Privacy Policy

Last revised: June 3rd, 2026
This Privacy Policy describes how Angle Labs, Inc., a company incorporated in the British Virgin Islands ("Merkl", "we", "our", or "us"), collects and uses information when you use the Merkl Developer Portal at developer.merkl.xyz, the Merkl API, the Analytics API, and any other interface that links to this Privacy Policy (together, the "Developer Portal").This policy only covers information collected through the Developer Portal itself. It does not cover information recorded on public blockchains, which by their nature are decentralized, permissionless, and outside our control.By using the Developer Portal, you agree to the practices described in this Privacy Policy. If you do not agree, please stop using the Developer Portal.

1. Scope

This Privacy Policy applies to all visitors and users of the Developer Portal. It does not apply to:
  • Data stored on public blockchains, such as transactions, wallet activity, and on-chain reward distributions, which is publicly accessible and not controlled by us.
  • Third-party websites or services linked from the Developer Portal, which have their own privacy policies.
  • Our internal business operations or commercial relationships with clients, which are governed by separate agreements.

2. What We Collect

We aim to collect as little personal data as possible. Our focus is on operating the Developer Portal, authenticating developer accounts, issuing API keys, and understanding aggregate usage — not on identifying individual visitors.

2.1 Information collected automatically

When you visit the Developer Portal, we and our analytics providers automatically collect technical and usage information, such as:
  • Device and browser information (browser type and version, operating system, screen size, language).
  • Approximate location derived from IP address, typically at country or city level.
  • Usage information, including pages visited, time spent on pages, referring URL, buttons clicked, and navigation paths.
  • Error reports and diagnostic information when the Developer Portal fails to load or behaves unexpectedly.

2.2 Information you provide

Some interactions involve information you actively provide, for example when you:
  • Sign in with Google, in which case we receive the Google account data described in Section 3 below.
  • Connect a self-custodial wallet to authenticate, in which case the Developer Portal reads your public wallet address. We do not request or store private keys, and we do not custody any funds.
  • Generate or manage API keys, in which case we store the account data described in Section 4 below.
  • Contact us by email or through a form, in which case we receive your contact details and your message.

3. Google Sign-In Data

The Developer Portal lets you create and access a developer account by signing in with Google ("Sign in with Google"). This section explains exactly what Google user data we access, how we use it, and how it is shared, protected, retained, and deleted.

3.1 What we receive from Google

When you choose to sign in with Google, Google shares a limited set of profile information from your Google account with us, namely:
  • Your name (as set on your Google account);
  • Your email address and whether it is verified;
  • Your Google account profile picture and unique Google account identifier.
We do not request access to your Gmail, Google Drive, contacts, calendar, or any other Google service. We only request the basic profile and email scopes needed to authenticate you.

3.2 How we use Google user data

We use this Google account data solely to provide and improve the Developer Portal, specifically to:
  • Create your developer account and authenticate you on subsequent visits;
  • Associate the API keys you generate with your account;
  • Display your name, email, and profile picture in the account menu so you know who is signed in;
  • Contact you about your account, API access, or security matters where necessary.
We do not sell Google user data, use it for advertising or to build advertising profiles, use it to train generalized or non-personalized AI/ML models, or transfer it to data brokers or for any purpose unrelated to providing the Developer Portal.

3.3 How Google user data is shared, retained, and deleted

Google account data is shared only with the limited service providers described in Section 8 (for example, our authentication and hosting providers), acting on our behalf under confidentiality and security obligations. We retain your Google account data for as long as your developer account remains active. You can ask us to delete your account and associated Google data at any time by contacting [email protected], after which we will delete it within the timeframes described in Section 10, except where retention is required by law.Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

4. API Keys & Account Data

When you generate an API key, we store a hashed representation of the key, the metadata you assign to it (such as a label and creation date), and the identifier of the account that created it (your Google account or wallet address). We use this data to authenticate your API requests, enforce rate limits and access controls, and let you manage or revoke your keys. We never display the full secret value of a key again after it is first shown to you.

5. Cookies and Similar Technologies

We use cookies and similar technologies for two main purposes:
  • Strictly necessary cookies, which are required for the Developer Portal to function, for example remembering your session, sign-in state, or preferences. These cannot be disabled.
  • Analytics cookies, which help us understand aggregate usage patterns of the Developer Portal. These are used to improve the product, not to track individual users across the web.
You can configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of the Developer Portal may not work properly.

