Privacy Policy

1. Introduction and Acceptance

Mercap ("Company," "we," "our," or "us") operates a comprehensive sales portal and e-signature platform (collectively, the "Service"). This Privacy Policy ("Policy") constitutes a legally binding agreement between you ("User," "you," or "your") and Mercap regarding the collection, use, disclosure, and protection of your personal information.

ACCEPTANCE REQUIRED: By accessing, using, or registering for our Service, you expressly acknowledge that you have read, understood, and agree to be legally bound by this Privacy Policy. If you do not agree to any provision of this Policy, you must immediately cease all use of the Service and may not access any part of our platform.

This Policy applies to all users of the Service, including but not limited to: registered users, organization administrators, clients, visitors to our website, and any individual whose personal information is processed through our platform.

2. Information We Collect and Process

2.1 Personally Identifiable Information (PII)

We collect and process personal information that you voluntarily provide to us, including but not limited to:

• Identity Information: Full name, title, professional credentials, and identification documents
• Contact Information: Email addresses, phone numbers, physical addresses, and mailing addresses
• Account Information: Usernames, passwords, security questions, and authentication credentials
• Organization Data: Company name, business registration information, tax identification numbers, and organizational structure
• Billing Information: Payment methods, billing addresses, credit card information (processed securely through third-party processors), and transaction history
• Business Information: Industry, company size, revenue data, and business objectives
• Document and Signature Data: Digital signatures, document content, signature timestamps, IP addresses, and device fingerprints
• Lead and Customer Data: Prospect information, customer contact details, sales history, and relationship data
• Proposal and Contract Data: Proposal content, pricing information, terms and conditions, and contract execution data
• Form Submissions: All data submitted through our forms, including custom fields and responses
• Communication Records: Email communications, chat logs, support tickets, and customer service interactions

2.2 Automatically Collected Information

We automatically collect certain information when you use our Service, including:

• Usage Data: Pages visited, features used, time spent, and user interactions
• Device Information: Device type, operating system, browser type, screen resolution, and device identifiers
• Location Data: General geographic location based on IP address (not precise location)
• Log Data: Server logs, error logs, and system performance data
• Analytics Data: User behavior patterns, feature usage statistics, and performance metrics
• Security Data: Login attempts, security events, and access patterns

2.3 Information from Third Parties

We may receive information about you from third-party sources, including:

• Business Partners: Referral information and shared customer data
• Public Sources: Publicly available business information and social media profiles
• Service Providers: Authentication services, payment processors, and analytics providers
• Government Sources: Public business registrations and regulatory filings

3. Legal Basis and Purposes for Processing

We process your information for the following legally justified purposes:

3.1 Service Provision and Contractual Performance

• Core Service Delivery: Provide, maintain, operate, and continuously improve our sales portal and e-signature platform
• User Management: Create and manage user accounts, authenticate users, and control access to platform features
• Transaction Processing: Process payments, manage billing cycles, handle refunds, and maintain financial records
• Document Management: Store, process, and manage documents, proposals, contracts, and e-signature workflows
• Lead Management: Capture, organize, track, and manage leads and customer relationships
• Communication Services: Send notifications, alerts, updates, and facilitate user communications
• Customer Support: Provide technical support, resolve issues, and maintain customer relationships

3.2 Legal Compliance and Risk Management

• Regulatory Compliance: Comply with applicable laws, regulations, industry standards, and legal obligations
• Audit and Record Keeping: Maintain comprehensive records for legal, tax, and regulatory purposes
• Fraud Prevention: Detect, prevent, and investigate fraudulent activities and security threats
• Risk Assessment: Evaluate and mitigate business risks, credit risks, and operational risks
• Legal Proceedings: Defend legal claims, enforce our rights, and participate in legal proceedings
• Regulatory Reporting: Provide information to regulatory authorities when legally required

3.3 Business Operations and Improvement

• Analytics and Insights: Analyze usage patterns, user behavior, and platform performance
• Product Development: Improve existing features, develop new capabilities, and enhance user experience
• Marketing and Promotion: Send marketing communications, promotional offers, and business updates
• Business Intelligence: Generate reports, conduct research, and make data-driven business decisions
• Quality Assurance: Monitor service quality, conduct testing, and ensure platform reliability
• Capacity Planning: Plan infrastructure needs, optimize resource allocation, and scale services

