Plain Language Summary

What We Collect: Business information, transaction data, and usage analytics to provide our risk assessment service.

How We Use It: To calculate your GuardScore™, provide compliance insights, and improve our service.

Who We Share With: Only service providers who help us operate (like cloud hosting and KYC verification). We never sell your data.

Blockchain Transparency: Your wallet address and NFT ownership are public on the blockchain and cannot be deleted.

Your Rights: You can access, correct, or delete most of your data, but blockchain records are permanent.

Security: We use encryption and security best practices, but no system is 100% secure.

Privacy Policy

Effective Date: August 18, 2025
Last Updated: February 9, 2026

1. Introduction

This Privacy Policy explains how DuneCrest Ventures Inc., doing business as MerchantGuard™ ("we," "us," "our"), collects, uses, shares, and protects information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email, Telegram username, company details
  • Business Data: Business model, revenue information, compliance documentation
  • Transaction Data: Payment history, chargeback rates, processing volumes
  • KYC/KYB Information: Identity verification documents and data
  • Communications: Support requests, feedback, survey responses

2.2 Information Collected Automatically

  • Usage Data: Features used, interactions with our bot, assessment history
  • Device Information: IP address, browser type, operating system
  • Analytics: Page views, session duration, referral sources
  • Blockchain Data: Wallet addresses, transaction hashes, NFT interactions

2.3 Information from Third Parties

  • Verification Services: KYC/KYB results from identity verification providers
  • Blockchain Networks: Public transaction data from Arbitrum
  • Payment Processors: Transaction verification data (with your consent)

3. How We Use Your Information

3.1 Service Delivery

  • Calculate your GuardScore™
  • Provide compliance assessments
  • Issue reputation NFTs
  • Deliver educational content

3.2 Service Improvement

  • Enhance our algorithms
  • Develop new features
  • Analyze usage patterns
  • Conduct research

3.3 Legal and Security

  • Prevent fraud and abuse
  • Enforce our Terms
  • Comply with legal obligations
  • Protect rights and safety

4. Information Sharing

4.1 Service Providers

We share information with:

  • Cloud Infrastructure: Google Cloud Platform for data storage
  • Communication: Telegram for service delivery
  • Verification: KYC/KYB providers for identity verification
  • Analytics: Service usage and performance monitoring
  • Payment Processing: Stripe or similar for payment handling

4.2 Blockchain Transparency Warning

PUBLIC BLOCKCHAIN DATA WARNING:

  • Your wallet address is publicly visible
  • NFT ownership is permanently recorded
  • Transaction history cannot be deleted
  • Anyone can view blockchain associations

4.3 No Data Sales

We DO NOT sell your personal information to third parties.

5. Data Security

5.1 Security Measures

We implement:

  • Encryption: TLS for data in transit, AES-256 for data at rest
  • Access Controls: Role-based permissions, multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Established breach notification procedures

5.2 Security Limitations

Despite our measures:

  • No system is completely secure
  • Internet transmission is not 100% secure
  • We cannot guarantee absolute security
  • You share information at your own risk

6. Data Retention

6.1 Retention Periods

  • Account Data: Duration of account plus 7 years
  • Transaction Data: 7 years for compliance
  • Communications: 3 years
  • Analytics: 2 years
  • Blockchain Data: Permanent and immutable

6.2 Deletion Limitations

We cannot delete:

  • Blockchain records
  • Data required for legal compliance
  • Anonymized analytical data
  • Backup archives (deleted within 90 days)

7. Your Rights

7.1 Access and Control

You can:

  • Request a copy of your personal data
  • Correct inaccurate information
  • Request deletion (except blockchain data)
  • Object to certain processing
  • Opt-out of marketing communications
  • Withdraw consent (doesn't affect prior processing)

7.2 How to Exercise Rights

Email: privacy@merchantguard.ai
Response time: Within 30 days

8. AI and Machine Learning Data Processing

8.1 How We Process Data for AI

MerchantGuard uses artificial intelligence to provide personalized risk assessments and recommendations. Here's how we process your data:

8.2 Data You Provide for AI Analysis

When you use our AI features, we collect and process:

  • Assessment Inputs: Monthly volume, chargeback rate, industry, region, entity structure, and other business metrics
  • Uploaded Files: CSV files, payment processor statements, or other documents you upload for analysis
  • Conversation Data: Questions you ask Guard and responses you receive
  • Feedback: Ratings, corrections, or feedback you provide on AI responses

8.3 How AI Uses Your Data

Your data is processed to:

  1. Generate Your GuardScore: Calculate your risk score based on your metrics
  2. Provide Recommendations: Generate personalized compliance guidance
  3. Match Processors: Identify potentially compatible payment processors
  4. Answer Questions: Provide context-aware responses based on your business profile
  5. Send Alerts: Identify policy changes relevant to YOUR specific situation

8.4 Data Isolation and Protection

Your identifiable business data is isolated and protected. We do NOT:

  • Share your identifiable data with other users
  • Sell or rent your personal or business data to third parties
  • Share your data with payment processors without your consent
  • Use identifiable data for generative AI training without explicit opt-in consent

