Mercana SaaS Terms of Service and Data Processing Addendum
Version 1.0 – December 2025
These Terms form a binding contract between Mercana Corporation, a Delaware corporation ("Mercana," "we," "us") and the person or entity that creates an account or clicks "I agree" ("Customer," "you"). If you are accepting on behalf of a company, you represent that you have authority to bind that company.
"Service" means the Mercana software-as-a-service platform that helps identify and manage VIP customers through data enrichment, real-time alerts, and related analytics, including web applications, APIs, dashboards, integrations, and any hosted components.
"Customer Data" means data you or your authorized users submit to the Service, including customer identifiers, order history, contact information, and any content you upload or connect via integrations (such as Shopify or Klaviyo).
"Enriched Data" means the insights, scores, flags, VIP classifications, and enriched profiles generated by the Service from Customer Data using publicly available information.
"Usage Data" means data about configuration, performance, and usage of the Service, excluding Customer Data and Enriched Data.
"Publicly Available Information" means information that is lawfully accessible to the general public without requiring special access, passwords, or payment, including public social media profiles, professional networking sites, public records, and similar sources.
Capitalized terms not defined in this section have the meanings given in the DPA in Schedule A.
Subject to timely payment of Fees, Mercana grants you a non-exclusive, non-transferable right to access and use the Service for your internal business purposes during the Term.
The Service ingests your e-commerce customer data (via integrations such as Shopify and Klaviyo), enriches it with Publicly Available Information, and provides real-time alerts (via Slack, email, or other configured channels) and analytics to help you identify, engage, and retain high-value customers, including celebrities, influencers, athletes, entrepreneurs, and other VIP segments.
Plan features and limits are shown on the pricing page and at checkout or in the applicable Order Form. We may update plan limits and features on 30 days' email notice and the change will apply from your next renewal.
We may label some features as Beta or Preview. They are provided for evaluation, may change, and may be withdrawn without liability.
To ensure compliance with applicable privacy laws, the Service currently enriches customer profiles for individuals located in the United States and Canada. We do not enrich profiles for individuals located in the European Economic Area (EEA), United Kingdom, or other jurisdictions where enrichment without explicit consent may violate applicable law, unless you have obtained and documented appropriate consent and notify us in writing.
The Service is for business use by persons 18 years of age or older.
You must keep account credentials confidential, maintain accurate account and billing information, and comply with these Terms and the Acceptable Use provisions.
You may permit your employees and contractors to access the Service on your behalf, provided they are bound by terms at least as protective as these Terms. You are responsible for all activities conducted through your account.
If you enable integrations with third-party services (such as Shopify, Klaviyo, or Slack), their terms govern those services. We are not responsible for third-party services.
Fees are shown at checkout, on the pricing page, or in an Order Form. Unless stated otherwise, fees are charged in advance by credit card through Stripe and are non-refundable except as required by law.
New customers may receive a free trial or pilot period as specified at signup or in an Order Form. During the pilot period, the Service is provided "as is" without warranty, and our liability is limited to $1,000. Unless you terminate before the pilot period ends, your subscription will continue automatically and billing will begin in accordance with the applicable plan.
Subscriptions renew automatically for successive billing periods of the same duration as the initial term. You may cancel in the dashboard or by written notice at least 30 days before the end of the current period to avoid renewal.
We may change fees on 30 days' notice. New fees take effect at your next renewal.
Fees are exclusive of taxes. You are responsible for all applicable taxes, excluding taxes based on Mercana's net income.
Overdue amounts accrue interest at the lesser of 1.5% per month or the maximum permitted by law. We may suspend access if your account is more than 60 days past due.
You will not, and will not allow others to:
You are solely responsible for ensuring you have all necessary rights, permissions, and consents to provide Customer Data to us and to use the Service as contemplated by these Terms.
You retain all rights in Customer Data. We process Customer Data solely to provide the Service in accordance with your instructions.
You retain all rights in Enriched Data generated from your Customer Data. We grant you a perpetual, worldwide, non-exclusive license to use Enriched Data for your internal business purposes. For clarity, Enriched Data derived from your Customer Data is yours—we do not claim ownership of your enriched customer profiles.
We own the Service, documentation, methodologies, algorithms, and Usage Data, and all intellectual property rights therein. We grant you a limited right to use the documentation to support your use of the Service.
You grant Mercana a non-exclusive, worldwide, royalty-free license to use de-identified and aggregated information derived from Customer Data and Enriched Data to operate, secure, and improve the Service and to develop new features. Such de-identified and aggregated information will not identify you, your customers, or any natural person.
If you provide suggestions, ideas, or other feedback about the Service, you grant us a perpetual, royalty-free license to use such feedback without restriction or obligation to you.
"Confidential Information" means non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential, including business plans, pricing, technical information, Customer Data, and the terms of these Terms.
Each party will keep the other's Confidential Information confidential and use it only to perform under these Terms. Each party will use at least the same degree of care it uses to protect its own confidential information, but no less than reasonable care.
