1. Introduction
Mercato Agency ("Company", "we", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot solution for e-commerce (the "Service").
The Service includes integrated virtual try-on (AR), personalized product recommendations, 24/7 customer support chatbot, and analytics dashboards.
Effective for: All clients worldwide
2. Information We Collect
2.1 Information You Directly Provide
When you sign a service contract, we collect:
- Legal business name, contact person, email, phone number
- Your e-commerce platform details (Shopify, WooCommerce, etc.)
- Product catalog data (SKUs, descriptions, images, pricing)
- Historical sales data and transaction information
- Google Analytics and CRM credentials (HubSpot, Salesforce, etc.)
- Billing information (PayPal account linked to contract)
2.2 Information Collected from End-Users
When your customers use the chatbot on your website:
- Chat conversation logs and product interaction data
- Metadata: IP address, browser type, device, timestamps
- For virtual try-on: Customer-uploaded photos (temporarily)
- Skin tone/body type inferences from AR processing (temporary)
- Customer preferences and browsing behavior
2.3 Automatically Collected Data
- API call logs and performance metrics
- Chatbot engagement analytics
- Conversion attribution data
- Error logs and crash reports
3. Virtual Try-On Photo Policy
CRITICAL INFORMATION
Photo Storage Policy
Customer-uploaded photos for virtual try-on are NOT retained by Mercato after the AR processing session ends.
Processing Flow:
- 1Customer uploads photo in chatbot
- 2Gemini Flash API processes photo for AR overlay (real-time)
- 3Photo is deleted from processing pipeline immediately after overlay generation
- 4Only the overlay result (product visualization) is cached temporarily for session
- 5No photo copy stored on Mercato servers, AWS, or third-party systems
Third-Party Processors
Photos are processed by Google Gemini API per Google's terms. Mercato has zero control over Google's retention after transmission.
4. How We Use Your Information
4.1 Service Delivery
- Powering the chatbot, recommendations, and AR try-on
- Generating analytics and performance dashboards
- Optimizing AI models for your specific product catalog
- Customer support and troubleshooting
4.2 Performance Improvement
- Measuring conversion lift and ROI attribution
- Continuous model tuning and A/B testing
- Identifying product trends and customer preferences
4.3 Billing & Legal Compliance
- Processing PayPal payments
- Tax compliance reporting (Indian GST, international VAT)
- Contract performance monitoring
- Legal obligation fulfillment
4.4 Marketing (Opt-In Only)
- Case study development (with your written consent)
- Product improvement research
- Aggregate, anonymized benchmarking
5. Data Retention
(deleted after)
(deleted immediately after session)
(available for client review)
(legal requirement)
Upon Contract Cancellation
All customer data is permanently deleted within 30 days, except:
- Anonymized aggregate analytics (retained for benchmarking)
- Billing/tax records (retained per legal requirement)
6. Data Sharing & Disclosure
❌6.1 We Do NOT Share Your Data With
- ×Third-party marketers or advertisers
- ×Competitors or industry consultants
- ×Data brokers or analytics firms
- ×Any external party without written consent
✓6.2 We DO Share Data With
- Your e-commerce platform (Shopify, WooCommerce)Product catalog, sales attribution
- Your CRM system (HubSpot, Salesforce)Customer interaction data (Enterprise only)
- Your analytics tool (Google Analytics)Conversion event data
- Payment processor (PayPal)Billing information only
- Cloud infrastructure (AWS, Azure, Vercel)Encrypted data storage
- LLM providers (OpenAI, Google, Anthropic)Chat logs for model improvement (anonymized)
6.3 Legal Disclosure
We may disclose information if required by:
- Indian law enforcement (court orders, subpoenas)
- Protection of rights, privacy, safety, or property
7. International Data Transfers
Your data may be processed in:
Important: By using Mercato, you consent to cross-border data transfers.
8. Your Data Rights
📋8.1 Access
You have the right to request all personal data we hold about you. We will provide it in CSV format within 15 business days.
✏️8.2 Correction
You may request correction of inaccurate data. We will update records within 7 business days.
🗑️8.3 Deletion (Right to Be Forgotten)
You may request deletion of your data. We will delete within 30 days, except for legally required retention (billing records, tax compliance).
🚫8.4 Objection & Opt-Out
- Opt out of marketing communications anytime (link in every email)
- Opt out of LLM model training (your data will not be used by OpenAI/Anthropic)
- Opt out of case study/research use (written consent required)
📧8.5 How to Exercise Rights
Email: contact@mercato.agency | Response time: 15 business days
9. Security Measures
Encryption
AES-256 encryption for data at rest; TLS 1.2+ for data in transit
Access Control
Role-based access; multi-factor authentication for admin accounts
Audit Logs
All data access logged and monitored
Regular Audits
Annual third-party security audits
Incident Response
Breach notification within 24 hours (where legally required)
Backup
Daily encrypted backups; disaster recovery tested quarterly
10. Third-Party Links & Services
Our Service integrates with third-party platforms (Shopify, Google Analytics, etc.). This Privacy Policy applies only to Mercato. We are not responsible for third-party privacy practices. Review their policies independently.
11. Children's Privacy
The Service is not directed to anyone under 18. We do not knowingly collect data from minors. If we learn we have collected data from a minor, we will delete it immediately.