FeaturesFAQsPricing
Log in

Privacy Policy

Last updated on February 3, 2026.

Mercana Corporation ("Mercana," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and share personal information. This Privacy Policy describes our practices regarding personal data we collect, obtain, infer, or process about individuals ("you"), including information collected directly from you, from our business clients ("Clients"), or from publicly available sources, in connection with our website, data enrichment platform, and related services (the "Services").

This Privacy Policy applies to:

  • Individuals who interact directly with Mercana's website, products, or services;
  • Individuals whose personal information is provided to Mercana by Clients; and
  • Individuals whose personal information Mercana obtains from third-party data vendors, public sources, or other lawful sources, regardless of whether those individuals have had a direct relationship with Mercana.

If you are a direct user of our platform (for example, an employee of a Client organization), additional terms may apply.

Some individuals may visit Mercana's website solely because they have learned that Mercana maintains personal information about them and wish to understand or exercise their rights under applicable privacy laws. This Privacy Policy is intended to address those individuals directly, in addition to Clients and website users.

Your use of Mercana's Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Capitalized terms used but not defined in this Privacy Policy have the meanings given to them in the Terms of Use.

You may print a copy of this Privacy Policy by using your browser's print function.

1. Information We Collect

Mercana processes personal information from multiple sources in connection with its data enrichment, analytics, and related Services. The specific categories of information collected may vary depending on the Client, the nature of the Services provided, and the publicly available information associated with a given individual.

1.1 Information Provided by Our Clients

Our Clients (for example, e-commerce brands) provide us with their customer information obtained through purchases and interactions on their platforms, which may include:

  • Contact Information: First and last name, email address (including personal email addresses, where provided by the Client)
  • Location Data: Billing and shipping address, city, state, ZIP code, country
  • Transaction Information: Purchase history, order value, customer lifetime value, purchase frequency, payment card type, last four digits of payment card
  • Customer Identifiers: Customer ID, account information

The specific categories of information provided vary by Client and depend on the Client's platform and the nature of their customer interactions. We do not collect biometric data, salary or income information, phone numbers, professional license numbers, or similar professional identifiers from or on behalf of our Clients.

1.2 Information We Collect from Public Sources

To enhance customer profiles and provide better insights to Clients, we augment the personal information provided by our Clients with lawfully obtained, publicly available, and publicly accessible data, including information from publicly accessible web content (such as blogs, news articles, and publicly indexed web pages), professional networking platforms, government publications and public records (such as property records and census data), and publicly available search engine results. Categories of data collected from public sources include:

  • Professional Information: Job title, company name, industry, professional networking profiles, prior employers, job history, education
  • Public Social Profiles: Social media profiles and publicly shared content
  • Property and Location Data: Homeownership status (from public property records), estimated property values (derived from public data and third-party valuation sources), neighborhood demographics (from census and government data)
  • Business Information: Company size, revenue estimates, business type (for B2B customers)
  • Inferred Demographic Data: Estimated gender (where publicly indicated or reasonably inferred from publicly available information, such as pronouns used in public profiles) and estimated age (where publicly available)

We do not intentionally collect or enrich profiles with sensitive personal data such as race, ethnicity, religious beliefs, health information, sexual orientation, or political party affiliation or registration. To the extent that an individual's political affiliation may be incidentally apparent from publicly available information about their professional role (e.g., elected officials), Mercana does not systematically collect, categorize, or enrich for such data.

2. How We Use Your Information

We use the personal information we collect and enrich for the following purposes:

  • Customer Insights and Analytics: To provide Clients with deeper understanding of their customer base, including demographics, interests, and purchasing behavior
  • Personalization: To enable Clients to personalize marketing messages, product recommendations, and customer experiences
  • Segmentation: To help Clients identify and create customer segments for targeted marketing campaigns
  • Service Improvement: To improve, debug, and enhance our data enrichment algorithms, matching accuracy, and overall service quality. Where reasonably practicable, we use de-identified or aggregated data for these purposes; however, we may use identifiable personal information to the extent necessary to identify and resolve data quality issues
  • Compliance and Legal Obligations: To comply with legal requirements, respond to legal requests, and protect our rights

Legal Basis: Depending on the circumstances, Mercana will use different legal bases to process personal information. In some circumstances, Mercana processes personal information when required to do so by law, or if necessary to protect your interests, our interests, or the interests of a third party. Mercana may also process data when it is in Mercana's legitimate interests, provided that such interests are not overridden by the fundamental rights and freedoms of individuals. Examples of these legitimate interests include providing Services to Clients and operating our business.

3. How We Share Your Information

3.1 With Our Clients

We share enriched customer profiles with Clients who originally provided us with your information. Clients are the data controllers with respect to their customer data and are responsible for their own use of this information in accordance with their respective privacy policies.

Mercana does not sell personal information to, or share enriched customer profiles with, advertising networks, analytics providers, or any other third parties for their own independent use. Enriched profiles are provided exclusively to the Client that originally supplied the underlying customer data.

3.2 With Service Providers

We share personal information with third-party service providers who perform services on our behalf, including but not limited to:

  • Data enrichment and enhancement services
  • Web data collection for publicly available information
  • Business intelligence and public data aggregation
  • AI-powered data analysis and processing
  • Cloud database and data storage
  • Search infrastructure and indexing
  • Hosting, technology, and communication providers
  • Security and fraud prevention consultants

These service providers are contractually obligated to use personal information only as necessary to perform services on our behalf and in accordance with this Privacy Policy.

