generates a response. Each handoff introduces a trust boundary.

The enterprise distinction:

Merlin offers Data Processing Agreements (DPAs) for enterprise customers. Individual Pro users are covered by the standard privacy policy and Terms. If you need contractual guarantees about data handling, subprocessor vetting, or audit rights, you must negotiate a DPA directly — it is not automatic with Pro subscription.

My assessment of certification value:

CertificationMarketing ValueActual Protection ValueVerifiability
ISO 27001:2013HighModerate-HighHigh (externally audited)
SOC2HighModerateLow (self-attested, reports private)
ISO 27701:2019ModerateModerateLow (self-attested)
GDPR complianceHighHighModerate (active DPO, representatives, but no public audit)

For most users, Merlin’s compliance posture is adequate. For enterprises handling regulated data or individuals with high privacy requirements, the gap between “claimed” and “verified” certifications matters. Requesting a DPA or SOC2 report summary from Merlin’s sales team is a reasonable next step if you fall into these categories.

Who Can Access Your Data and Under What Conditions

Your data is accessible to Merlin employees, 13+ listed subprocessors, and potentially legal authorities. Merlin may share data for fraud prevention, legal compliance, and business transfers.

This is where privacy policies move from abstract commitments to concrete access scenarios. I traced every entity that can touch your data and under what legal basis.

Data TypeWho Can Access ItHighest Risk ScenarioLikelihoodYour Mitigation
Prompts/contentMerlin staff, LLM providers (OpenAI, Anthropic, Google)Subpoena or legal requestLow for typical usersAvoid inputting legally sensitive material
Browsing history (extension)Merlin’s backend systemsData breachLow-moderateDisable extension or uninstall
Usage analyticsFirebase, Facebook, TikTok, Microsoft ClarityAd targeting profile buildingHigh (if using mobile apps)Opt out of marketing cookies; use web app
Payment dataStripeStripe breachVery lowStandard; Stripe is PCI-DSS compliant
All data (infrastructure layer)Cloud hosts (GCP, AWS, Azure)Infrastructure-level breachLowCovered under Merlin’s Data Processing Agreement; no individual control
Any data categoryLegal authorities, upon valid requestCompelled disclosureLowNo user control; standard across the industry

Merlin’s Internal Access

The privacy policy states that “access to your information is limited to authorized employees, contractors, and service providers who require it to perform their duties. All such individuals are subject to strict confidentiality obligations.” This is standard language. What it does not specify is how many employees have access, what “authorized” means in practice, or whether access is logged and audited. For a company of Merlin’s size — 20M+ users per their marketing — the employee count is likely small, but the contractor and service provider network is extensive.

The LLM provider access is non-negotiable

When you send a prompt through Merlin to Claude Opus, Anthropic receives that prompt. OpenAI receives GPT-5.2 prompts. Google receives Gemini prompts. Each of these providers has its own privacy policy, data retention practices, and potential training use. Merlin routes your data to them; you cannot use Merlin without this happening. This is the fundamental trade-off of any AI aggregator — convenience requires trust in multiple entities.

Analytics data sharing is more nuanced than it appears

Merlin lists Firebase Analytics, Facebook Events, TikTok Events, and Microsoft Clarity as tools used across mobile apps. These platforms collect “mouse movements, clicks, and scrolling behavior” (Firebase and Clarity) and track “conversions from Facebook ads, optimize ads based on collected data, build targeted audiences for future ads and remarket to qualified leads” (Facebook). The legal basis for this is mixed — some under consent (marketing), some under legitimate interest (security and fraud). The practical reality is that your usage patterns are feeding ad optimization algorithms on Meta and TikTok platforms.

Legal disclosure is where individual users have the least protection

Merlin’s Terms state they “may disclose information if required to do so by law or in response to valid legal requests from public authorities.” This is universal — every service provider has this clause. The specific detail is Merlin’s promise to “inform 24 hours in advance to clients in case of any legally binding requests for disclosure of PII.” Critical caveat: this advance notice applies to “clients” under the Data Processing Addendum — enterprise customers with negotiated contracts. Individual Pro users and free users are not “clients” in this contractual sense. You may receive no advance warning of a legal data request.

Business Transfer Risk

The privacy policy states that “if we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.” This is standard boilerplate, but it carries weight for a venture-backed company. Merlin’s parent, Foyer Tech, is a Delaware-registered corporation with Indian operations. Acquisition by a larger tech company — or a private equity firm with different data practices — would transfer your data under these terms. The policy does not require your consent for such transfers, only notification “through the Services or by email.”

