Compliance

1. Data Security

We take data security seriously and implement industry-standard security measures to protect your information:

• Encryption of data in transit and at rest
• Regular security audits and penetration testing
• Secure authentication using Clerk
• Infrastructure security provided by Vercel and Google Cloud

2. Payment Card Industry (PCI)

While MerchantGuard does not directly process payments, we help merchants understand and comply with PCI DSS requirements. We provide educational resources and tools to assess compliance posture.

3. GDPR & Privacy

We comply with GDPR and other privacy regulations. For detailed information about how we handle personal data, please see our Privacy Policy.

4. Service Providers

We work with trusted service providers who maintain their own compliance certifications:

• Vercel: SOC 2 Type II certified hosting
• Google Cloud: Multiple compliance certifications (SOC 1/2/3, ISO 27001, PCI DSS)
• Clerk: SOC 2 Type II certified authentication
• PostHog: GDPR compliant analytics

5. Reporting Security Issues

If you discover a security vulnerability, please report it to support@merchantguard.ai. We take all security reports seriously and will respond promptly.

6. Updates

This compliance page is updated regularly as we enhance our security posture and obtain additional certifications. Last updated: October 28, 2025.