MerchGuard

MerchGuard / Legal

Privacy Policy

Effective 2026-04-25

1. Who we are

MerchGuard ("we") is the data controller for personal data processed through this Service. Contact: hello@merchguard.app.

2. What we collect

  • Account data: email, Clerk-issued user ID, plan tier, sign-up timestamp.
  • Listing content: the title, description, tags, category, price, and optional materials / production-partner / shop fields you submit per scan.
  • Scan results: risk score, violations, evidence, model + token telemetry.
  • Billing data: handled by Lemon Squeezy or Stripe — we receive only the customer ID, plan, and status; we never see card numbers.
  • Logs: minimal request logs (IP, user-agent, route) retained up to 30 days for abuse detection.

3. Why we process

  • · To provide the scan service (legal basis: contract).
  • · To bill, prevent abuse, and enforce limits (legitimate interest).
  • · To send transactional email — receipts, account, security (contract).
  • · To send product updates if you opt in (consent — opt out anytime in settings).

4. Sub-processors

We share data only with the following sub-processors, each under DPA:

  • · Cloudflare — edge hosting, DDoS, KV rate-limiting
  • · Neon — Postgres database (EU region)
  • · Clerk — authentication
  • · Anthropic — Claude API (no training on inputs, per Anthropic API ToS)
  • · Resend — transactional email
  • · Lemon Squeezy / Stripe — payments
  • · PostHog — product analytics (self-hosted EU)
  • · Sentry — error tracking (no PII in tags)

See the Data Processing Addendum for the full list and roles.

5. Retention

  • · Account data: until you delete your account.
  • · Scan results & listing snapshots: retained while your account is active so you can review history. Deleted within 30 days of account deletion.
  • · Billing records: 7 years (legal requirement).
  • · Request logs: 30 days.

6. Your GDPR rights

You have the right to access, rectify, port, and erase your data, and to object to or restrict processing. Email hello@merchguard.app and we'll respond within 30 days. You can also lodge a complaint with your local EU data-protection authority (Hungarian DPA: NAIH).

7. International transfers

Some sub-processors are US-based (Cloudflare, Anthropic, Stripe, Clerk). Transfers rely on Standard Contractual Clauses and supplementary measures.

8. Cookies

We use essential cookies for authentication (Clerk session) and a self-hosted PostHog analytics cookie. No third-party advertising cookies.

9. Changes

Material changes will be announced on the Service or via email at least 14 days before taking effect.