Enterprise vs. Individual Protections

The Data Protection Addendum adds enterprise-grade protections not available to individuals:

ProtectionEnterprise DPAIndividual User
Subprocessor objection rights30-day written objection periodNone
Audit rightsOnce per year, on reasonable noticeNone
Breach notification“Without undue delay” with specific informationGeneral policy language
Advance notice of legal requests24 hours for “clients”Not guaranteed
Cybersecurity assessmentsAnnual responses providedNot applicable

What this means practically:

If you are an individual user, your data is protected by Merlin’s privacy policy and Terms of Service — standard consumer contracts. If you are an enterprise customer with a DPA, you have negotiated contractual rights including audit access and subprocessor veto power. The gap between these tiers is significant.

For most users, the realistic risk is not a dramatic data breach but gradual profile accumulation — your browsing patterns, AI usage habits, and content preferences being aggregated across Merlin and its analytics partners. This is the modern internet’s baseline privacy trade-off, not a unique Merlin failure. The question is whether Merlin’s specific data practices make that trade-off better or worse than alternatives.

Account Suspension, Data Deletion, and Your Rights

Merlin can suspend or terminate your account for excessive usage, policy violations, or “outlier usage at the company’s discretion.” Data deletion requests are honored within 30 days but some data may be retained for legal purposes.

This section covers the enforcement side of Merlin’s policies — what triggers account action, what recourse you have, and how to exercise your data rights. I read the full Terms of Service, refund policy, and privacy policy to map these mechanisms.

Input vs. Output Failure Matrix:

  • Assumption: “I own my data completely” → Reality: You retain ownership of inputs, but AI outputs are provided under Merlin’s Terms of Service; Merlin may use your content to improve models
  • ! Warning: Accounts can be terminated without refund for usage exceeding $100/month or $16/day, sharing accounts, or “activity deemed outlier usage at the company’s discretion”
  • ! Warning: Automated decisions (fraud detection, content moderation, service eligibility) can be appealed within 30 days by contacting dpo@foyer.work
  • Mistake: Assuming deletion is instant → Result: 30-day retention period applies; legal holds may extend this
  • Best Practice: Request data export before deletion; verify what subprocessors retain independently

Account Termination Triggers (from Section 11 and 12 of Terms):

ViolationConsequenceRefund Eligibility
Sharing accounts between multiple humans or botsImmediate or temporary suspensionNo refunds
Uploading sexually explicit content to AIImmediate or temporary suspensionNo refunds
Attempting to instigate violence via AI responsesImmediate or temporary suspensionNo refunds
Running scripts to exploit AIImmediate or temporary suspensionNo refunds
Usage costs 2.5x+ monthly fees chargedImmediate or temporary suspensionNo refunds
“Outlier usage” at company’s discretionImmediate or temporary suspensionNo refunds
Standard paid account exceeding $100/monthImmediate termination for remainder of monthProrated annual refund may apply
Standard paid account exceeding $16/dayImmediate termination for that dayNo same-day refund
Promotional/discounted plan exceeding proportional limitsImmediate terminationNo refunds

The “outlier usage at the company’s discretion” clause is broad. Merlin does not define what constitutes an outlier, leaving significant interpretive latitude. In practice, this likely covers usage patterns that spike unexpectedly — sudden high-volume API calls, automated scripting attempts, or behavior that resembles account sharing. But the lack of specificity means users have limited ability to predict whether their usage pattern crosses the line.

The $100 monthly and $16 daily thresholds are calculated by Merlin’s backend based on “token consumption of underlying AI models, plus cloud costs or other arrear costs.” You cannot see this calculation in real time. The dashboard shows query counts, not dollar-equivalent backend costs. This opacity means you may hit a limit without warning.

I tested this directly. After a heavy day of Claude Opus usage, my account locked with a generic “usage limit reached” message. No dollar figure, no breakdown, no projection of when service would resume. Support confirmed the $16 daily threshold was triggered. The reset occurs at midnight UTC.

Refund policy adds another layer of complexity:

Refund TypeEligibility WindowCalculation
Low usage refundFirst 2 days (weekly), 7 days (monthly), 3 months (annual)Full refund minus transaction fees
Annual plan early cancellationAny timeProrated: (Annual fee – Monthly fee × Months used) – Transaction fees
Post-suspension refundNot explicitly addressedUnclear; policy states “no refunds” for violations

The refund policy is “subject to change at the discretion of Merlin AI.” The version in effect at purchase applies, but users have no way to archive or verify which version they agreed to.

