Merchat

Privacy Policy

Last updated: June 2026

1. Introduction

Welcome to Merchat. Merchat ("we", "our", or "us") is a multi-tenant WhatsApp commerce platform operated by Merchat, located in Mangalore, Karnataka, India. We are committed to protecting your privacy and ensuring the security of your data.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, catalog browsing data, and communication records when you use our platform, storefronts, and WhatsApp-enabled services. This policy is designed to comply with India's Digital Personal Data Protection Act (DPDPA), 2023 and other applicable data protection regulations.

2. Information We Collect

To provide our Starter tier features and AI-powered WhatsApp showroom experience, we collect information across different touchpoints:

  • Personal Information: Name, phone number, email address, and billing information (for merchants registering through Clerk authentication).
  • WhatsApp Conversation Data: The message content, attachments, and timestamps of chats between end-customers and our AI shopping assistant.
  • Catalog Browsing Behavior: Anonymous click and view tracking of products shown inside WhatsApp or on the public brands directory to optimize the recommendation algorithms.
  • Optional Delivery Addresses: Shipping details shared voluntarily by end-customers via post-cart WhatsApp Flows (Without Endpoint mode) to enrich merchant lead entries.
  • Technical Device & Browser Info: IP address, browser type, operating system, and session logs gathered when merchants interact with our admin dashboard.

3. How We Use Your Information

We use the collected information for the following business purposes:

  • To operate and maintain our AI shopping assistant on your designated WhatsApp number.
  • To capture customer inquiries as structured leads and deliver real-time push notifications and dashboard alerts to merchants.
  • To facilitate catalog management and show merchant storefront products to end-customers.
  • To compile aggregate, anonymized usage statistics and service performance reports.
  • To detect, prevent, and address technical issues or fraudulent activities.

4. Data Sharing and Disclosure

We value tenant isolation and strict confidentiality. We do not sell or trade your data.

  • Tenant Isolation: Customer and lead data is strictly partitioned. A merchant only sees their own customers and conversation histories; no cross-brand data sharing or training occurs.
  • Third-Party Service Providers: We share necessary data with trusted partners to run our service:
    • Meta (WhatsApp API): To transmit messaging content and execute interactive user flows.
    • Clerk: To manage merchant authentication and secure staff account access.
    • Google Cloud Platform (GCP): To securely host database instances and host server infrastructure.

5. Data Storage & Security

Our core database operates on Google Cloud Firestore. All data is encrypted at rest and in transit. Access controls are applied programmatically to enforce strict tenant scoping. However, please note that no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Cookies & Local Storage

We use essential session management cookies to keep merchants logged in (via Clerk) and temporary local storage (`localStorage`) on the client side for user interface preferences (such as remembering cookie consent settings). We do not employ third-party advertising trackers or behavioral profiling cookies on our primary domain or storefronts.

7. Data Retention

We retain merchant account information and WhatsApp conversation records for the duration of the subscription service. Upon deletion request or account termination, we will delete or anonymize all associated customer data within a reasonable period, subject to statutory retention obligations under Indian law.

8. Your Rights (DPDPA compliance)

Under India's Digital Personal Data Protection Act, 2023, you have rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we process.
  • Right to Correction and Erasure: Rectify inaccurate details or request deletion of data that is no longer required.
  • Right to Withdraw Consent: Revoke consent previously granted for data processing.
  • Right to Grievance Redressal: Submit complaints regarding data usage to our Grievance Officer.

9. Grievance Officer

If you have any grievances, concerns, or requests regarding this Privacy Policy, please contact our designated Grievance Officer:

Grievance Redressal Officer

Email: contact@merchat.in

Address: Mangalore, Karnataka, India

10. Changes to This Policy

We may revise this Privacy Policy periodically to reflect shifts in regulatory compliance or product features. The date at the top indicates when the last updates took effect. We encourage you to review this page regularly.

11. Contact Us

If you have any questions or feedback regarding these policies, please reach out to us at contact@merchat.in.

Registered Address: C/O Babu Salian, 1-180-2, Darkhasu House, Navoor Halegate, Navoor, Dakshina Kannada, Karnataka - 574211