Effective Date: October 28, 2025 | Mercatiq Inc.

This Privacy Policy describes how Mercatiq ("we," "us," "our") collects, uses, and protects your information when you use our platform and services. By using our Services, you agree to this policy.

1. Information We Collect

Information You Provide: Name, email, phone, company details, messages, and support requests.

Automatic Collection: IP address, device type, browser information, usage data (pages visited, features used, searches), cookies, and analytics data.

Third Parties: Data from Google/Microsoft/LinkedIn sign-in, and business intelligence sources for B2B users.

2. How We Use Your Information

Service Delivery: Account management, providing comparison tools, customer support, and platform functionality.

Improvement & Analytics: Analyzing usage patterns, developing features, A/B testing, fixing bugs, and generating aggregated statistics.

Marketing: Sending promotional emails (opt-out anytime), personalized recommendations, surveys, and educational content.

Legal & Security: Preventing fraud, complying with legal obligations, enforcing our Terms of Service, and protecting our rights and users' safety.

3. How We Share Your Information

We do not sell your personal data. We share information only with:

Service Providers: Cloud hosting (AWS, Google Cloud), analytics (Google Analytics, Mixpanel), customer support (Featurebase), email services, and CRM (HubSpot). All providers are contractually obligated to protect your data.

Legal Requirements: When required by law, court order, or to protect our legal rights.

Business Transfers: In case of merger, acquisition, or sale of assets (with prior notice to you).

With Your Consent: When you explicitly authorize sharing (e.g., with suppliers, collaborators, or integrations).

Aggregated Data: Anonymized, non-identifiable data for benchmarking and research.

4. Legal Compliance

GDPR (EU/UK): We process data based on consent, contractual necessity, legitimate interests, or legal obligation. You have rights to access, correct, delete, restrict processing, data portability, and object to automated decisions.

CCPA/CPRA (California): You have rights to know what data we collect, delete your data, correct inaccuracies, opt-out of data "sales" (we don't sell), and non-discrimination. We collect identifiers, commercial information, internet activity, geolocation, and inferences.

International Transfers: We use Standard Contractual Clauses (SCCs) approved by the EU Commission for data transfers outside the EEA/UK.

5. Data Security & Retention

Security Measures: Encryption in transit (TLS/SSL) and at rest (AES-256), access controls, multifactor authentication, firewalls, regular security audits, and employee training.

Retention: Active accounts: retained while active. Inactive accounts: deleted or anonymized after 24 months. Financial records: 7 years for legal compliance. Marketing data: until opt-out.

Breach Notification: We will notify you and authorities within 72 hours if a breach affects your personal data.

6. Cookies & Tracking

Essential Cookies: Required for platform functionality (cannot be disabled).

Analytics Cookies: Track usage to improve the platform (Google Analytics, Mixpanel).

Advertising Cookies: Personalize ads and measure marketing effectiveness.

7. Your Privacy Rights All Users:

Access: Request a copy of your data

Correction: Fix inaccurate information

Deletion: Request deletion (subject to legal requirements)

Objection: Stop marketing communications anytime

Portability: Receive your data in machine-readable format

Additional GDPR Rights (EU/UK):

 Restrict processing, withdraw consent, lodge complaints with supervisory authorities, object to automated decisions

California Users (CCPA/CPRA):

 Right to know categories/sources of data, opt-out of "sales" (we don't sell), correct data, limit use of sensitive information

Exercise Your Rights:

Email: privacy@mercatiq.com

Response time: 30 days

8. Children's Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us with data, contact us at privacy@mercatiq.com for immediate deletion.

9. Third-Party Links

Our platform may link to third-party websites or services. We are not responsible for their privacy practices. Review their policies before sharing data. When you connect integrations (Google, Slack, Zapier), their policies apply.

10. Changes to This Policy

We may update this policy to reflect legal changes or business practices. We will notify you via email and platform notice at least 30 days before material changes take effect. Continued use after changes constitutes acceptance.

11. Contact Us

Email: privacy@mercatiq.com

12. State-Specific Disclosures

California Residents: In the last 12 months, we collected identifiers (name, email, IP), commercial info (purchases, comparisons), internet activity (browsing, clicks), geolocation (approximate from IP), and inferences (preferences). We use data for service delivery, operations, analytics, marketing, and security. We share with service providers and legal authorities only. We do NOT sell your personal information. You can opt-out of data "sharing" for advertising via our Do Not Sell link. Sensitive data (login, payment) is used only for service delivery. See Section 5 for retention periods. Authorized agents may submit requests on your behalf with written authorization.

Acknowledgment: By using Mercatiq, you acknowledge reading and agreeing to this Privacy Policy.

If you disagree, discontinue use immediately.