Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you purchase an audit:

• Name and email address
• Company name and website
• Billing information (processed by Stripe, not stored by us)
• Platform credentials (read-only API keys for helpdesk, shipping, and Shopify)

During the audit:

• Customer support ticket data (conversations, internal notes, metadata)
• Shipping data (carrier charges, tracking, delivery status)
• Returns data (return requests, refund records, fraud patterns)
• Order and product information from Shopify
• Agent and operator names and IDs

1.2 Information We Do NOT Collect

We do not collect or store:

• Customer credit card numbers or payment details
• Customer passwords or account credentials
• PII of your end customers beyond what appears in support tickets
• Browsing history or tracking data from your website

2. How We Use Your Information

2.1 To Provide Services

We use your data to:

• Conduct the audit you purchased
• Analyze support tickets, shipping data, and returns for revenue leakage
• Generate your audit report with breakdown by operational category
• Communicate with you about findings and recommendations

2.2 To Improve Services

We may use aggregated, anonymized data to:

• Improve our audit methodology
• Create industry benchmarks
• Develop case studies (with your permission)

2.3 For Legal Compliance

We may use or disclose information:

• To comply with legal obligations
• To protect our rights or property
• To prevent fraud or abuse
• In response to valid legal requests

3. Data Security

3.1 Security Measures

We protect your data with:

• Encryption: All data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
• Access Control: Read-only access to all platforms; data accessible only to assigned auditor
• Secure Infrastructure: SOC 2 Type II compliant hosting
• Platform Security: Secure API connections to helpdesks, shipping platforms, and Shopify

3.2 Third-Party Security

We use trusted service providers:

• Hosting: SOC 2 Type II, GDPR compliant
• Payments: Stripe (PCI-DSS Level 1 compliant)
• Email: Resend (GDPR compliant)
• AI Analysis: SOC 2 Type II compliant

3.3 Data Breach Protocol

In the event of a data breach:

• We will notify you within 72 hours
• Provide details of what data was affected
• Explain steps taken to mitigate harm
• Assist with any required notifications

4. Data Retention

4.1 During Audit

• Data stored in secure database
• Accessible only to assigned auditor
• Retained until audit completion + 90 days

4.2 After Audit Completion

• Default: 90 days (for comparison in future re-audits)
• Your choice: Request immediate deletion after delivery
• Anonymization: After 90 days, all identifiable data anonymized or deleted

5. Data Sharing

5.1 Who We Share Data With

We share data only with service providers necessary for delivering our services.

We do NOT:

• Sell your data to third parties
• Share data with advertisers
• Provide data to data brokers
• Use data for unrelated purposes

5.2 Your Customers' Data

Regarding your end customers' data visible in support tickets, shipping records, and returns:

• We treat it as confidential across all platforms
• We do not contact your customers
• We do not use it for our own marketing
• We delete or anonymize all operational data after audit completion

6. Your Privacy Rights

6.1 Access & Portability

You have the right to:

• Request a copy of all data we hold about you
• Receive data in machine-readable format (CSV, JSON)
• Transfer data to another service provider

6.2 Deletion ("Right to Be Forgotten")

You can request deletion of:

• Your account information
• All audit data associated with your company
• Any testimonials or case studies

Deletion completed within 30 days of request.

6.3 Objection to Processing

You may object to:

• Use of data for marketing purposes
• Inclusion in case studies or testimonials
• Use of anonymized data for benchmarking

7. International Data Transfers

7.1 Data Location

Your data may be processed in:

• India (our primary location)
• United States (service provider servers)
• European Union (if using EU-based service providers)

7.2 GDPR Compliance

For EU customers:

• We comply with GDPR requirements
• Data transfers protected by Standard Contractual Clauses (SCCs)
• You have all rights granted under GDPR

7.3 CCPA Compliance

For California residents:

• You have rights under California Consumer Privacy Act (CCPA)
• We do not sell your personal information
• You can request disclosure of data collected

8. Cookies & Tracking

8.1 Cookies We Use

On trymerro.com:

• Essential cookies: Session management, security
• Analytics cookies: Google Analytics (anonymized IP)
• No advertising cookies

8.2 Do Not Track

We honor "Do Not Track" browser signals.

9. Children's Privacy

Our Services are not intended for anyone under 18. We do not knowingly collect data from children. If you believe we have collected data from a minor, contact us immediately at support@trymerro.com and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy at any time. For material changes, we will provide email notification 30 days before the effective date. Continued use after changes indicates acceptance of the updated policy.