🤖 Plain Language Summary

What Our AI Does: MerchantGuard uses AI to predict PSP approval odds and assess payment compliance risk. Think of it as a smart advisor analyzing industry patterns - not a fortune teller guaranteeing outcomes.

Training Data: Our models learn from synthetic merchant profiles (AI-generated scenarios), published PSP requirements, regulatory frameworks, and aggregated industry research - NOT actual PSP proprietary underwriting data.

Key Limitation: Our predictions are estimates based on similar merchants. Actual PSP decisions depend on their specific underwriting process, current risk appetite, and your unique business situation.

🔒 Security & Privacy Guarantees

✅ In-Memory Processing

CSV files processed in-memory only. Raw files never stored.

✅ PII Hashing

Transaction IDs SHA-256 hashed. No reversible identifiers stored.

✅ 1-Day Auto-Delete

GCS lifecycle policy deletes uploads after 24 hours.

✅ 90-Day Retention

BigQuery data purged after 90 days. Automated daily job.

✅ KMS Encryption

Customer-managed keys (CMEK) for GCS. 90-day key rotation.

✅ Cascade Deletion

GDPR delete removes data from all systems: DB, GCS, BigQuery.

Last Verified: October 26, 2025 • Security Audit Report

AI Transparency Policy

Effective Date: October 26, 2025
Last Updated: February 9, 2026

1. How Our AI Works

MerchantGuard uses artificial intelligence (AI) to provide PSP approval predictions, risk assessments, and compliance recommendations. Here's what you need to know:

GuardScore Risk Model

Predicts likelihood of payment processor account issues
Trained on 10,000+ synthetic merchant profiles
95.2% recall rate for identifying at-risk merchants
Updates quarterly with new regulatory data

PSP Approval Model

Estimates approval probability at 24+ payment processors
Analyzes: industry, volume, entity type, geography, compliance history
Provides ranked recommendations with probability scores
Does NOT access PSP proprietary underwriting systems

Compliance Monitor

Tracks VAMP, Mastercard ECM, chargeback thresholds
Real-time regulatory updates from 45+ sources
Identifies operational improvements (8.5x ROI average)
Alerts delivered in your premium portal, Telegram, or email

2. Training Data (Synthetic & Validated)

⚠️ Important Disclosure: This is NOT real merchant data.

MerchantGuard's AI was trained on 10,000 synthetic (AI-generated) merchant profiles that simulate realistic payment processing scenarios.

This synthetic dataset includes:

90,229 simulated monthly health checks
40,449 modeled PSP application outcomes
7 high-risk industries (CBD, Gaming, Crypto, etc.)
24+ major PSPs (Durango, Stripe, PaymentCloud, etc.)

What "Synthetic Data" Means

Our training data is created by AI algorithms that:

✅ Model realistic merchant profiles based on industry research

✅ Simulate PSP approval patterns based on published requirements

✅ Apply real regulatory constraints (VAMP thresholds, entity requirements)

✅ Generate statistically valid scenarios for ML training

❌ We do NOT use actual PSP proprietary underwriting data

❌ We do NOT have access to real merchant application outcomes

❌ We do NOT train on actual PSP approval/rejection decisions

Why Synthetic Data?

Synthetic data allows us to:

Simulate rare events (account freezes, MATCH listings)
Model geography constraints (Brazil CNPJ, Colombia entities)
Test edge cases PSPs won't share real data about
Avoid privacy issues - no real merchant data exposed

How We Validate Our Models

Even though our training data is synthetic, we validate against:

Published PSP requirements (minimum volumes, industry restrictions)
Regulatory frameworks (VAMP 1.5%, Mastercard ECM thresholds)
Industry research reports (chargeback rates by industry)
Public data points (BBB ratings, PSP specializations)

Model Validation Benchmarks:

Freeze rate: 0.4% (matches industry averages)
GuardScore correlation: Higher scores = higher approval rates
Geographic constraints: Brazil CNPJ enforcement = 0% local PSP approval

Data Security & Retention

Our data handling practices (verified October 2025):

CSV Processing: In-memory only. Raw files never stored to disk or cloud storage.
PII Protection: Transaction IDs, order IDs, and dispute IDs are SHA-256 hashed before storage.
Auto-Deletion: GCS lifecycle policy deletes any temporary files after 1 day.
90-Day Purge: BigQuery data retention job runs daily at 2 AM UTC.
GDPR Compliance: User deletion cascades to PostgreSQL, Redis, GCS, and BigQuery.
Encryption: Customer-managed KMS keys (CMEK) with 90-day rotation.

