MerchSignal MerchSignal

Privacy Policy

Last updated: December 8, 2025

This Privacy Policy explains how MerchSignal (“we,” “us,” or “our”) collects, uses, and protects information in connection with:

  • our website at https://merchsignal.com (the “Site”);
  • the MerchSignal Chrome extension (the “Extension”); and
  • related services, apps, and support (collectively, the “Services”).

By using the Services, you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1) Who we are & how to contact us

Controller: MerchSignal
Contact form: https://merchsignal.com/contact/
Support email: support@merchsignal.com

2) What we collect

We aim to collect the minimum information necessary to provide the Services.

2.1 Account & billing data (Site)

  • Account details you provide (name, email, password—hashed), plan, and settings.
  • Billing/subscription data is processed by payment providers (e.g., PayPal or a merchant-of-record). We receive limited transactional metadata (status, plan, timestamps), not full card details.

2.2 Service usage & device data

  • Basic device/browser information, language, and approximate region (from IP) for security/abuse prevention.
  • Logs and event telemetry tied to feature usage (e.g., “Reverse ASIN scan used,” error codes). We do not build marketing profiles from this.

2.3 Content you submit

  • Queries/keywords you run, optional uploads you choose to send us, and support tickets you submit.

2.4 Chrome extension — web-content access (important)

  • The Extension reads page content only on Amazon domains you open to provide visible, user-requested features (examples: keyword suggestions, counts, CSV export).
  • Processing is on-device; limited checks for membership/usage limits or configuration may contact https://merchsignal.com (and required subdomains such as api/cdn) over HTTPS.
  • Host scope: the Extension communicates with amazon.* domains you open and with merchsignal.com (api/cdn) only.
  • Offscreen note: the Extension may temporarily create an offscreen document (e.g., to render an image/design export via canvas) after a user action. It is closed immediately after the task completes. No media capture, background polling, or analytics are performed there.

We do not collect: your browsing history; keystrokes; mouse movements; content from non-Amazon sites; credit-worthiness data; or sensitive categories.
Downloads are always user-initiated (e.g., CSV/design export). We do not run automatic/background downloads.

2.5 Cookies & similar technologies (Site)

  • Essential cookies for authentication and session continuity.
  • Optional, privacy-respecting analytics (no cross-site advertising trackers) to understand reliability and feature usage.

3) Why we use information (purposes)

  • Provide the Services: render Extension overlays, run scans/keywords, export CSVs, manage your account/plan.
  • Security & abuse prevention: prevent misuse and protect our users.
  • Support & communications: respond to requests; send service notices (e.g., plan status, critical updates).
  • Improvement: debug issues, measure reliability, enhance features.
  • Compliance: meet legal, tax, and regulatory requirements.

4) Legal bases (EEA/UK only)

  • Contract – to provide Services you requested.
  • Legitimate interests – security, service improvement, troubleshooting.
  • Consent – where required (e.g., optional analytics or BYOK connections).
  • Legal obligation – record-keeping and compliance duties.

5) Sharing & processors

We do not sell personal information. We share information only with:

  • Service providers acting on our behalf, under contract, for hosting, storage, email/support, payments, analytics, and optional data sources (e.g., Keepa, DataForSEO, AI model providers such as OpenAI or Ideogram if you enable those features).
  • Payment & billing partners (e.g., PayPal or a merchant-of-record) to process subscriptions and detect fraud.
  • Legal/compliance where required by law or to protect rights, safety, and integrity.

6) Chrome Web Store “Limited Use”

We use data only for the purposes disclosed in this Policy and closely related to the Extension’s single purpose. We do not sell personal information and do not use data for creditworthiness or unrelated advertising. Our use of information adheres to the Chrome Web Store User Data Policy, including Limited Use requirements.

7) International transfers

We may process information in countries outside your own. Where required, we use appropriate safeguards (such as Standard Contractual Clauses).

8) Retention

  • Account data: retained while your account is active. Upon deletion, we delete or anonymize within ~90 days, unless law requires longer retention.
  • Operational logs/telemetry: typically 30–180 days for reliability and security, then deleted or aggregated.
  • Backups: cycled on a rolling schedule and purged according to our disaster-recovery policy.
  • Local storage (Extension): preferences/flags and any BYOK API keys you choose to enter are stored locally in your browser and used only to call the provider you enabled. Remove the extension or clear browser storage to delete them.

9) Security

We use reasonable technical and organizational measures (encryption in transit, access controls, monitoring). No method is 100% secure; please use strong passwords and keep your devices updated.

10) Your rights & choices

Depending on your region, you may have rights to:

  • Access, correct, or delete your information
  • Export your data (portability)
  • Object to/restrict certain processing
  • Withdraw consent where processing is based on consent

How to exercise rights / delete your data:
Email support@merchsignal.com with the subject “Delete my account” (or use the contact form). We’ll verify your request and delete/anonymize account-linked data within ~30 days unless law requires retention. For Extension local data, remove the extension or clear browser storage.

California (CPRA) disclosures:

  • Do Not Sell or Share: We do not sell or share personal information for cross-context behavioral advertising.
  • Sensitive data: We do not use sensitive personal information to infer characteristics.

11) Children’s privacy

The Services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect information from children. If you believe we have collected such information, please contact us to delete it.

12) Cookies & analytics details (Site)

  • Essential: authentication/session, security.
  • Analytics: limited to measuring reliability and feature usage; no cross-site advertising trackers. You can block analytics via your browser. Essential cookies are required for login and preferences.

13) Third-party links & sites

The Services may link to third-party sites. Their privacy practices are governed by their own policies.

14) Changes to this Policy

We may update this Policy from time to time. We will change the “Last updated” date and, where appropriate, provide additional notice (e.g., email or in-app).

15) How to contact us

Questions or requests: https://merchsignal.com/contact/ or support@merchsignal.com.

Annex A — Chrome Web Store Data Disclosure (summary)

Personal or sensitive user data collected via the Extension? No (we do not collect personal data via the Extension).
Web content handled? Yes—only on Amazon pages the user opens, to deliver user-requested features; processed on-device.
Data encrypted in transit? Yes (HTTPS).
Data deletion method? Account deletion on request; on-device Extension data is controlled by the user and cleared by uninstalling or resetting browser storage.
Limited Use compliance? Yes.