Confidential Information does not include information that: (a) is or becomes publicly available through no fault of the receiving party; (b) was rightfully known before receipt; (c) is rightfully received from a third party without restriction; or (d) is independently developed without use of Confidential Information.
Confidentiality obligations continue for 3 years after termination, except that obligations for trade secrets continue for as long as the information remains a trade secret.
We maintain industry-standard security measures including:
We will notify you without undue delay and in any event within 72 hours after becoming aware of a personal data breach affecting Customer Data, and will provide information reasonably necessary for you to meet your own notification obligations.
The Service operates with and uses APIs and services provided by third parties, including e-commerce platforms (such as Shopify), marketing platforms (such as Klaviyo), communication platforms (such as Slack), AI and language model providers, and data enrichment sources.
Except as expressly provided in these Terms, we are not responsible for the operation of any third-party services or the availability of the Service to the extent dependent on third-party services. We do not make any representations or warranties with respect to third-party services.
Where the Service uses third-party AI or large language model providers, we use only providers that agree to use Customer Data solely to provide their services (and not to train their models) and to keep such data confidential.
Email support is available at support@mercana.co. We target a first response within 1 business day.
We aim for 99.5% monthly uptime. This is a service goal, not a warranty or SLA. Scheduled maintenance, force majeure events, issues caused by your systems or the internet, and outages of third-party services are excluded. We will provide reasonable advance notice of planned maintenance where practicable.
Each party represents that it has the authority to enter into these Terms.
We will provide the Service in a professional and workmanlike manner.
EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION, THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." WE DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
ENRICHED DATA MAY CONTAIN INACCURATE OR INCOMPLETE INFORMATION. WE MAKE NO REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, OR RELIABILITY OF ENRICHED DATA. YOU AND YOUR END USERS ARE SOLELY RESPONSIBLE FOR ALL DECISIONS MADE AND ACTIONS TAKEN BASED ON USE OF THE SERVICE AND ENRICHED DATA.
THE SERVICE DOES NOT PROVIDE LEGAL, FINANCIAL, TAX, OR OTHER PROFESSIONAL ADVICE. YOU SHOULD CONSULT APPROPRIATE PROFESSIONALS FOR SUCH ADVICE.
You will indemnify, defend, and hold harmless Mercana and its officers, directors, employees, and agents from any third-party claims, damages, losses, and expenses (including reasonable attorneys' fees) arising from: (a) Customer Data or your use of the Service; (b) your breach of these Terms; (c) your violation of applicable law; or (d) your failure to obtain necessary consents or provide required notices.
We will indemnify, defend, and hold harmless you and your officers, directors, employees, and agents from any third-party claims that the Service, when used as permitted under these Terms, infringes a third party's intellectual property rights. We may, at our option, procure the right for you to continue using the Service, modify the Service to be non-infringing, or terminate the affected Service and provide a pro-rated refund. This obligation does not apply to claims arising from: (a) combinations of the Service with items not provided by Mercana; (b) your modifications to the Service; (c) Customer Data; or (d) your use of the Service in breach of these Terms.
Indemnification is conditioned on the indemnified party providing: (i) prompt written notice of the claim; (ii) sole control over the defense and settlement (provided no settlement imposes liability on the indemnified party without consent); and (iii) reasonable cooperation at the indemnitor's expense.
EXCEPT FOR EACH PARTY'S INDEMNIFICATION OBLIGATIONS AND CONFIDENTIALITY OBLIGATIONS ARISING FROM GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, EACH PARTY'S AGGREGATE LIABILITY ARISING FROM OR RELATED TO THESE TERMS SHALL NOT EXCEED THE FEES PAID OR PAYABLE BY CUSTOMER TO MERCANA IN THE TWELVE (12) MONTHS PRIOR TO THE EVENT GIVING RISE TO LIABILITY (THE "GENERAL LIABILITY CAP").
NOTWITHSTANDING THE FOREGOING, EITHER PARTY'S AGGREGATE LIABILITY ARISING FROM OR RELATED TO ANY DATA BREACH OR INFORMATION SECURITY INCIDENT SHALL NOT EXCEED TWO TIMES (2X) THE GENERAL LIABILITY CAP.
NEITHER PARTY SHALL BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR FOR LOSS OF PROFITS, REVENUE, GOODWILL, OR DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE LIMITATIONS IN THIS SECTION REFLECT THE ALLOCATION OF RISK BETWEEN THE PARTIES AND ARE AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THEM.
These Terms begin when you accept them and continue until terminated.
Either party may terminate a subscription by providing written notice at least 30 days before the end of the then-current subscription term.
Either party may terminate for material breach if the breach is not cured within 30 days after written notice (or 10 days for payment breaches).
We may suspend access immediately if we reasonably believe there is a security risk, unlawful activity, or material breach. We will lift the suspension promptly when the issue is resolved.
