Plain Language Summary

What We Collect: Business information, transaction data, and usage analytics to provide our risk assessment service.

How We Use It: To calculate your GuardScore™, provide compliance insights, and improve our service.

Who We Share With: Only service providers who help us operate (like cloud hosting and KYC verification). We never sell your data.

Blockchain Transparency: Your wallet address and NFT ownership are public on the blockchain and cannot be deleted.

Your Rights: You can access, correct, or delete most of your data, but blockchain records are permanent.

Security: We use encryption and security best practices, but no system is 100% secure.

Privacy Policy

Effective Date: August 18, 2025
Last Updated: August 18, 2025

1. Introduction

This Privacy Policy explains how DuneCrest Ventures Inc., doing business as MerchantGuard™ ("we," "us," "our"), collects, uses, shares, and protects information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email, Telegram username, company details
  • Business Data: Business model, revenue information, compliance documentation
  • Transaction Data: Payment history, chargeback rates, processing volumes
  • KYC/KYB Information: Identity verification documents and data
  • Communications: Support requests, feedback, survey responses

2.2 Information Collected Automatically

  • Usage Data: Features used, interactions with our bot, assessment history
  • Device Information: IP address, browser type, operating system
  • Analytics: Page views, session duration, referral sources
  • Blockchain Data: Wallet addresses, transaction hashes, NFT interactions

2.3 Information from Third Parties

  • Verification Services: KYC/KYB results from identity verification providers
  • Blockchain Networks: Public transaction data from Arbitrum
  • Payment Processors: Transaction verification data (with your consent)

3. How We Use Your Information

3.1 Service Delivery

  • Calculate your GuardScore™
  • Provide compliance assessments
  • Issue reputation NFTs
  • Deliver educational content

3.2 Service Improvement

  • Enhance our algorithms
  • Develop new features
  • Analyze usage patterns
  • Conduct research

3.3 Legal and Security

  • Prevent fraud and abuse
  • Enforce our Terms
  • Comply with legal obligations
  • Protect rights and safety

4. Information Sharing

4.1 Service Providers

We share information with:

  • Cloud Infrastructure: Google Cloud Platform for data storage
  • Communication: Telegram for service delivery
  • Verification: KYC/KYB providers for identity verification
  • Analytics: Service usage and performance monitoring
  • Payment Processing: Stripe or similar for payment handling

4.2 Blockchain Transparency Warning

PUBLIC BLOCKCHAIN DATA WARNING:

  • Your wallet address is publicly visible
  • NFT ownership is permanently recorded
  • Transaction history cannot be deleted
  • Anyone can view blockchain associations

4.3 No Data Sales

We DO NOT sell your personal information to third parties.

5. Data Security

5.1 Security Measures

We implement:

  • Encryption: TLS for data in transit, AES-256 for data at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Established breach notification procedures

5.2 Security Limitations

Despite our measures:

  • No system is completely secure
  • Internet transmission is not 100% secure
  • We cannot guarantee absolute security
  • You share information at your own risk

6. Data Retention

6.1 Retention Periods

  • Account Data: Duration of account plus 7 years
  • Transaction Data: 7 years for compliance
  • Communications: 3 years
  • Analytics: 2 years
  • Blockchain Data: Permanent and immutable

6.2 Deletion Limitations

We cannot delete:

  • Blockchain records
  • Data required for legal compliance
  • Anonymized analytical data
  • Backup archives (deleted within 90 days)

7. Your Rights

7.1 Access and Control

You can:

  • Request a copy of your personal data
  • Correct inaccurate information
  • Request deletion (except blockchain data)
  • Object to certain processing
  • Opt-out of marketing communications
  • Withdraw consent (doesn't affect prior processing)

7.2 How to Exercise Rights

Email: privacy@merchantguard.ai
Response time: Within 30 days

8. AI and Machine Learning Data Processing

8.1 How We Process Data for AI

MerchantGuard uses artificial intelligence to provide personalized risk assessments and recommendations. Here's how we process your data:

8.2 Data You Provide for AI Analysis

When you use our AI features, we collect and process:

  • Assessment Inputs: Monthly volume, chargeback rate, industry, region, entity structure, and other business metrics
  • Uploaded Files: CSV files, payment processor statements, or other documents you upload for analysis
  • Conversation Data: Questions you ask Guard and responses you receive
  • Feedback: Ratings, corrections, or feedback you provide on AI responses

8.3 How AI Uses Your Data

Your data is processed to:

  1. Generate Your GuardScore: Calculate your risk score based on your metrics
  2. Provide Recommendations: Generate personalized compliance guidance
  3. Match Processors: Identify potentially compatible payment processors
  4. Answer Questions: Provide context-aware responses based on your business profile
  5. Send Alerts: Identify policy changes relevant to YOUR specific situation

8.4 Data Isolation

Your data is isolated and used only for YOUR services. We do NOT:

  • ❌ Train AI models on your specific data without explicit consent
  • ❌ Share your data with other users
  • ❌ Use your assessment data to improve services for other users
  • ❌ Sell or rent your data to third parties
  • ❌ Share your data with payment processors

8.5 AI Model Training

We improve our AI models using:

  • ✅ Aggregate anonymized patterns (e.g., "gaming merchants in Brazil have X% approval rate")
  • ✅ Synthetic training data generated from industry patterns
  • ✅ Publicly available payment processor policies
  • ✅ User feedback on AI response quality (not your specific business data)

We do NOT train our models on your confidential business information.

8.6 Third-Party AI Services

We use third-party AI services (such as large language models) to power some AI features. When using these services:

  • We send only the minimum necessary data to generate responses
  • We do NOT allow third parties to train on your data
  • We use enterprise agreements with data processing protections
  • Third-party AI providers are contractually prohibited from using your data for their own purposes

Current third-party AI providers:

  • Anthropic (Claude AI for conversational features)
  • OpenAI (for specific analysis features)

These providers process data under strict data processing agreements.

8.7 Data Retention for AI Features

  • Conversation History: Stored for 90 days or until you delete it
  • GuardScore Assessments: Stored as long as your account is active
  • Uploaded Files: Processed immediately, then deleted within 24 hours (unless you save them)
  • AI-Generated Reports: Stored with your account until you delete them

8.8 Your AI Data Rights

You can:

  • Access: View all AI-generated assessments and conversation history
  • Delete: Remove conversations, assessments, or uploaded files
  • Export: Download your AI assessment history
  • Opt-Out: Disable certain AI features (may limit functionality)
  • Correct: Update inputs if AI used incorrect information

To exercise these rights, contact privacy@merchantguard.ai

8.9 AI Data Security

We protect AI-processed data with:

  • Encryption at rest and in transit
  • Access controls limiting who can view your data
  • Audit logs tracking data access
  • Regular security assessments
  • Data isolation between users

See our AI Methodology page for technical details.

9. Regional Privacy Rights

9.1 California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know categories of data collected
  • Right to deletion
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

9.2 European Privacy Rights (GDPR)

EU/UK residents have additional rights:

  • Right to object to processing
  • Right to restriction of processing
  • Right to lodge complaints with supervisory authorities
  • Right to data portability

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through standard contractual clauses, adequacy decisions, or your explicit consent.

11. Contact Information

Data Controller:
DuneCrest Ventures Inc. DBA MerchantGuard™

Privacy Contact:
Email: privacy@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Data Protection Officer:
Email: dpo@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Important Legal Disclaimer: These documents have been generated based on legal templates and must be reviewed by a qualified human lawyer to ensure full compliance with all applicable laws and regulations before being published.