8.5 AI Model Training — Tiered Consent

We use a three-tier consent model for AI training data, consistent with industry best practices:

  • Tier 1 — Always Permitted (Aggregated Metadata): We always process fully anonymized, aggregated data that cannot be linked to any individual user. Examples: industry-wide compliance patterns (e.g., "gaming merchants in Brazil have X% approval rate"), aggregate health check statistics, platform-wide risk distributions. This data is essential for providing and improving our services.
  • Tier 2 — Default On, Opt-Out Available (Anonymized Training Data): We use anonymized behavioral data to train and improve our AI models, including agent monitoring patterns, quality scoring models, anomaly detection, and suspension prediction. This data is stripped of identifying information. You may opt out by emailing privacy@merchantguard.ai. Opting out may reduce the accuracy of personalized recommendations.
  • Tier 3 — Explicit Opt-In Only (Generative AI Training): We will never use your identifiable business information, confidential data, or specific assessment details for generative AI model training, case studies, or marketing without your explicit written consent.

Additionally, we improve our AI models using synthetic training data generated from industry patterns, publicly available payment processor policies, and user feedback on AI response quality (anonymized).

8.6 Third-Party AI Services

We use third-party AI services (such as large language models) to power some AI features. When using these services:

  • We send only the minimum necessary data to generate responses
  • We do NOT allow third parties to train on your data
  • We use enterprise agreements with data processing protections
  • Third-party AI providers are contractually prohibited from using your data for their own purposes

Current third-party AI providers:

  • Anthropic (Claude AI for conversational and analysis features)
  • Google (Gemini models for analysis, quality scoring, and monitoring features)

These providers process data under strict data processing agreements.

8.7 Agent Monitoring and Behavioral Data

For AI agent monitoring services (including Moltbook Watchdog, Mystery Shopper, GuardScan, and Agent Certification), we collect and process agent behavioral metadata including:

  • Health check responses and uptime statistics
  • Content quality metrics and engagement patterns
  • Platform standing (karma scores, follower counts, suspension status)
  • Response latency and performance metrics
  • Certification scores and compliance assessment results

Agent behavioral metadata generated by automated AI agents (non-human autonomous systems) constitutes machine-generated operational telemetry. Where such data is not linkable to a natural person, it falls outside the scope of personal data protections under GDPR (which applies to natural persons) and may be outside the scope of CCPA (which applies to consumers who are natural persons). Where agent operator identity is linkable, we apply the tiered consent model described in Section 8.5.

By using our agent monitoring services, you grant DuneCrest Ventures Inc. a perpetual, worldwide, royalty-free license to use anonymized and aggregated agent behavioral data to develop and improve AI compliance products, including the Agent Reliability Index (ARI). See our Terms of Service, Section 10.8 for full data licensing terms.

8.8 EU AI Act and Regulatory Compliance

MerchantGuard's monitoring services are designed to support compliance with emerging AI regulations, including the EU AI Act (Regulation (EU) 2024/1689). Under Article 26, deployers of AI systems are required to monitor the reliability of AI systems and report serious incidents. Our services generate compliance data that supports these obligations.

We retain monitoring logs, compliance records, and certification data for a minimum of the period required by applicable regulations (currently anticipated to be at least 10 years under EU AI Act requirements for high-risk AI systems). You may request copies of your monitoring and compliance records at any time.

8.9 Data Retention for AI Features

  • Conversation History: Stored for 90 days or until you delete it
  • GuardScore Assessments: Stored as long as your account is active
  • Uploaded Files: Processed immediately, then deleted within 24 hours (unless you save them)
  • AI-Generated Reports: Stored with your account until you delete them

8.10 Your AI Data Rights

You can:

  • Access: View all AI-generated assessments and conversation history
  • Delete: Remove conversations, assessments, or uploaded files
  • Export: Download your AI assessment history
  • Opt-Out: Disable certain AI features (may limit functionality)
  • Correct: Update inputs if AI used incorrect information

To exercise these rights, contact privacy@merchantguard.ai

8.11 AI Data Security

We protect AI-processed data with:

  • Encryption at rest and in transit
  • Access controls limiting who can view your data
  • Audit logs tracking data access
  • Regular security assessments
  • Data isolation between users

See our AI Methodology page for technical details.

9. Regional Privacy Rights

9.1 California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know categories of data collected
  • Right to deletion
  • Right to opt-out of sale (we don't sell data)
  • Right to non-discrimination

9.2 European Privacy Rights (GDPR)

EU/UK residents have additional rights:

  • Right to object to processing
  • Right to restriction of processing
  • Right to lodge complaints with supervisory authorities
  • Right to data portability

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards through standard contractual clauses, adequacy decisions, or your explicit consent.

11. Contact Information

Data Controller:
DuneCrest Ventures Inc. DBA MerchantGuard™

Privacy Contact:
Email: privacy@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Data Protection Officer:
Email: dpo@merchantguard.ai
Phone: +1 (307) 381-3301
Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801