Upon termination: (a) your right to access the Service terminates; (b) you remain liable for any accrued fees; and (c) all provisions that by their nature should survive will survive, including ownership, confidentiality, indemnification, limitation of liability, and general provisions.
On request during the Term and for 30 days after termination, we will make Customer Data and Enriched Data available for export in a commonly used format. We will delete Customer Data within 30 days after termination and provide written confirmation upon request. Backup copies are overwritten within an additional 30 days unless law requires retention.
We may modify these Terms by posting a revised version and emailing notice at least 30 days before the change takes effect. Continued use after the effective date constitutes acceptance. If you do not agree to the modified Terms, you may terminate your subscription before the changes take effect.
Unless you opt out by emailing support@mercana.co, we may use your name and logo in customer lists and marketing materials. You may opt out at any time and we will cease new uses within a reasonable period.
Legal notices must be sent by email to legal@mercana.co (for notices to Mercana) and to the email address on your account (for notices to you). Notices are deemed given when sent.
You may not assign these Terms without our consent, except to an affiliate or in connection with a merger, acquisition, or sale of substantially all assets, with notice to us. We may assign to an affiliate or in connection with a corporate transaction.
Neither party is liable for delays or failures due to events beyond reasonable control, including acts of God, natural disasters, war, terrorism, riots, embargoes, acts of civil or military authorities, fire, floods, epidemics, power failures, or internet disruptions.
If any provision is held unenforceable, the remaining provisions remain in effect.
Failure to enforce any provision is not a waiver of future enforcement.
These Terms, together with any Order Form and the DPA, constitute the entire agreement between the parties regarding the Service and supersede all prior agreements and understandings.
In case of conflict: (1) an Order Form or master services agreement; (2) the DPA; (3) these Terms; (4) policies referenced in these Terms.
Nothing in these Terms creates a partnership, joint venture, or agency relationship.
In any action to enforce these Terms, the prevailing party is entitled to recover reasonable attorneys' fees and costs.
These Terms are governed by the laws of the State of Delaware, without regard to its conflicts of law principles. Any dispute will be resolved by binding arbitration in the English language in the State of Delaware under the JAMS rules. The decision of the arbitrator will be enforceable in any court of competent jurisdiction.
"Personal Data" means any information relating to an identified or identifiable natural person.
"Controller" means the party that determines the purposes and means of processing Personal Data.
"Processor" means the party that processes Personal Data on behalf of the Controller.
"Sub-processor" means a third party engaged by Mercana to process Personal Data on behalf of Customer.
"Personal Data Breach" means a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
"Data Protection Laws" means all applicable laws relating to data protection and privacy, including the GDPR, UK GDPR, and CCPA/CPRA.
Customer is the Controller and Mercana is the Processor with respect to Customer Personal Data. Mercana is the Controller for its own account, billing, and service improvement data.
Mercana will process Personal Data only on documented instructions from Customer, including as set out in this DPA and the Terms, unless required by applicable law. Customer's instructions include the provision of the Service as described in the Terms.
Customer is responsible for ensuring it has a lawful basis for processing Personal Data and for providing all necessary notices to and obtaining all required consents from data subjects.
Mercana ensures that personnel who process Personal Data are bound by confidentiality obligations.
Mercana will implement and maintain the technical and organizational security measures described in Annex II.
Mercana will notify Customer without undue delay and in any event within 72 hours after becoming aware of a Personal Data Breach affecting Customer Personal Data. Mercana will provide information reasonably necessary to assist Customer in meeting its breach notification obligations.
Customer authorizes Mercana to engage the Sub-processors listed in Annex III and any additional Sub-processors notified to Customer in advance.
Mercana will notify Customer at least 30 days before adding or replacing a Sub-processor. Customer may object to a new Sub-processor by written notice within 10 days. If the parties cannot agree on a resolution within 30 days, Customer may terminate the affected Service and receive a pro-rated refund.
Mercana will enter written agreements with Sub-processors imposing data protection obligations no less protective than those in this DPA.
Taking into account the nature of processing, Mercana will assist Customer in responding to data subject requests within 10 business days of receiving Customer's request.
Mercana will provide information reasonably necessary to assist Customer with data protection impact assessments and consultations with supervisory authorities as required by Data Protection Laws.
On request during the Term and for 30 days after termination, Mercana will make Customer Personal Data available for export. Mercana will delete Customer Personal Data within 30 days after termination and provide written confirmation upon request.
On written request no more than once per 12 months, Mercana will make available third-party audit reports, certifications, and penetration test summaries.
Transfers of Personal Data outside the EEA or UK will be protected by the EU Standard Contractual Clauses and, for UK transfers, the UK International Data Transfer Agreement or the UK Addendum to the EU SCCs, as applicable.
For Personal Information subject to the CCPA/CPRA, Mercana acts as a "service provider" or "contractor" and will not sell or share Personal Information or use it for any purpose other than providing the Service.
Email: legal@mercana.co
Support: support@mercana.co