Privacy policy

Last updated: May 2026
At Merrymake ApS, we develop foundational AI models with a focus on privacy by design. We only collect the personal data that is strictly necessary to run our business. This Privacy Policy explains how we handle personal data when you visit our website, contact us, or interact with us. We process all personal data in accordance with the General Data Protection Regulation (GDPR) and the Danish Data Protection Act.

Data controller information

Merrymake ApS is the data controller for the processing of your personal data.
  • Company Name: Merrymake ApS
  • CVR Number: 42411507
  • Legal Address: Trankær Mosevej 30, 8310 Tranbjerg J, Denmark
  • Office Address: Gudrunsvej 78, 3. sal, 8220 Brabrand, Denmark
  • Contact Email: hey@merrymake.eu

How we collect and process personal data

We only collect personal data when it is strictly necessary. We process data in the following scenarios:
When you visit our website
We prioritize your privacy when you browse our site. We use a privacy-focused analytics tool called Umami to understand how visitors interact with our website. To protect your privacy, this tool operates strictly without collecting any personally identifiable information (PII): it does not use cookies, device fingerprinting, tracking pixels, persistent identifiers, or any other intrusive technology to uniquely identify you or track your behavior across different websites and devices. All data collected (such as simple page views, referral sources, or general device types) is completely and instantly anonymized. Additionally, our website is hosted by Webflow. Webflow temporarily logs IP addresses and basic browser metadata when you request to view our site.
  • Purpose: To maintain, secure, and improve our website's user experience (via Umami), and to ensure server security, prevent DDoS attacks, and diagnose technical crashes (via Webflow logs).
  • Legal Basis: Article 6(1)(f) of the GDPR (Legitimate Interest). Our legitimate interest is improving our website's user experience and maintaining the security and functionality of our infrastructure.
When you contact us
When you reach out to us—whether via email, phone, messaging platforms, or other channels—we process the information you voluntarily provide (such as your name, contact details, and the content of your message) alongside basic metadata associated with the communication (such as phone numbers in call logs).
  • Purpose: To respond to your inquiry and communicate with you effectively.
  • Legal Basis: Article 6(1)(f) of the GDPR (Legitimate Interest) for general inquiries, or Article 6(1)(b) (Performance of a Contract) if your inquiry relates to entering into a business agreement with us.
Media and Public Relations
We maintain a list of contact details for journalists and news media professionals to share relevant updates about our foundational AI models and think-tank activities.
  • Purpose: Public relations and corporate communication.
  • Legal Basis: Article 6(1)(f) of the GDPR (Legitimate Interest). Our legitimate interest is communicating our company's developments, expert insights, and policy analyses to relevant media professionals.
AI model training
As a company building foundational AI models, we prioritize privacy by design. We train our models using established, publicly available datasets (such as the Nemotron-SFT-Math-v3 dataset). While these datasets focus strictly on mathematical problem-solving, they may contain incidental personal data, such as the usernames of the original authors, which we retain to comply with open-source attribution requirements (e.g., CC BY 4.0 and CC BY-SA 4.0).
  • Purpose: To train, test, and develop foundational AI models, and to comply with intellectual property licensing requirements.
  • Legal Basis: Article 6(1)(f) of the GDPR (Legitimate Interest). Our legitimate interest is conducting AI research and development using publicly available academic and forum data, while respecting open-source attribution obligations.

Data retention

We strictly adhere to the principle of storage limitation and only keep your data for as long as necessary:
  • General Inquiries: Communications (whether via email, Discord, or text) and contact information are deleted immediately once the inquiry has been resolved. Data is only retained if the communication leads to an ongoing professional relationship (e.g., as a customer, supplier, or partner).
  • Media Contacts: Journalist contact information is kept for as long as the individual continues to cover our sector. We actively review and clean this media list every two years.
  • Server Logs: IP addresses logged for security purposes by Webflow are automatically overwritten or deleted in accordance with their standard security retention schedules.
  • Website Analytics: Because Umami instantly anonymizes visitor data, no personal data is retained from your browsing sessions.

Third-party data processors

We do not sell, rent, or share your personal data with third parties for marketing purposes. However, we use trusted service providers to run our business. We have Data Processing Agreements (DPAs) in place with these providers to ensure your data is protected:
  • Google Workspace: We use Google Workspace for Business to manage our company emails.
  • Discord: We use Discord for communication, which temporarily hosts the messages you send to us on that platform.
  • Webflow: Hosts our website securely and logs basic server requests to prevent downtime and malicious attacks.
  • Umami: Used to securely and anonymously process aggregated website statistics without tracking personal data.

Your rights under GDPR

Under the GDPR, you have several rights regarding your personal data:
  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data under certain conditions.
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data.
  • Right to Object: You can object to our processing of your data, particularly regarding legitimate interests.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format.

To exercise any of these rights, please contact us at hey@merrymake.eu. We will respond to your request within 30 days.

Complaints

If you believe that we are processing your personal data in violation of the GDPR or the Danish Data Protection Act, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet):

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Website: www.datatilsynet.dk
Email: dt@datatilsynet.dk