Privacy Policy

Mercata AI ("Mercata," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use the Mercata platform, including our website, APIs, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

Account Information

When you create an account, we collect information necessary to provision and manage your access to the Service:

• Name, email address, and organization name
• Billing information (processed and stored by Stripe; we do not store full payment card details)
• Role within your organization (e.g., administrator, team member)

Usage Data

We automatically collect certain information when you interact with the Service:

• Supplier search queries and filter selections
• Features accessed, pages viewed, and actions taken within the platform
• Device type, browser type, IP address, and general location (country/region)
• Timestamps of access and session duration

Supplier Search Queries

When you use our AI-powered supplier discovery features, the natural-language queries you submit are processed to return relevant results. We retain query data in association with your organization account to improve search relevance and deliver analytics on your sourcing activity.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and operate the Service -- delivering supplier search results, maintaining your account, and processing billing
• Improve search quality -- analyzing query patterns in aggregate to refine our AI matching algorithms and data coverage
• Analytics and reporting -- generating usage metrics for your organization's dashboard and for our internal product development
• Security and fraud prevention -- detecting unauthorized access, abuse, or anomalous activity
• Communications -- sending transactional emails (account confirmation, billing receipts) and, with your consent, product updates
• Legal compliance -- fulfilling our obligations under applicable law

3. Data Sharing

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We share data only with the following categories of service providers, and only to the extent necessary to operate the Service:

• Stripe -- payment processing and subscription billing. Stripe receives your billing details under their own Privacy Policy.
• Anthropic -- AI inference for natural-language supplier search. Query text is transmitted to Anthropic's API for processing. Anthropic does not use your queries to train models. See Anthropic's Privacy Policy.
• Infrastructure providers -- cloud hosting and database services used to run the platform, bound by data processing agreements

We may also disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Mercata, our users, or the public.

4. Data Security

We implement industry-standard technical and organizational measures to protect your data:

• Encryption -- all data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Authentication -- access is secured via JWT-based authentication with short-lived access tokens
• Organization-level isolation -- each customer organization's data is logically isolated; users within one organization cannot access another organization's queries, shortlists, or account details
• Access controls -- internal access to production systems is restricted to authorized personnel on a need-to-know basis
• Monitoring -- we maintain logging and monitoring to detect and respond to security incidents

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account data -- retained for the lifetime of your account, plus 30 days after account deletion to allow for recovery
• Search queries and usage logs -- retained for up to 24 months for analytics and product improvement, then anonymized or deleted
• Billing records -- retained as required by applicable tax and financial regulations (typically 7 years)

When data is no longer required, it is securely deleted or anonymized so that it can no longer be associated with you.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access -- request a copy of the personal data we hold about you
• Correction -- request that we correct inaccurate or incomplete data
• Deletion -- request that we delete your personal data, subject to legal retention requirements
• Export -- request a machine-readable export of your data (including search history and supplier shortlists)
• Objection -- object to certain processing activities, including direct marketing
• Restriction -- request that we limit processing of your data under certain circumstances

To exercise any of these rights, contact us at privacy@mercataai.com. We will respond to verified requests within 30 days.

7. Cookies

Mercata uses a minimal set of cookies, limited to what is necessary for the Service to function:

• Authentication tokens -- stored in local storage to maintain your session. These are not tracking cookies and are not shared with third parties.
• Essential preferences -- such as display settings or dismissed notices

We do not use third-party advertising cookies or cross-site tracking technologies. No data is shared with ad networks.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page and updating the effective date above. For significant changes, we may also notify you by email.

We encourage you to review this page periodically to stay informed about how we protect your data.

9. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, please contact us:

• Email: privacy@mercataai.com
• Website: MercataAI.com