Privacy Policy

Last updated: March 11, 2026

This Privacy Policy describes how Nordeast Productions LLC DBA Melvo ("Melvo," "we," "us," or "our") collects, uses, and shares information in connection with melvo.io, app.melvo.io, and all related services (collectively, the "Platform").

Melvo is a B2B platform used by businesses to communicate with their own customers. Melvo does not directly market to consumers. This policy covers three distinct categories of data subjects: Melvo Users (subscribing businesses), End Customers (customers of those businesses), and Visitors to our website.

Questions: hello@melvo.io

1. Data We Collect — Melvo Users (Businesses)

These are our direct customers — the businesses that subscribe to and use the Platform. We collect the following information from Melvo Users:

Information You Provide

• Business name, contact name, email address, and phone number
• Payment information — processed securely through Stripe; Melvo does not store full card details
• Review platform URLs (Google, Yelp, Facebook, TripAdvisor, BBB, Angi)
• Business onboarding details (industry, tone preferences, messaging preferences)
• Customer contact lists you upload (names, phone numbers, email addresses of your customers)
• Custom message templates you create or approve

Information We Collect Automatically

• Log data including IP address, browser type, pages visited, and time spent on the Platform
• Device information including operating system and device type
• Usage data including features used, message delivery rates, and platform activity

2. Data We Process — End Customers of Businesses

Businesses using Melvo may transmit the phone numbers, names, email addresses, and review responses of their own customers through the Platform. Melvo processes this information solely on behalf of the subscribing business and does not use it for independent marketing purposes.

In this relationship, the subscribing business is the data controller and Melvo is the data processor. The subscribing business is solely responsible for obtaining proper consent from their customers before transmitting contact information to Melvo, and for complying with all applicable privacy laws governing their customer relationships.

Melvo does not sell, rent, or share end customer data with third parties for marketing purposes. End customer data is used only to deliver messages on behalf of the subscribing business and to maintain platform operational records.

If you are an end customer of a business that uses Melvo and wish to opt out of receiving messages, reply STOP to any SMS message. For data deletion requests, contact the business directly or reach us at hello@melvo.io.

3. Authentication Data

Melvo uses passwordless authentication. Users may sign in via Google OAuth or phone-based one-time passcode (OTP). No passwords are stored by Melvo.

• Google OAuth: When you authenticate using Google, Melvo receives your verified email address and basic profile information as permitted by your Google OAuth consent. This information is used solely to verify your identity and match it to your Melvo account. Melvo requires your Google email to exactly match the email address associated with your paid account.
• Phone OTP: When you authenticate via phone, Melvo transmits a one-time verification code via SMS to the phone number associated with your account. The code is single-use, time-limited, and stored only as a hash — the raw code is never persisted.
• Account claiming: New accounts are activated via a signed, time-limited claim link sent to the email address collected at Stripe checkout. This link is required for first login and serves as the initial proof of account ownership.

Authentication activity may be logged for security and fraud prevention purposes.

4. How We Use Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Platform
• Send automated SMS and email review request messages on behalf of subscribing businesses
• Process payments and manage subscriptions through Stripe
• Authenticate users and secure accounts
• Send service-related communications including receipts, account notices, and support responses
• Generate message templates using AI on behalf of businesses during onboarding
• Monitor platform usage to detect abuse, fraud, or policy violations
• Comply with legal obligations

Melvo does not use your data or your customers' data for advertising, third-party marketing, or any purpose not directly related to delivering the Platform services.

5. SMS and Messaging

Melvo does not send unsolicited SMS messages to consumers. All messages sent through the Platform originate from subscribing businesses to their own customers who have provided consent directly to that business. Melvo requires businesses to comply with applicable messaging laws including the TCPA and all carrier requirements.

• Consent: The subscribing business is solely responsible for obtaining prior express written consent from their customers before submitting contact data to Melvo. Required consent language is specified in our Terms of Service, Section 2. Melvo processes this data on behalf of the business and does not independently verify consent.
• Send windows: Messages are sent only between 8:00am and 9:00pm in the recipient's local time zone, in compliance with TCPA guidelines.
• Opt-out: Reply STOP to any SMS to opt out immediately. Accepted keywords: STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT. Opt-out requests are processed immediately — no further messages will be sent to that number from that business.
• Help: Reply HELP for assistance, or contact hello@melvo.io.
• Message frequency: Frequency varies by business. Recipients may receive up to 2 messages per visit (one SMS, one email).
• Message and data rates: Standard rates may apply depending on your mobile carrier plan.
• No third-party marketing: Phone numbers collected through the Platform are not shared with third parties for their own marketing purposes.
• Communication records: Message logs and delivery records may be retained for operational, compliance, and dispute resolution purposes.

6. How We Share Information

We do not sell your personal information. We may share information in the following circumstances:

• Service providers: We share information with third-party vendors necessary to operate the Platform. These providers are contractually bound to protect your information and use it only for the purposes we specify.
• Review platforms: We direct end customers to Google, Yelp, Facebook, TripAdvisor, BBB, and Angi via links included in messages. We do not share personal data with these platforms directly.
• Legal requirements: We may disclose information if required by law, court order, or valid governmental authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.
• Protection of rights: We may disclose information where we believe it is necessary to prevent fraud, enforce our Terms, or protect the safety of our users or the public.

7. Third-Party Service Providers

Melvo uses the following trusted third-party service providers to operate the Platform. Each processes data only as necessary to deliver their respective services:

• Stripe — payment processing and subscription management. Privacy Policy
• Supabase — authentication infrastructure and database storage. Privacy Policy
• Twilio — SMS message delivery. Privacy Policy
• SendGrid (Twilio) — transactional email delivery. Privacy Policy
• Google OAuth — user authentication via Google accounts. Privacy Policy
• Anthropic (Claude API) — AI-powered message template generation during onboarding. Privacy Policy

This list reflects current providers and may be updated as the Platform evolves. We will update this policy accordingly.

8. Data Retention

• Account data: Retained for as long as your account is active. Upon cancellation, account data is retained for up to 90 days before deletion, unless a shorter period is requested.
• End customer contact data: Retained for the duration of your subscription and deleted within 30 days of account cancellation upon written request to hello@melvo.io.
• Message and communication records: Retained for up to 12 months for operational, compliance, and dispute resolution purposes.
• Authentication logs: Retained for up to 90 days for security and fraud prevention purposes.
• Payment records: Retained as required by applicable financial and tax regulations.

9. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) for all data transmitted to and from the Platform
• Encryption at rest for stored data
• Hashed storage of authentication tokens — raw OTP codes are never persisted
• Access controls limiting internal access to customer data on a need-to-know basis
• Regular security reviews of our infrastructure and third-party providers

No method of transmission over the internet or electronic storage is 100% secure. While we take security seriously, we cannot guarantee absolute security against all threats.

10. Your Rights

Depending on your location, you may have rights regarding your personal information, including:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information, subject to legal retention requirements
• Portability: Request your data in a portable, machine-readable format
• Opt-out of SMS: Reply STOP to any message at any time — honored immediately

To exercise any of these rights, contact us at hello@melvo.io. We will respond within a reasonable timeframe consistent with applicable law.

If you are an end customer of a business using Melvo and wish to have your data removed, please contact the business directly. You may also contact us at hello@melvo.io and we will work with the subscribing business to fulfill your request.

11. Children's Privacy

The Platform is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at hello@melvo.io and we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: hello@melvo.io
• Mail: Nordeast Productions LLC DBA Melvo, 3556 Cleveland St NE, Minneapolis, MN 55418