Important Notice — Children's Privacy
Merfi is designed for use with children who have Autism Spectrum Disorder (ASD). Because it is used with children under 13, we collect a limited amount of information generated by a child's use of the device and app. This Policy explains how we comply with the Children's Online Privacy Protection Act (COPPA) and describes your rights as a parent or guardian.
1.Who We Are
Sensory Solutions LLC (“Sensory Solutions,” “Merfi,” “we,” “our,” or “us”) provides the Merfi comfort companion device and mobile application (the “App”) designed to help children with Autism Spectrum Disorder (ASD) navigate sensory transitions and daily routines.
Our registered address is in the State of Utah. For privacy inquiries, contact us at:
Privacy Officer: James Spencer
Email: JamesSpencer152@gmail.com
Website: https://www.getmerfi.com
2.Scope of This Policy
This Privacy Policy applies to:
- The Merfi mobile application (iOS and Android)
- Our website and any related online services
- Information collected through the Merfi companion device
- Communications between you and Sensory Solutions
This Policy does not apply to third-party websites or services linked from our App. Please review the privacy policies of those services separately.
3.Information We Collect
3.1 Information About Parents and Caregivers (Adults)
When you create an account or use our services, we collect:
- Name, email address, and account password
- Billing information for paid subscription tiers (processed by third-party payment processors; we do not store card numbers)
- Device type, operating system, and app version
- Usage data: features accessed, session duration, app interactions
- Customer support communications
3.2 Information About Children Under 13 (COPPA-Protected)
With verifiable parental consent (described in Section 5), we collect a limited set of information generated by your child's use of the device and App. We do not collect your child's name. This information is stored under a pseudonymous account identifier rather than your child's identity:
- Child's age range (not exact date of birth)
- Behavioral and sensory interaction data: transitions completed, routines followed, device usage patterns, and comfort-response metrics
- Session timestamps and duration
- Device pairing and connectivity data
What We Do NOT Collect About Children
We do not collect children's names, photographs, precise geolocation, school information, or any government identification numbers. We do not allow children to post publicly or communicate with third parties through our App. Program data is keyed to a pseudonymous account ID rather than to your child's identity.
3.3 Automatically Collected Information
Our App automatically collects certain technical information to operate the service:
- IP address (truncated to protect privacy)
- App crash reports and diagnostic data
- Aggregate, anonymized usage statistics
4.How We Use Your Information
4.1 To Provide and Improve the Service
- Operate, maintain, and improve the Merfi App and device
- Personalize routines and comfort companion responses for your child
- Generate behavioral progress reports for parents (which you may choose to share with your child's care team)
- Provide customer support and respond to inquiries
- Process payments for subscription services
4.2 Research and Analytics
Most program data we hold is pseudonymous — it is stored under an account identifier rather than your child's name. Because we maintain the link between an account and the parent who created it, we can still associate this data with your family, so we treat it as identifiable information and protect it accordingly.
Before we use data for research that we publish or share externally, we aggregate and strip it so it cannot reasonably be used to identify any individual child or family. We use such aggregated, de-identified data for:
- Product development and improvement
- Understanding broad patterns in sensory-support effectiveness
- Publishing aggregate research findings
Any de-identified data we share with third parties or publish will not contain information that identifies your child or your family.
4.3 Communications
- Send you service-related notifications (account updates, security alerts)
- Send you optional newsletters or product updates (you may opt out at any time)
We will never send marketing communications to children.
5.COPPA Compliance — Children's Privacy
Legal Basis
Sensory Solutions complies with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501–6506, and the FTC's COPPA Rule, 16 C.F.R. Part 312. We do not collect personal information from children under 13 without verifiable parental consent.
5.1 Parental Consent Process
Before we collect any personal information about a child under 13, we obtain verifiable parental consent directly from the child's parent or legal guardian. Our consent process includes:
- A parent or legal guardian enrolls and signs our consent form using their own name and email address
- We confirm the consent request through the parent's email
- We verify that the consenting person is an adult (not the child) before activating the account
Where a therapy clinic or school introduces a family to Merfi, the clinic simply refers the parent to us — the parent still contracts and provides consent directly with Sensory Solutions. Clinics do not provide us with information about your child, and clinical staff do not have access to your child's data through the App.
5.2 Parental Rights Under COPPA
As a parent or guardian, you have the right to:
- Review the personal information we have collected about your child
- Request that we delete any or all personal information about your child
- Refuse to permit further collection of your child's information (by deleting your account)
- Consent to collection and use of your child's information without agreeing to disclosure to third parties
To exercise these rights, contact us at JamesSpencer152@gmail.com with the subject line “COPPA Request.” We will respond within 10 business days.
5.3 No Behavioral Advertising to Children
We do not use children's personal information for behavioral advertising, targeted marketing, or any commercial purpose beyond providing and improving the Merfi service.
6.How We Share Information
6.1 Sharing With Your Child's Care Team
You control whether anyone outside your household sees your child's information. Merfi does not give therapists, clinics, or schools direct access to your child's data. If you wish to share a progress report with your child's ABA therapist or care team, you can export or show it to them yourself. We share your child's information with a clinician only at your direction and with your explicit authorization.
6.2 Service Providers
We work with trusted third-party service providers who process data on our behalf. All service providers are contractually required to protect your information and may only use it to provide services to Sensory Solutions. These include:
- Cloud hosting and infrastructure (e.g., Google Cloud / Firebase)
- Payment processors (e.g., Stripe) — we do not store payment card data
- Analytics services (aggregate, de-identified data only)
- Customer support tools
6.3 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of Sensory Solutions, our users, or the public.