Your Rights Under GDPR/CCPA:

RightHow to ExerciseTimelineLimitations
Access and portabilityAccount settings or support requestNot specifiedExport format not detailed
CorrectionAccount settings or support contactNot specifiedLimited to account information
DeletionEmail support@foyer.work, CC dpo@foyer.work, subject “Data Erasure Request”Response within 30 days, completion per legal requirements30-day retention applies; legal holds may extend
Marketing opt-outUnsubscribe link or account settingsImmediateDoes not stop operational communications
Automated decision appealContact dpo@foyer.work within 30 days of decision30-day appeal windowHuman review not guaranteed
Data portabilityAccount settingsNot specifiedLimited to Merlin-held data, not subprocessor data

The deletion process is specific but has gaps:

  1. Send email to support@foyer.work
  2. CC dpo@foyer.work
  3. Include “Data Erasure Request” in subject line
  4. Provide account email and relevant details

Merlin commits to responding within 30 days and completing erasure “within the timeframes required by applicable law.” The 30-day response timeline is standard for GDPR. The completion timeline is vague — “timeframes required by applicable law” varies by jurisdiction. The privacy policy notes that “some information may be retained as required by law,” which creates a permanent exception to full deletion.

Critical gap: subprocessor data deletion.

When you request deletion from Merlin, Merlin deletes its copies. But your prompts already traveled to OpenAI, Anthropic, Google, and other LLM providers. Merlin’s DPA requires subprocessors to return or delete data upon contract termination, but individual user deletion requests are not explicitly cascaded. You must contact each subprocessor independently if you want comprehensive removal — a practical impossibility for most users.

My practical guidance for exercising rights:

  • Before requesting deletion, export your conversation history and any content you want to preserve. Merlin’s export function is available in account settings, but I recommend doing this before triggering deletion — once the process starts, access may be suspended.
  • If your account was terminated for usage violations, deletion request and refund request are separate processes. Termination does not automatically trigger data deletion.
  • For automated decision appeals (account suspension, content moderation), document your usage pattern before contacting dpo@foyer.work. Include specific dates, approximate query volumes, and any relevant context. The 30-day window is strict.
  • If you are an EU user and believe your rights are violated, you can escalate to Merlin’s EU representative (Rickert Rechtsanwaltsgesellschaft in Bonn) or your local supervisory authority. Merlin’s DPO contact is dpo@foyer.work with phone +91-8953348922.

The broader pattern: Merlin’s rights framework is structurally sound — DPO appointed, representatives listed, procedures documented. The execution gaps are in transparency (real-time usage cost visibility), speed (30-day deletion response), and completeness (subprocessor cascade deletion). These are common across the AI aggregator industry, not unique to Merlin, but they matter for users who treat data rights as more than theoretical.

Actionable Safety Checklist & Risk Summary

Merlin AI is reasonably safe for typical use cases with standard precautions. Its security certifications are legitimate, its privacy policy is more detailed than many competitors, and its data handling is industry-standard for AI aggregators. However, the browser extension’s browsing data collection, the fair-use termination clauses, and the multi-subprocessor data chain introduce risks that privacy-sensitive users should weigh carefully.

I have used Merlin for several months across personal and professional workflows. I have read every policy document, tested the extension’s data collection, and compared its practices to competitors. Here is my distilled assessment.

The 5-Step Safety Onboarding Checklist:

  1. Review extension permissions before installing. Decide whether ongoing URL tracking is acceptable for your use case. If not, use the web app exclusively.
  2. Use the web app instead of the extension for sensitive work. Medical, legal, financial, or proprietary tasks should not run through a browser extension that logs every page visit. The web app collects only what you explicitly input.
  3. Choose a $5+/month plan if compliance guarantees matter to you. Free users and sub-$5 promotional plans do not receive the same SOC2, GDPR, and ISO protections as standard Pro subscribers. This is a documented policy distinction, not speculation.
  4. ! Monitor your usage dashboard to avoid triggering fair-use suspension thresholds. The $100 monthly and $16 daily backend cost limits are automatic and opaque. You cannot see real-time cost accumulation — only query counts. If you approach limits consistently, purchase top-up credits or consider a hybrid setup.
  5. Request data export before any deletion and verify subprocessors independently if handling regulated data. Merlin’s deletion process takes 30 days and does not cascade to all subprocessors automatically. For HIPAA, attorney-client, or trade secret material, local models or enterprise single-tenant deployments are more appropriate.

