Privacy Policy
Your privacy is our priority. This policy explains how we collect, use, and protect your information.
Table of Contents
1. Introduction
Mercato Agency ("Company", "we", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered chatbot solution for e-commerce (the "Service").
The Service includes integrated virtual try-on (AR), personalized product recommendations, 24/7 customer support chatbot, and analytics dashboards.
Effective for: All clients worldwide
2. Information We Collect
2.1 Information You Directly Provide
When you sign a service contract, we collect:
- •Legal business name, contact person, email, phone number
- •Your e-commerce platform details (Shopify, WooCommerce, etc.)
- •Product catalog data (SKUs, descriptions, images, pricing)
- •Historical sales data and transaction information
- •Google Analytics and CRM credentials (HubSpot, Salesforce, etc.)
- •Billing information (PayPal account linked to contract)
2.2 Information Collected from End-Users
When your customers use the chatbot on your website:
- •Chat conversation logs and product interaction data
- •Metadata: IP address, browser type, device, timestamps
- •For virtual try-on: Customer-uploaded photos (temporarily)
- •Skin tone/body type inferences from AR processing (temporary)
- •Customer preferences and browsing behavior
2.3 Automatically Collected Data
- •API call logs and performance metrics
- •Chatbot engagement analytics
- •Conversion attribution data
- •Error logs and crash reports
3. Virtual Try-On Photo Policy
⚠️ Critical Information
Customer-uploaded photos for virtual try-on are NOT retained by Mercato after the AR processing session ends.
Processing Flow:
- 1Customer uploads photo in chatbot
- 2Gemini Flash API processes photo for AR overlay (real-time)
- 3Photo is deleted from processing pipeline immediately after overlay generation
- 4Only the overlay result (product visualization) is cached temporarily for session
- 5No photo copy stored on Mercato servers, AWS, or third-party systems
Note: Photos are processed by Google Gemini API per Google's terms. Mercato has zero control over Google's retention after transmission.
4. How We Use Your Information
4.1 Service Delivery
- •Powering the chatbot, recommendations, and AR try-on
- •Generating analytics and performance dashboards
- •Optimizing AI models for your specific product catalog
- •Customer support and troubleshooting
4.2 Performance Improvement
- •Measuring conversion lift and ROI attribution
- •Continuous model tuning and A/B testing
- •Identifying product trends and customer preferences
4.3 Billing & Legal Compliance
- •Processing PayPal payments
- •Tax compliance reporting (Indian GST, international VAT)
- •Contract performance monitoring
- •Legal obligation fulfillment
4.4 Marketing (Opt-In Only)
- •Case study development (with your written consent)
- •Product improvement research
- •Aggregate, anonymized benchmarking
5. Data Retention
Upon Contract Cancellation
All customer data is permanently deleted within 30 days, except:
- • Anonymized aggregate analytics (retained for benchmarking)
- • Billing/tax records (retained per legal requirement)
6. Data Sharing & Disclosure
❌ We Do NOT Share With
- • Third-party marketers or advertisers
- • Competitors or industry consultants
- • Data brokers or analytics firms
- • Any external party without written consent
✓ We DO Share With
- • Your e-commerce platform (Shopify, WooCommerce)
- • Your CRM system (HubSpot, Salesforce)
- • Your analytics tool (Google Analytics)
- • Payment processor (PayPal)
- • Cloud infrastructure (AWS, Azure, Vercel)
- • LLM providers (OpenAI, Google, Anthropic)
⚠️ Legal Disclosure
We may disclose information if required by Indian law enforcement (court orders, subpoenas) or for protection of rights, privacy, safety, or property.
7. International Data Transfers
Your data may be processed in:
India
Primary servers
United States
AWS/Azure cloud
EU
GDPR-compliant DC
Other
LLM providers
By using Mercato, you consent to cross-border data transfers.
8. Your Data Rights
Access
Request all personal data we hold. Provided in CSV format within 15 business days.
Correction
Request correction of inaccurate data. Updated within 7 business days.
Deletion
Request deletion within 30 days, except legally required retention.
Opt-Out
Opt out of marketing, LLM model training, or case study/research use.
To exercise rights: Email contact@mercato.agency • Response time: 15 business days
9. Security Measures
Encryption
AES-256 at rest; TLS 1.2+ in transit
Access Control
Role-based access; MFA for admins
Audit Logs
All data access logged and monitored
Regular Audits
Annual third-party security audits
Incident Response
Breach notification within 24 hours
Backup
Daily encrypted backups; DR tested quarterly
10. Third-Party Links & Services
Our Service integrates with third-party platforms (Shopify, Google Analytics, etc.). This Privacy Policy applies only to Mercato. We are not responsible for third-party privacy practices. Review their policies independently.
11. Children's Privacy
The Service is not directed to anyone under 18. We do not knowingly collect data from minors. If we learn we have collected data from a minor, we will delete it immediately.
12. Contact Us
For privacy inquiries or to exercise your data rights, please contact us:
⏱️Response time: 15 business days
Ready to Elevate Your
Fashion Experience?
Transform Your E-Commerce Into a Personalized Styling Journey—All Within Minutes. Start for Free.
Get Started