3.3 For Legal Reasons

We may disclose personal information if required to do so by law or in response to valid requests by public authorities (for example, a court or government agency), to protect our rights, property, or safety, to enforce an agreement with Clients, or to resolve disputes.

4. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law. In particular:

  • Enriched Customer Profiles: Retained for the duration of the Client relationship and updated periodically as new information becomes available. Data is deleted within thirty (30) days of subscription termination or upon earlier request.
  • Raw Third-Party Responses: Deleted immediately after processing and extracting relevant data
  • Opt-Out Records: Retained indefinitely to honor your privacy preferences
  • Privacy Audit Logs: Retained for twelve (12) months for compliance and regulatory purposes

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies and applicable laws.

5. Geographic Restrictions and Compliance

5.1 European Union (EU), Switzerland, and United Kingdom (UK)

Automatic Blocking: We do not currently offer enrichment services for EU, Swiss, or UK residents. If a Client submits EU/Swiss/UK customer data, we will not process it unless a valid legal basis has been established under the General Data Protection Regulation (GDPR). If you are an EU/Swiss/UK resident and believe your data was processed in error, please contact us immediately at privacy@mercana.so.

5.2 United States (CCPA/CPRA)

California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • Right to know what personal information we collect, use, and share
  • Right to request deletion of your personal information
  • Right to opt out of the "sale" or "sharing" of personal information, as those terms are defined under the CCPA/CPRA
  • Right to non-discrimination for exercising your rights

To exercise these rights, please submit a request through our opt-out and privacy rights portal at mercana.so/optout, or email us at privacy@mercana.so.

5.3 Canada (PIPEDA)

To the extent Mercana processes personal information of Canadian residents, we endeavor to comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). Canadian residents may access, correct, or request deletion of their personal information by contacting us at privacy@mercana.so.

5.4 US Military Addresses (APO/FPO/DPO)

Addresses with APO, FPO, or DPO designations are treated as United States jurisdiction for privacy compliance purposes.

6. Your Privacy Rights / Opting Out

Depending on where you are domiciled or located, individuals whose personal information is processed by Mercana — including individuals who do not have a direct relationship with Mercana — may have the following rights:

  • Right of Access: Request a copy of the personal information we hold about you
  • Right to Correction: Request correction of inaccurate or incomplete personal information
  • Right to Deletion: Request deletion of your personal information (subject to legal exceptions)
  • Right to Opt-Out: Opt out of data enrichment and sharing for targeted advertising purposes
  • Right to Data Portability: Receive your personal information in a structured, machine-readable format (JSON or CSV, where applicable)
  • Right to Object: Object to processing of your personal information for certain purposes
  • Right to Withdraw Consent: Withdraw consent for processing where consent was the legal basis

To exercise any of the rights described above, please submit a request through our opt-out and privacy rights portal at mercana.so/optout, or email us at privacy@mercana.so. We will respond to your request within the timeframes required by applicable law.

7. Data Security

We implement industry-standard technical and organizational security measures to protect personal information against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption: TLS 1.2+ for data in transit and AES-256 encryption for data at rest
  • Access Controls: Multi-factor authentication (MFA) for administrative access
  • Infrastructure Security: Cloud infrastructure hosted on SOC 2-compliant service providers
  • Network Security: Network segregation, firewalls, and intrusion detection systems
  • Security Audits: Regular vulnerability assessments and penetration testing
  • Employee Training: Annual security and privacy training for all staff
  • Incident Response: 24/7 monitoring and documented breach notification procedures

While we implement robust security measures, no method of transmission or storage is 100% secure. We will notify you and applicable authorities in accordance with applicable law in the event of a data breach.

8. Children's Privacy

Our Services are not directed to children under the age of 18, and we do not knowingly collect or solicit personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as quickly as possible. If you believe we have collected information from a child, please contact us at privacy@mercana.so.

9. Cookies and Tracking Technologies

The cookies and tracking technologies described in this section are used solely in connection with Mercana's own website and platform for Mercana's internal analytics and product improvement purposes. These technologies are not used to collect, enrich, or process end-consumer personal information on behalf of our Clients.

We use cookies, web beacons, and similar tracking technologies to provide and improve our Services, including:

  • Essential Cookies: Required for authentication, security, and core platform functionality. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with our platform. You can opt out via your browser settings.
  • Preference Cookies: Remember your settings and preferences for a better user experience.

You can manage cookie preferences through your browser settings or through our cookie consent banner. Disabling certain cookies may limit functionality. For more information about cookies and how to control them, visit www.allaboutcookies.org.

10. Business Transfers

All information that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

11. Third-Party Links

Our Services may contain links to third-party websites or services that are not operated or controlled by Mercana. This Privacy Policy does not apply to such third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services that you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page and update the "Last Updated" date. If we make material changes, we will provide additional notice as required by law, such as by email or through a prominent notice on our website or platform.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Inquiries: privacy@mercana.so
Legal Inquiries: legal@mercana.so
General Support: support@mercana.so
Postal Address:
Mercana Corporation
Attn: Privacy Team
New York, NY 10014, United States

For specific privacy rights requests (access, deletion, opt-out), please submit a request through our opt-out and privacy rights portal at mercana.so/optout, or email us at privacy@mercana.so. We will respond to all requests within the timeframes required by applicable law (typically 30–45 days).