Legal

Privacy Policy

Last updated: January 15, 2025

Mercately, Inc. ("Mercately," "we," "us," or "our") is committed to protecting the privacy of individuals who visit our website at mercateliy.com (the "Site"), use our e-commerce marketing platform (the "Platform"), and interact with our services (collectively, the "Services"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, who we share it with, and the rights you have with respect to your personal data. Please read this policy carefully before using our Services.

By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services. We are headquartered at 1000 Brickell Avenue, Suite 715, Miami, FL 33131, United States.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us when you register for an account, complete a form on our Site, request a product demonstration, subscribe to our marketing communications, contact our customer support team, or otherwise communicate with us. This information may include:

  • Identity data: your first and last name, company name, job title, and professional role.
  • Contact data: your email address, telephone number, and postal address.
  • Account credentials: your username and password (stored in hashed, encrypted form).
  • Payment data: billing address, payment method type, and partial card details processed through our payment processor, Stripe. We do not store full card numbers on our servers.
  • Communications data: the content of any messages you send to us, including support tickets, feedback forms, and email correspondence.
  • Preference data: your marketing and communication preferences, notification settings, and platform configuration choices.

1.2 Information Collected Automatically

When you access the Site or use the Platform, we automatically collect certain technical and behavioral information, including:

  • Log data: your IP address, browser type and version, operating system, referring URLs, pages visited, time and date of visits, and the duration of each session.
  • Device data: information about the device you use to access our Services, including device type, hardware model, operating system version, and unique device identifiers.
  • Usage data: information about how you interact with the Platform, including features accessed, campaigns created, workflows triggered, reports viewed, and actions taken within your account.
  • Cookie and tracking data: we use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing behavior. See Section 5 and our Cookie Policy for full details.
  • Location data: approximate geographic location based on IP address. We do not collect precise GPS-level location data unless you explicitly provide it.

1.3 Information from Third Parties

We may receive personal data about you from third-party sources, including:

  • E-commerce platform integrations: when you connect your Shopify, WooCommerce, or other e-commerce store to our Platform, we receive customer and order data from your store as necessary to provide the marketing automation and analytics services you have contracted for. This data is processed on your behalf as a data processor under your instructions.
  • Third-party authentication providers: if you choose to sign in using Google OAuth or another single sign-on provider, we receive your name and email address from that provider.
  • Business partners and resellers: we may receive contact and company information from our authorized resellers and integration partners for the purpose of fulfilling contracted services.
  • Publicly available sources: we may supplement your information with data from publicly available sources such as LinkedIn or company websites to better understand your professional context and tailor our services accordingly.

2. How We Use Your Information

We use the personal data we collect for the following purposes:

2.1 Providing and Operating the Services

  • To create, maintain, and manage your Mercately account.
  • To process your subscription payments and send invoices and receipts.
  • To deliver the marketing automation, email, SMS, and analytics features you have subscribed to.
  • To process and fulfill the customer data you upload to the Platform to run your marketing campaigns.
  • To communicate with you about your account, including service updates, security alerts, and policy changes.
  • To provide customer support and respond to your inquiries, technical issues, and requests.

2.2 Improving and Developing the Services

  • To analyze how our Services are used and identify opportunities to improve functionality, user experience, and performance.
  • To conduct internal research and development to build new features and improve our AI and machine learning models.
  • To monitor system performance, detect errors, and maintain the security and integrity of our infrastructure.
  • To perform data analytics and statistical analysis using aggregated, anonymized data about platform usage patterns.

2.3 Marketing and Communications

  • To send you marketing communications about Mercately products, features, events, and resources, where you have given us permission to do so or where we have a legitimate interest in contacting you about our services.
  • To personalize the content and offers we present to you based on your behavior, account activity, and preferences.
  • To measure the effectiveness of our marketing campaigns and optimize our outreach programs.
  • You may opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at privacy@mercately.com.

2.4 Legal and Compliance

  • To comply with applicable laws, regulations, legal processes, and governmental requests.
  • To enforce our Terms of Service and other agreements.
  • To protect the rights, property, and safety of Mercately, our customers, and the public.
  • To detect, investigate, and prevent fraudulent transactions, abuse of our Services, and other unauthorized activities.

3. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or another jurisdiction that applies the General Data Protection Regulation (GDPR) or equivalent privacy legislation, we process your personal data under the following legal bases:

  • Contractual necessity: processing necessary to perform the contract we have with you or to take steps at your request before entering into a contract (e.g., operating your account, delivering paid services).
  • Legitimate interests: processing necessary for our legitimate business interests, where those interests are not overridden by your rights and interests (e.g., fraud prevention, improving our services, direct marketing to existing customers).
  • Legal obligation: processing necessary to comply with a legal obligation to which we are subject.
  • Consent: where you have given clear and informed consent to specific processing activities (e.g., subscribing to our marketing newsletter, accepting non-essential cookies).