4. Information Sharing, Disclosure, and Legal Protections

4.1 Authorized Service Providers and Business Partners

We may share your information with carefully vetted third-party service providers who are contractually bound to protect your information and use it solely for authorized purposes:

• Cloud Infrastructure: AWS (Cognito, EC2, RDS, S3) for authentication, hosting, database, and storage services
• Payment Processing: Stripe for secure payment processing, billing management, and financial transactions
• Communication Services: Resend for email delivery, notifications, and communication management
• Security Services: Security monitoring, threat detection, and fraud prevention services
• Analytics and Monitoring: Performance monitoring, usage analytics, and business intelligence services
• Customer Support: Help desk, ticketing systems, and customer service platforms
• Marketing Services: Email marketing, campaign management, and promotional services (with consent)
• Legal and Compliance: Legal counsel, compliance monitoring, and regulatory reporting services

4.2 Legal Compliance and Regulatory Requirements

We may disclose your information when legally required or necessary to protect our rights and interests:

• Legal Process: In response to valid court orders, subpoenas, warrants, or other legal process
• Regulatory Compliance: To comply with applicable laws, regulations, or government requests
• Law Enforcement: To assist law enforcement agencies in investigations or criminal proceedings
• Legal Defense: To defend against legal claims, enforce our rights, or protect our interests
• Public Safety: To protect the safety, security, or rights of individuals or the public
• Regulatory Authorities: To financial, tax, or other regulatory authorities as required by law
• Audit Requirements: To independent auditors, accountants, or compliance officers

4.3 Business Transfers and Corporate Transactions

In the event of corporate transactions, your information may be transferred as part of business assets:

• Mergers and Acquisitions: Information may be transferred to acquiring or merged entities
• Asset Sales: Information may be included in the sale of business assets or divisions
• Corporate Restructuring: Information may be transferred during corporate reorganizations
• Bankruptcy Proceedings: Information may be transferred to bankruptcy trustees or creditors
• Investment Transactions: Information may be shared with investors or potential investors

4.4 User Consent and Authorization

We may share your information with your explicit consent or authorization:

• Explicit Consent: When you provide clear, informed consent for specific sharing purposes
• User Direction: When you explicitly request or direct us to share information
• Account Integration: When you authorize integration with third-party services or platforms
• Marketing Preferences: When you opt-in to receive communications from business partners
• Referral Programs: When you participate in referral or partnership programs

4.5 Aggregate and Anonymized Information

We may share aggregate, statistical, or anonymized information that cannot identify you personally:

• Market Research: Industry trends, usage statistics, and market analysis
• Business Intelligence: Performance metrics, user behavior patterns, and platform analytics
• Academic Research: Anonymized data for academic or research purposes
• Public Reporting: General statistics and platform performance data

5. Comprehensive Data Security and Protection Measures

5.1 Technical Security Measures

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit, and end-to-end encryption for sensitive communications
• Authentication: Multi-factor authentication (MFA), strong password policies, and secure session management
• Access Controls: Role-based access control (RBAC), principle of least privilege, and regular access reviews
• Network Security: Firewalls, intrusion detection systems (IDS), and network segmentation
• Application Security: Secure coding practices, regular security testing, and vulnerability management
• Infrastructure Security: Secure cloud architecture, regular security updates, and hardened systems
• Data Backup: Encrypted backups, disaster recovery procedures, and business continuity planning
• Monitoring: 24/7 security monitoring, threat detection, and incident response capabilities

5.2 Organizational Security Measures

• Security Policies: Comprehensive security policies, procedures, and guidelines
• Employee Training: Regular security awareness training and phishing simulation exercises
• Background Checks: Thorough background checks for employees with access to sensitive data
• Confidentiality Agreements: Strict confidentiality agreements and non-disclosure agreements
• Incident Response: Documented incident response procedures and breach notification protocols
• Regular Audits: Internal and external security audits and compliance assessments
• Vendor Management: Security assessments of third-party vendors and service providers
• Data Classification: Data classification and handling procedures based on sensitivity levels

5.3 Compliance and Standards

• Regulatory Compliance: Adherence to GDPR, CCPA, HIPAA (where applicable), and other privacy regulations
• Third-Party Audits: Regular third-party security assessments and penetration testing
• Industry Best Practices: Implementation of industry-standard security practices and procedures
• Continuous Improvement: Ongoing evaluation and enhancement of security measures

