Merto Privacy Policy

Last updated: June 14, 2026

Merto is a white-label checkout platform operated by Pepesto Solutions GmbH (“we”, “us”, “our”). Merto helps users check out a meal plan, shopping list, or cart that was planned in another app from a supported supermarket. Merto provides checkout functionality only; it does not provide meal planning or recipe planning functionality.

This page explains how we collect, use, and handle data when you use Merto (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

Information Collection and Use

We collect and process data only as needed to provide and improve the checkout functionality of the Service.

Types of Data Collected

Checkout Data

Merto may receive meal plan, shopping list, cart, supermarket, and delivery-related information from the app or service that initiated the checkout flow. This information is used to prepare and operate the supermarket checkout session.

Personal Data

Depending on the checkout flow and supermarket requirements, you may provide information such as your name, email address, telephone number, delivery address, billing address, supermarket account details, payment-related checkout inputs, and other information needed to complete an order. Some of this information may be entered directly into the supermarket website during checkout.

Usage Data

When you access the Service, we may collect certain technical information automatically, including device type, browser type, operating system, IP address, unique device identifiers, and diagnostic data (“Usage Data”).

Checkout Session Screenshots and Execution Results

During checkout, Merto extracts screenshots and JavaScript execution results from the active checkout session. These screenshots and execution results may show the current state of the supermarket checkout page, including visible cart, delivery, login, payment, or order-review steps.

These screenshots and JavaScript execution results are used only as transient input to our AI system for the active checkout session. The AI uses them to analyze the current checkout state, understand what is shown on the supermarket website, and determine the next steps needed to continue the checkout flow.

Merto does not store these screenshots or JavaScript execution results on the server. Merto does not share them with third-party websites, apps, or other backends. They are discarded immediately after they have been processed for the active checkout step, without persistence.

Use of Data

Merto uses data for the following purposes:

• To provide and maintain the Service
• To operate the supermarket checkout flow requested by the user
• To analyze the state of an active checkout session and determine the next checkout steps
• To provide customer care and support
• To monitor usage of the Service
• To detect, prevent, and address technical issues
• To improve reliability, compatibility, and performance of the Service

Data Sharing

Merto does not sell personal data. Merto does not share transient checkout screenshots or JavaScript execution results with third-party websites, apps, or other backends.

Information that you choose to submit during checkout may be sent to the relevant supermarket website as part of completing the checkout process. The supermarket’s own privacy policy applies to information submitted to that supermarket.

Data Retention

Transient checkout screenshots and JavaScript execution results are not retained. They are discarded immediately after processing for the active checkout step.

Other data is retained only for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and support account or customer service requests.

Deletion of Data

You may request deletion of data associated with your use of Merto by contacting us at support@pepesto.com. We will process deletion requests in accordance with applicable law and any legal or operational retention requirements.

Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction.

Security of Data

The security of your data is important to us. However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security.

GDPR Compliance

We are committed to complying with the General Data Protection Regulation (GDPR) for the protection of personal data of individuals in the European Union (EU) and European Economic Area (EEA). This means that we follow GDPR principles for the collection, processing, and storage of personal data, and respect your applicable rights.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email.