6. Analytics and Monitoring Providers

We use the following third-party analytics and monitoring tools. These tools may set cookies or collect technical information when you use the Developer Portal:

6.1 Google Analytics

We use Google Analytics, provided by Google LLC, to understand how visitors interact with the Developer Portal. Google Analytics collects information such as pages viewed, session duration, and approximate location. We configure Google Analytics with IP anonymization where available. You can opt out by installing the browser add-on available at tools.google.com/dlpage/gaoptout.

6.2 Mixpanel

We use Mixpanel, provided by Mixpanel, Inc., to analyze how features of the Developer Portal are used. Mixpanel collects information about events triggered in the Developer Portal, such as clicks and page views, along with basic device information. We use this data in aggregate to improve product flows and prioritize features.

6.3 Sentry

We use Sentry, provided by Functional Software, Inc., to monitor errors and performance issues. When the Developer Portal encounters an error, Sentry receives technical information about the error, including the affected page, browser, and a stack trace. We use this strictly to detect and fix bugs.
Each of these providers acts as a separate data controller or processor under their own terms. We recommend reviewing their privacy policies for full details.

7. How We Use Information

We use the information described above to:
  • Operate, maintain, and secure the Developer Portal, including authenticating you and issuing API keys.
  • Understand aggregate usage patterns and improve the product.
  • Detect, prevent, and fix bugs, errors, and abuse, and enforce API rate limits and access controls.
  • Respond to your messages and support requests.
  • Comply with applicable laws and respond to lawful requests from authorities.
We do not sell your personal information, and we do not use it for behavioral advertising.

8. How We Share Information

We share information only in limited circumstances:
  • Service providers, such as our authentication, analytics, error-monitoring, hosting, and email providers, who process information on our behalf and under contractual confidentiality and security obligations.
  • Professional advisors, such as lawyers, accountants, and auditors, where necessary for legal or regulatory compliance.
  • Corporate transactions, in connection with a merger, acquisition, financing, reorganization, or sale of all or part of our business.
  • Legal obligations, where required by law, court order, or other valid legal process.
  • With your consent, or at your direction.

9. International Transfers

Some of our service providers are located outside the European Economic Area, in particular in the United States. When we transfer personal data outside the EEA or the United Kingdom, we rely on appropriate safeguards, such as Standard Contractual Clauses, to ensure that your data benefits from an equivalent level of protection.

10. Data Retention

We keep personal data only for as long as needed for the purposes described in this Privacy Policy, or as required by applicable law. Account and API key data is kept while your developer account remains active and deleted on account closure or request. Aggregate or de-identified analytics data may be kept for longer periods, as it no longer identifies you.

11. Security

We use reasonable technical and organizational measures to protect the information we collect, including hashing API key secrets and encrypting data in transit. No method of transmission over the Internet is fully secure, however, and we cannot guarantee absolute security.

12. Your Rights

Depending on where you are located, you may have rights regarding your personal data, including the right to:
  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data, including your developer account and Google sign-in data.
  • Object to or restrict certain processing.
  • Request portability of your data.
  • Withdraw consent at any time, where processing is based on consent.
  • Lodge a complaint with your local data protection authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).
Please note that we cannot modify or delete data recorded on public blockchains. Such data is outside our control. To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law, typically within one month under the GDPR.

13. Children

The Developer Portal is not directed to children under the age of 16, and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, please contact us so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last revised" date at the top of the page. Material changes will be communicated through the Developer Portal or by other appropriate means.

15. GDPR: Controller and Legal Bases

For users in the European Economic Area and the United Kingdom, the data controller is Angle Labs, Inc., a company incorporated in the British Virgin Islands. Our legal bases for processing personal data are:
  • Performance of a contract, where processing is necessary to provide a service you have requested, such as authenticating your account and issuing API keys.
  • Legitimate interests, in operating, securing, and improving the Developer Portal, where these interests are not overridden by your rights and freedoms.
  • Consent, in particular for non-essential cookies and for marketing communications.
  • Legal obligations, where processing is necessary to comply with applicable law.

16. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at [email protected]. In the event of any conflict between this Privacy Policy and any non-English translation, the English version controls.