6.4 Business Transfers
If Sensory Solutions is involved in a merger, acquisition, or sale, user information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
6.5 We Do Not Sell Children's Data
We do not sell, rent, or trade personal information about children to any third party for any commercial purpose. Period.
7.Data Security
We implement technical and organizational safeguards to protect your information:
- Encryption in transit (TLS 1.2+) for all data transmitted between the App, device, and our servers
- Encryption at rest for all data stored in our databases
- Access controls: only authorized Sensory Solutions personnel with a legitimate business need can access user data
- Regular security assessments and vulnerability testing
- Incident response plan: we will notify affected users within 72 hours of discovering a confirmed data breach
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
8.Data Retention
We retain personal information for as long as necessary to provide our services and comply with legal obligations:
- Account information: retained while your account is active, deleted within 30 days of account closure
- Children's behavioral data: retained for the life of the account; deleted within 30 days of account closure or parental request
- Signed consent forms: retained only as long as needed to document consent, and securely destroyed upon revocation or expiration of consent
- Billing records: retained for 7 years for tax and legal compliance (payment method details are not stored by us)
- De-identified aggregate data: may be retained indefinitely for research and product improvement
9.Your Choices and Controls
9.1 Account and Data Deletion
You may delete your account at any time through the App settings or by emailing JamesSpencer152@gmail.com. Upon account deletion, we will delete or anonymize your personal information within 30 days, except where retention is required by law.
9.2 Marketing Communications
You may opt out of marketing emails at any time by clicking “Unsubscribe” in any marketing email or by contacting us directly.
9.3 Device Permissions
Our App may request access to certain device features (e.g., Bluetooth for device pairing, notifications). You may revoke these permissions at any time through your device settings, though doing so may affect App functionality.
10.Notice Regarding HIPAA
Sensory Solutions is not a Covered Entity under the Health Insurance Portability and Accountability Act (HIPAA), and in our current program we do not act as a HIPAA Business Associate. Merfi is a consumer behavioral-support tool, not a medical device.
We contract directly with parents and guardians, and the therapy clinics that introduce families to Merfi do not share protected health information (PHI) with us or through our platform. As a company that handles children's information outside of HIPAA, we apply strong safeguards and follow applicable federal and state privacy and breach-notification requirements, including COPPA.
11.California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: request disclosure of personal information we have collected about you
- Right to Delete: request deletion of your personal information
- Right to Correct: request correction of inaccurate personal information
- Right to Opt-Out: we do not sell personal information, so no opt-out is required
- Right to Non-Discrimination: we will not discriminate against you for exercising your rights
To exercise California privacy rights, contact us at JamesSpencer152@gmail.com with the subject line “CCPA Request.”
12.User Feedback, Suggestions, and Data Ownership
12.1 Assignment of Feedback and Suggestions
If you provide us with any suggestions, ideas, feedback, recommendations, bug reports, enhancement requests, or other input regarding the App, device, or Services (collectively, “Feedback”), you hereby irrevocably assign to Sensory Solutions, LLC all right, title, and interest throughout the world in and to such Feedback, including all intellectual property rights therein. This assignment is effective immediately upon submission. We may use, incorporate, modify, publish, and commercialize Feedback without restriction, compensation, or obligation to you. We have no obligation to implement any Feedback or to attribute it to you as its source.
12.2 Ownership of Collected Data
As between you and Sensory Solutions, LLC, we exclusively own all right, title, and interest in and to all data collected through the App and Services, including behavioral and sensor data, device usage data, survey responses, report data, and aggregate or de-identified analytics derived from use of the App. This ownership applies to data collected during any pilot program and on an ongoing basis, and survives termination of your account. We collect and use this data as described in Sections 3, 4, and 6 of this Privacy Policy. We will handle all personal information, including information about children, in accordance with COPPA and other applicable law as described herein.
12.3 Survey and Report Data
All data collected through surveys, questionnaires, assessments, or feedback instruments administered through the App or by Sensory Solutions (whether in-App, via email, or in connection with a pilot or research program) is owned exclusively by Sensory Solutions, LLC. By submitting survey responses or completing assessment instruments, you irrevocably assign to us all rights in and to such data. We may use, analyze, publish, and commercialize survey and report data in de-identified or aggregate form in accordance with applicable law.
12.4 Improvements and Derivative Works
Any improvements, modifications, or derivative works of the App or Platform developed by or on behalf of Sensory Solutions, whether or not incorporating Feedback from users, are owned exclusively by Sensory Solutions, LLC. Users do not acquire any ownership, license, or rights in improvements to the App arising from their participation or Feedback.
13.Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Sending an email to the address associated with your account
- Displaying a prominent notice in the App
For changes affecting how we collect or use children's personal information, we will obtain fresh parental consent before the new practices take effect. Continued use of the App after notice of changes constitutes acceptance of the updated Policy.
14.Contact Us
For questions, requests, or concerns about this Privacy Policy or our data practices, contact:
| Privacy Officer | COPPA / Data Requests |
|---|---|
| James Spencer Sensory Solutions LLC JamesSpencer152@gmail.com Response time: 10 business days |
Email subject “COPPA Request” for parent/child data requests Email subject “CCPA Request” for California resident requests |
Sensory Solutions LLC · Privacy Policy · Version 1.1 · Effective July 2026.
This document is pending review by qualified legal counsel before public posting.