4. Sharing Your Information

We do not sell your personal data to third parties. We share personal data only in the limited circumstances described below:

4.1 Service Providers

We share personal data with carefully selected third-party service providers who process data on our behalf to help us deliver the Services. These providers are contractually required to process data only as directed by us and to maintain appropriate security measures. Our key service providers include:

  • Stripe: payment processing.
  • Amazon Web Services (AWS): cloud infrastructure and data storage, hosted in the United States.
  • Twilio/SendGrid: email and SMS delivery infrastructure.
  • Google Analytics and Google Ads: website analytics and advertising performance measurement.
  • Intercom: customer support and in-app messaging.
  • HubSpot: CRM and marketing operations for our own sales and marketing functions.

4.2 Business Transfers

If Mercately is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our Site of any change in ownership and your choices regarding your personal data.

4.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or if we believe such disclosure is necessary to comply with applicable law, protect our rights, or protect the safety of our users or the public.

4.4 With Your Consent

We may share your personal data with third parties for purposes not described in this policy with your explicit prior consent.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our Services. Cookies are small text files stored on your device that allow us to recognize your browser, remember your preferences, and understand how you interact with our Site. We use the following types of cookies:

  • Strictly necessary cookies: required for the operation of our Site and Platform. These cannot be disabled because the Services would not function without them.
  • Performance and analytics cookies: collect anonymized information about how visitors use our Site to help us improve user experience and Site performance (e.g., Google Analytics).
  • Functional cookies: remember your preferences and settings to provide a more personalized experience (e.g., language preference, session state).
  • Marketing and targeting cookies: used to deliver advertisements relevant to your interests and to measure the effectiveness of our advertising campaigns (e.g., Meta Pixel, Google Ads conversion tracking).

You can manage your cookie preferences through our cookie consent banner or through your browser settings. Please see our Cookie Policy for complete details on the cookies we use and how to control them.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

  • Account data is retained for the duration of your subscription and for 3 years following account closure, to comply with our legal obligations and resolve any disputes.
  • Transaction and billing records are retained for 7 years to comply with financial and tax record-keeping requirements.
  • Customer support communications are retained for 3 years after the ticket is resolved.
  • Marketing interaction data (email opens, clicks, campaign responses) is retained for 2 years or until you unsubscribe, whichever comes first.
  • Website analytics data is retained in anonymized or aggregated form indefinitely for research and development purposes.

When we no longer have a legitimate reason to retain your personal data, we securely delete or anonymize it in accordance with our data disposal procedures.

7. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Right of access: you may request a copy of the personal data we hold about you.
  • Right to rectification: you may request that we correct inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): you may request that we delete your personal data, subject to certain legal exceptions.
  • Right to data portability: you may request that we provide your personal data in a structured, machine-readable format for transfer to another service provider.
  • Right to restrict processing: you may request that we limit how we use your personal data in certain circumstances.
  • Right to object: you may object to our processing of your personal data where we rely on legitimate interests as the legal basis, or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing before the withdrawal.
  • Rights under CCPA (California residents): California residents have the right to know what personal information is collected, the right to know whether personal information is sold or disclosed and to whom, the right to opt out of the sale of personal information, and the right to non-discrimination for exercising these rights. We do not sell personal information as defined under CCPA.

To exercise any of these rights, please contact us at privacy@mercately.com. We will respond to all verifiable requests within 30 days. We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption of data in transit using TLS 1.2 or higher on all connections to our Services.
  • Encryption of sensitive data at rest using AES-256 encryption.
  • Role-based access controls limiting employee access to personal data on a need-to-know basis.
  • Regular security assessments, penetration testing, and vulnerability scanning of our infrastructure.
  • SOC 2 Type II compliance for our cloud infrastructure and data handling practices.
  • Comprehensive incident response procedures for detecting, reporting, and remediating security incidents.

Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately at security@mercately.com.

9. International Data Transfers

Mercately is headquartered in the United States and processes data on servers located in the United States. If you are accessing our Services from outside the United States, please be aware that your personal data will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

For transfers of personal data from the EEA or the United Kingdom to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the appropriate safeguard. A copy of our SCCs is available upon request to privacy@mercately.com.

10. Children's Privacy

Our Services are not directed to children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that information as quickly as possible. If you believe we may have collected data from a child under 16, please contact us at privacy@mercately.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the features of our Services. When we make material changes, we will notify you by email (at the address associated with your account) and by posting a notice on our Site at least 14 days before the changes take effect. We encourage you to review this policy periodically. Your continued use of the Services after the effective date of any update constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team:

  • Email: privacy@mercately.com
  • Mail: Mercately, Inc., Attn: Privacy Team, 1000 Brickell Avenue, Suite 715, Miami, FL 33131, United States
  • Data Protection Officer: dpo@mercately.com (for EEA/UK-related inquiries)

If you are located in the EEA and are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with your local data protection supervisory authority.

See also: Terms of Service | Cookie Policy