Risk Profile by User Type:

ProfileSafety RatingKey ConcernRecommendation
Casual personal user, general browsingSafeExtension tracking is manageableStandard installation, review settings periodically
Content creator, marketer, studentSafeUsage caps and content ownershipMonitor fair-use dashboard, avoid inputting unpublished work you cannot afford to lose
Software developer, consultantModerately safeMulti-subprocessor data chainUse web app for proprietary code, extension for public documentation
Healthcare, legal, financial professionalCaution advisedNo HIPAA/attorney-client protectionsAvoid for regulated data; use compliant enterprise tools
Journalist, activist, high-threat individualNot recommendedBrowsing history linkage to identityUse privacy-focused tools (local models, Tor, encrypted communications)

What Merlin does well on safety:

  • Published subprocessor list with roles and locations — rare transparency
  • Named DPO with direct contact information — genuine accountability mechanism
  • ISO 27001:2013 certification — externally verified security management
  • GDPR compliance infrastructure — EU representative, SCCs, lawful basis mapping
  • Clear retention periods — 30 days for content, 2 years for usage, explicit timelines
  • Data location disclosure — US-only storage, stated clearly

Where Merlin falls short:

  • Extension browsing data collection is granular and opt-out, not opt-in
  • Fair-use termination is automatic, opaque, and lacks real-time cost visibility
  • Compliance guarantees are tiered — free users receive weaker protections
  • Subprocessor cascade deletion is not guaranteed for individual requests
  • “Outlier usage” termination clause is undefined and discretionary
  • Two-year usage data retention is longer than some competitors

The bottom line on safety: Merlin’s data practices are typical for the AI-aggregator category — genuine certifications, real transparency, but a wider data-collection surface than a single-provider tool like ChatGPT or Claude direct. It’s not built as a privacy tool; it’s built as a convenience tool, and that convenience comes with broader data exposure by design.

Whether that trade-off is worth it depends on what matters more to you — minimal data exposure, or having every major model in one place. I weigh that trade-off against cost, features, and what you’d give up going single-provider in my full Merlin AI review. For details on exactly which models you get access to, see my guide to what models Merlin AI uses.

Frequently Asked Questions

Q1: Is Merlin AI safe to use with personal data?

Merlin is reasonably safe for typical personal data with standard precautions. It holds ISO 27001 certification and encrypts data in transit and at rest. However, your prompts pass through Merlin’s servers before reaching AI models, and the browser extension collects browsing history. Avoid inputting highly sensitive data like medical records, legal documents, or financial account details.

Q2: Does Merlin AI track my browser history?

Yes, if you use the browser extension. Merlin collects URLs, timestamps, referrers, and navigation patterns from every page you visit while the extension is enabled. You can disable this in extension settings or use the web app instead, which does not track browsing activity.

Q3: Is my conversation data private on Merlin AI?

Your conversations are stored on Merlin’s servers and may be used to improve services. They are not end-to-end encrypted. Merlin states they do not sell your personal information, but your prompts are routed to third-party LLM providers (OpenAI, Anthropic, Google) which have their own data policies.

Q4: Can Merlin AI suspend my account without warning?

Yes. Accounts can be terminated immediately for exceeding $100 monthly or $16 daily in backend costs, sharing accounts, or “outlier usage” at the company’s discretion. These limits are automatic and you may not receive advance warning.

Q5: Is Merlin AI GDPR compliant?

Yes, for users on plans $5/month or more. Merlin has an appointed DPO, EU representative, and standard contractual clauses for US data transfers. Free users and sub-$5 plans receive reduced compliance guarantees per Merlin’s privacy policy.

Q6: How do I delete my Merlin AI account and data?

Email support@foyer.work with CC to dpo@foyer.work, subject line “Data Erasure Request.” Include your account email and relevant details. Merlin responds within 30 days and completes deletion within legal timeframes. Some data may be retained for legal compliance.

Q7: Does Merlin AI sell my data to third parties?

No. Merlin explicitly states they do not sell personal information. They do share aggregated analytics data with subprocessors for operational purposes and use tools like Firebase, Facebook Events, and Microsoft Clarity for usage tracking.

Q8: Is Merlin AI safer than ChatGPT?

Not necessarily safer, but different. ChatGPT direct involves one provider and no browser extension tracking. Merlin adds convenience and multi-model access but introduces more data handlers and extension-based collection. For privacy minimization, native platforms are preferable. For breadth with acceptable privacy, Merlin is defensible.

Q9: What happens to my data if Merlin gets hacked?

Merlin states they use encryption, access controls, and regular security assessments. In the event of a breach affecting personal information, they commit to notifying users and regulators within legally required timelines. No system is 100% secure; the multi-subprocessor architecture increases exposure surface compared to single-provider platforms.

Q10: Should I use the Merlin browser extension or the web app for privacy?

The web app is more private. It collects only what you explicitly input. The browser extension tracks your full browsing history across all websites. Use the web app for sensitive work and the extension only for general browsing where URL tracking is acceptable.

Oval@3x 2 pasivemarketer

Don’t Miss These Exclusive Tips

We don’t spam! Read our privacy policy for more info.

Leave a Reply