Plain Language Summary

What We Collect: Business information, transaction data, and usage analytics to provide our risk assessment service.

How We Use It: To calculate your GuardScore™, provide compliance insights, and improve our service.

Who We Share With: Only service providers who help us operate (like cloud hosting and KYC verification). We never sell your data.

Blockchain Transparency: Your wallet address and NFT ownership are public on the blockchain and cannot be deleted.

Your Rights: You can access, correct, or delete most of your data, but blockchain records are permanent.

Security: We use encryption and security best practices, but no system is 100% secure.

Privacy Policy

Effective Date: August 18, 2025
Last Updated: August 18, 2025

1. Introduction

This Privacy Policy explains how DuneCrest Ventures Inc., doing business as MerchantGuard™ ("we," "us," "our"), collects, uses, shares, and protects information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email, Telegram username, company details
  • Business Data: Business model, revenue information, compliance documentation
  • Transaction Data: Payment history, chargeback rates, processing volumes
  • KYC/KYB Information: Identity verification documents and data
  • Communications: Support requests, feedback, survey responses

2.2 Information Collected Automatically

  • Usage Data: Features used, interactions with our bot, assessment history
  • Device Information: IP address, browser type, operating system
  • Analytics: Page views, session duration, referral sources
  • Blockchain Data: Wallet addresses, transaction hashes, NFT interactions

2.3 Information from Third Parties

  • Verification Services: KYC/KYB results from identity verification providers
  • Blockchain Networks: Public transaction data from Arbitrum
  • Payment Processors: Transaction verification data (with your consent)

3. How We Use Your Information

3.1 Service Delivery

  • Calculate your GuardScore™
  • Provide compliance assessments
  • Issue reputation NFTs
  • Deliver educational content

3.2 Service Improvement

  • Enhance our algorithms
  • Develop new features
  • Analyze usage patterns
  • Conduct research

3.3 Legal and Security

  • Prevent fraud and abuse
  • Enforce our Terms
  • Comply with legal obligations
  • Protect rights and safety

4. Information Sharing

4.1 Service Providers

We share information with:

  • Cloud Infrastructure: Google Cloud Platform for data storage
  • Communication: Telegram for service delivery
  • Verification: KYC/KYB providers for identity verification
  • Analytics: Service usage and performance monitoring
  • Payment Processing: Stripe or similar for payment handling

4.2 Blockchain Transparency Warning

PUBLIC BLOCKCHAIN DATA WARNING:

  • Your wallet address is publicly visible
  • NFT ownership is permanently recorded
  • Transaction history cannot be deleted
  • Anyone can view blockchain associations

4.3 No Data Sales

We DO NOT sell your personal information to third parties.

5. Data Security

5.1 Security Measures

We implement:

  • Encryption: TLS for data in transit, AES-256 for data at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Established breach notification procedures

5.2 Security Limitations

Despite our measures:

  • No system is completely secure
  • Internet transmission is not 100% secure
  • We cannot guarantee absolute security
  • You share information at your own risk

6. Data Retention

6.1 Retention Periods

  • Account Data: Duration of account plus 7 years
  • Transaction Data: 7 years for compliance
  • Communications: 3 years
  • Analytics: 2 years
  • Blockchain Data: Permanent and immutable

6.2 Deletion Limitations

We cannot delete:

  • Blockchain records
  • Data required for legal compliance
  • Anonymized analytical data
  • Backup archives (deleted within 90 days)

7. Your Rights

7.1 Access and Control

You can:

  • Request a copy of your personal data
  • Correct inaccurate information
  • Request deletion (except blockchain data)
  • Object to certain processing
  • Opt-out of marketing communications
  • Withdraw consent (doesn't affect prior processing)

7.2 How to Exercise Rights

Email: privacy@merchantguard.ai
Response time: Within 30 days

8. Regional Privacy Rights

8.1 California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know categories of data collected
  • Right to deletion
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

8.2 European Privacy Rights (GDPR)

EU/UK residents have additional rights:

  • Right to object to processing
  • Right to restriction of processing
  • Right to lodge complaints with supervisory authorities
  • Right to data portability

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through standard contractual clauses, adequacy decisions, or your explicit consent.

10. Contact Information

Data Controller:
DuneCrest Ventures Inc. DBA MerchantGuard™

Privacy Contact:
Email: privacy@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Data Protection Officer:
Email: dpo@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Important Legal Disclaimer: These documents have been generated based on legal templates and must be reviewed by a qualified human lawyer to ensure full compliance with all applicable laws and regulations before being published.