3. What Our AI Predicts

✅ Probability estimates based on pattern matching

✅ Relative PSP ranking (which PSPs best fit your profile)

✅ Risk identification (compliance gaps, threshold violations)

❌ NOT actual PSP decisions - those are made by human underwriters

❌ NOT guarantees - individual results vary significantly

❌ NOT inside knowledge - we don't have PSP proprietary data

4. Accuracy & Limitations

Model Performance

GuardScore: 95.2% recall (identifies 95.2% of at-risk merchants)
PSP Approval: 85-90% directional accuracy (ranked recommendations)
Compliance Alerts: 99.1% uptime for threshold monitoring

Known Limitations

PSPs may change criteria without notice
Regional regulations vary by jurisdiction
Market conditions affect approval rates
Individual underwriter discretion cannot be modeled
Economic factors (recessions, fraud waves) impact real-time accuracy

5. Human Oversight

Premium subscribers receive human compliance expert review of AI assessments
AI recommendations reviewed by payment processing specialists with 15+ years experience
Critical decisions (account freezes, VAMP violations) flagged for immediate human analysis
Monthly model audits by independent data scientists

6. Your Rights

You can:

Request explanation of any AI-generated score or recommendation
Opt out of model training by emailing privacy@merchantguard.ai
Export all your data and predictions in JSON format
Challenge predictions you believe are inaccurate
Request human review of automated decisions (Premium plan)

7. Responsible AI Principles

MerchantGuard commits to:

🔍 Transparency

Clear explanations of how predictions are made. No "black box" scores without reasoning.

⚖️ Fairness

No discrimination based on race, religion, gender, or other protected characteristics. Regular bias audits.

🎯 Accuracy

Continuous model improvements and validation. Quarterly retraining with updated regulatory data.

🔒 Privacy

Strict data protection and optional anonymization. GDPR and CCPA compliant.

👥 Accountability

Human oversight and recourse mechanisms. Clear escalation paths for disputes.

8. Model Updates & Versioning

Our AI models are continuously improved. Major updates are versioned and announced:

v2.1 (Current): VAMP 2.0 compliance, 24+ PSP coverage, fraud weighting
v2.0 (Aug 2025): Multi-PSP approval predictions, synthetic training data
v1.0 (Jan 2025): Initial GuardScore risk assessment

Users are notified of major updates via email and in-app notifications 30 days before deployment.

9. Agent Monitoring and Behavioral Data

MerchantGuard provides AI agent monitoring services including health checks, stuck loop detection, comment quality analysis, viral content detection, and partnership opportunity identification. These services generate behavioral data about AI agents (not natural persons).

Data Collection for Agent Monitoring

Health telemetry: Response times, uptime, error rates
Content metrics: Post quality scores, comment analysis, engagement patterns
Platform standing: Karma trajectories, suspension status, follower dynamics
Certification results: Mystery Shopper probe outcomes, GuardScan findings, TrustVerdict scores

How We Use Agent Monitoring Data

Anonymized and aggregated agent monitoring data is used to:

Train anomaly detection models that identify unusual agent behavior

Build suspension prediction models based on behavioral patterns

Develop quality scoring models for agent content

Compute the Agent Reliability Index (ARI) — a FICO-like score for AI agents

Generate industry benchmarks and compliance reports

We apply a three-tier consent model: Tier 1 (aggregated metadata, always permitted), Tier 2 (anonymized training data, opt-out available), Tier 3 (identifiable data, explicit opt-in only). See our Terms of Service, Section 10.8.3 and Privacy Policy, Section 8.5 for details.

10. EU AI Act Compliance

The European Union's AI Act (Regulation (EU) 2024/1689) establishes comprehensive requirements for AI systems. Article 26 requires deployers of AI systems to monitor AI reliability and report serious incidents. Enforcement begins August 2, 2026.

How MerchantGuard Supports Compliance

Continuous monitoring: Health checks, performance tracking, and anomaly detection provide ongoing AI system oversight
Incident detection: Automated alerts for stuck loops, suspensions, quality degradation, and unexpected behavior
Audit trails: Certification records, monitoring logs, and compliance assessments create documentation for regulatory reporting
Risk assessment: GuardScore and Agent Reliability Index provide quantitative risk measurement
Human oversight: Alert systems enable human-in-the-loop monitoring with escalation paths

Regulatory Note:

MerchantGuard is a monitoring and compliance tool. We do not guarantee regulatory compliance. You are solely responsible for determining your obligations under the EU AI Act and any other applicable AI regulations. Consult qualified legal counsel for specific compliance guidance.

Questions or Concerns?

We're committed to transparency and accountability in our AI systems. If you have questions about:

How your GuardScore was calculated
Why a specific PSP was recommended
Model accuracy or limitations
Data privacy and training

Contact our AI Ethics team: ai-ethics@merchantguard.ai

Request human review: Premium subscribers can request manual review of any AI decision via the support chat or by emailing support@merchantguard.ai

Related Policies: Terms of Service • Privacy Policy • Disclaimer