Privacy Policy

Last updated: April 2026

1. Who We Are

MerchantStamp is an online service that helps e-commerce merchants make their product data readable by AI shopping agents. The service is operated by Arnaud Buisine, sole proprietor, based in France. For any privacy-related questions, contact us at contact@merchantstamp.com.

2. Data We Collect

We collect the minimum data necessary to provide the service. When you create an account, we store your email address and name (provided via Clerk authentication). When you run a scan, we store the URL you submitted, the scan results, and your Agent-Readiness score. We also collect standard web analytics data (page views, referrer, device type) through privacy-friendly analytics.

3. How We Use Your Data

Your data is used exclusively to provide and improve the MerchantStamp service: running audits, generating structured data, displaying your dashboard, and sending you service-related emails if you opt in. We do not sell your data to third parties. We do not use your data for advertising.

4. Data Storage & Security

Your data is stored on secure servers hosted by Supabase (PostgreSQL database) and Vercel (application hosting), both located in the EU or US with appropriate safeguards. Passwords are never stored by MerchantStamp — authentication is handled entirely by Clerk. All data transfers use TLS encryption.

5. Cookies

MerchantStamp uses essential cookies required for authentication and session management. We may use analytics cookies (Microsoft Clarity or similar) to understand how the site is used. You can disable non-essential cookies in your browser settings at any time.

6. Your Rights

Under GDPR, you have the right to access, correct, delete, or export your personal data at any time. You can also object to processing or request restriction. To exercise any of these rights, email us at contact@merchantstamp.com. We will respond within 30 days.

7. Data Retention

Account data is retained as long as your account is active. Scan results are retained for 12 months after the last scan. When you delete your account, all associated data is permanently removed within 30 days.

8. Third-Party Services

We use the following third-party services that may process your data: Clerk (authentication), Supabase (database), Vercel (hosting), and Stripe (payments, if applicable). Each of these services has their own privacy policy and is GDPR-compliant.

9. Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email or a banner on the website. Continued use of the service after changes constitutes acceptance.