Legal

Privacy Policy

Last updated: June 2026

This policy is provided for transparency and is not legal advice; it is being finalized with counsel.

1. Overview

Merit provides compliance monitoring, buyer-attestation logging, and payments enablement for research-use-only WooCommerce stores. This Privacy Policy explains what information we collect when a merchant uses Merit, how we use it, and who we share it with.

This policy covers information we handle about merchants and their stores. Where Merit logs buyer attestation events on a merchant's behalf, the merchant is responsible for its own customer-facing privacy disclosures.

2. Information we collect

We collect only what we need to run the service:

  • Account information: the name and email address you provide when you create a Merit account, and a securely hashed password.
  • Store connection data: your store URL and read-only access to your WooCommerce store (via a read-only REST API key) and/or publicly crawled page content, so we can scan your store.
  • Compliance scan data: findings and scores derived from your store's product pages, descriptions, claims, and policy pages.
  • Buyer attestation events: when a buyer passes the research-use gate on your store, we log the acceptance with a timestamp, IP address, researcher type, and attestation version. We do not collect buyer payment-card details.
  • Payment-related data: payments are processed through Stripe Connect on your own connected account. Merit never stores full card numbers; the merchant is the merchant of record for its sales.
  • Communications: emails we send you (for example login, password reset, and account notices) are delivered through our email provider.
  • Technical data: basic session, log, and device information needed to operate and secure the service.

3. How we use information

We use the information above to: provide and operate the compliance scan, score, and 24/7 monitoring; maintain the buyer-attestation log as a record for you; enable and route card processing through your own connected account; send you transactional and account-related email; secure the platform and prevent abuse; and improve the service.

We do not sell your personal information, and we do not use it for third-party advertising.

4. How we share information

We share information only with the service providers that make Merit work, and only as needed:

  • Stripe, for payment processing and Stripe Connect onboarding. Stripe handles card data directly under its own privacy terms.
  • Resend, our email delivery provider, to send transactional and account email.
  • Our hosting and infrastructure provider, to run the application and store data.

5. Buyer attestation data

When buyers accept the research-use gate on your store, Merit records that acceptance so you have a defensible, on-the-record trail. We act as a processor of this data on your behalf; you remain responsible for how that data is presented to and used with your customers, including your own privacy notice and any required consent.

6. Data retention

We keep account, scan, attestation, and compliance records for as long as your account is active and as needed to provide the service, maintain an audit trail, and meet our legal and operational obligations. You can ask us to close your account and delete data that we are not required to retain.

7. Security

We protect data with industry-standard measures, including encryption of stored store credentials, access controls, and least-privilege access to systems. No method of transmission or storage is perfectly secure, but we work to safeguard the information you entrust to us.

8. Your choices and rights

You can review and update your account information, disconnect your store, and request account closure at any time. Depending on where you live, you may have additional rights to access, correct, or delete personal information. To make a request, contact us using the details below.

9. Children

Merit is a business tool for store operators and is not directed to children. The research-use gate on connected stores is configured to require buyers to confirm they are 21 or older.

10. Changes to this policy

We may update this policy as the product and our practices evolve. When we make material changes, we will update the date above and, where appropriate, notify you.

11. Contact us

Questions about this policy or your data? Email support@useattestly.com.