6. Data Retention and Legal Obligations

6.1 Retention Periods by Data Type

• Account Information: Retained while account is active plus 7 years after account closure for legal and audit purposes
• Transaction Data: Retained for 7 years after transaction completion for tax, accounting, and legal compliance
• E-Signature Documents: Retained according to applicable legal requirements (typically 3-7 years depending on jurisdiction)
• Communication Records: Retained for 3 years for customer service and legal purposes
• Security Logs: Retained for 2 years for security monitoring and incident investigation
• Analytics Data: Retained for 2 years for service improvement and business intelligence
• Marketing Data: Retained until consent is withdrawn or 3 years of inactivity
• Legal Proceedings: Retained indefinitely if relevant to ongoing or potential legal proceedings

6.2 Data Deletion and Right to Erasure

Upon request and subject to legal requirements, we will delete your personal information. However, certain information may be retained for legitimate business purposes:

• Legal Compliance: Information required to be retained by law or regulation
• Contractual Obligations: Information necessary to fulfill ongoing contractual obligations
• Legal Proceedings: Information relevant to ongoing or anticipated legal proceedings
• Fraud Prevention: Information necessary to prevent fraud or security threats
• Public Interest: Information retained for public health, safety, or other public interests
• Archived Backups: Information in archived backups may be retained until backup destruction cycle

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your personal information
• Portability: Request transfer of your data to another service
• Restriction: Request restriction of processing
• Objection: Object to certain types of processing
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device that help us:

• Remember your preferences and settings
• Authenticate your identity
• Analyze usage patterns and performance
• Provide personalized content

You can control cookie settings through your browser preferences. However, disabling cookies may affect the functionality of our Service.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

13. Legal Compliance and Regulatory Framework

This Privacy Policy is designed to comply with applicable data protection laws and regulations, including:

• European Union: General Data Protection Regulation (GDPR) and ePrivacy Directive
• United States: California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and other state privacy laws
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
• Industry Standards: Industry-standard security and privacy best practices
• E-Signature Laws: Electronic Signatures in Global and National Commerce Act (ESIGN), Uniform Electronic Transactions Act (UETA)
• Financial Regulations: Applicable financial services regulations and anti-money laundering laws

14. Legal Limitations and Disclaimers

14.1 Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY LAW, MERCAP SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, DATA, OR BUSINESS OPPORTUNITIES, ARISING FROM OR RELATED TO THE USE OF OUR SERVICE OR THIS PRIVACY POLICY.

14.2 Security Disclaimer

WHILE WE IMPLEMENT COMPREHENSIVE SECURITY MEASURES, NO SYSTEM IS COMPLETELY SECURE. YOU ACKNOWLEDGE AND ACCEPT THE INHERENT RISKS ASSOCIATED WITH ELECTRONIC DATA TRANSMISSION AND STORAGE. WE CANNOT GUARANTEE ABSOLUTE SECURITY OF YOUR INFORMATION.

14.3 Third-Party Services

OUR SERVICE MAY INCLUDE LINKS TO OR INTEGRATIONS WITH THIRD-PARTY SERVICES. WE ARE NOT RESPONSIBLE FOR THE PRIVACY PRACTICES OR CONTENT OF SUCH THIRD-PARTY SERVICES. YOUR USE OF THIRD-PARTY SERVICES IS AT YOUR OWN RISK.

14.4 Force Majeure

WE SHALL NOT BE LIABLE FOR ANY FAILURE OR DELAY IN PERFORMANCE DUE TO CIRCUMSTANCES BEYOND OUR REASONABLE CONTROL, INCLUDING BUT NOT LIMITED TO ACTS OF GOD, NATURAL DISASTERS, WAR, TERRORISM, GOVERNMENT ACTIONS, OR TECHNICAL FAILURES.

14.5 Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of [Jurisdiction], without regard to conflict of law principles. Any legal action or proceeding arising under this Policy shall be brought exclusively in the courts of [Jurisdiction].

15. Severability and Entire Agreement

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable, the remaining provisions shall remain in full force and effect. This Privacy Policy, together with our Terms of Service, constitutes the entire agreement between you and Mercap regarding privacy and data protection.