Legal

Privacy Policy

Last updated: April 2026

This policy explains what data mercatorOS collects across mercatoros.com and all MercatorOS products (including creditOS), how that data is used, and what choices you have. We've written it to be readable, not to obscure anything.

Who we are

mercatorOS is the brand behind creditOS and this website. If you have questions about this policy, email us at support@mercatoros.com.

This policy covers two distinct contexts:

  • This website (mercatoros.com) — the marketing and documentation site you are reading now.
  • MercatorOS products — creditOS (Shopify app, WooCommerce plugin, API, and the MercatorOS dashboard) and any future products launched on the platform.

Part 1 — This website (mercatoros.com)

Analytics (only with your consent)

We use PostHog to understand how visitors use this site — which pages are visited, how long people stay, and where they come from. PostHog analytics only runs if you click Accept on the cookie banner. If you click Decline, no analytics data is collected. Your preference is stored in your browser's local storage and respected on every visit.

When analytics is active, PostHog may collect:

  • Pages visited and time spent
  • Referring URL
  • Browser type and approximate location (country/city, not precise)
  • Clicks and scroll depth

We do not collect names, email addresses, or personally identifying information through website analytics.

Contact and email

If you email us at support@mercatoros.com, we receive your email address and message. We use this only to respond to your enquiry. We do not add you to any mailing list without your explicit consent.

What we do not collect (website)

  • We do not run advertising pixels (Meta, Google Ads, etc.)
  • We do not sell data to third parties
  • We do not track you across other websites
  • We do not fingerprint your device

Cookies and local storage

This site uses one item of local storage:

  • mercatoros_cookie_consent — stores your Accept or Decline preference. No expiry — persists until you clear your browser storage.

If you accepted analytics, PostHog sets its own cookies. You can view PostHog's data practices at posthog.com/privacy.

This site may also load fonts from Google Fonts, which may transmit your IP address to Google's servers. Google's privacy policy applies: policies.google.com/privacy.

Part 2 — MercatorOS products (creditOS and future products)

When you install and use a MercatorOS product, we collect and process data necessary to provide the service. The specific data depends on the integration you use.

Account data

When you create a MercatorOS account or install the Shopify app or WooCommerce plugin, we collect:

  • Your name and business email address
  • Your organisation or store name
  • Billing information (processed securely; full card details are never stored by us)

Store and order data

To generate credit scores and risk assessments, creditOS reads transactional data from your connected store. This includes:

  • Order history, values, and payment statuses
  • Customer account records (business names, contact details your customers have provided to you)
  • Payment terms, outstanding balances, and dispute history

This data is processed on your behalf. You remain the data controller for your customers' personal data; mercatorOS acts as a data processor. You are responsible for ensuring you have appropriate legal grounds under applicable law (such as GDPR) to share your customers' data with us for processing.

API usage data

If you access MercatorOS products via API, we log request metadata (timestamps, endpoints called, response codes) for security, debugging, and rate-limiting purposes. We do not log full request payloads by default.

How we use product data

  • To provide the service — generating credit scores, enforcing tier policies, and surfacing insights in the dashboard.
  • To improve the service — understanding usage patterns to make the product better. This is done in aggregate; individual customer data is not used to train models shared across accounts.
  • To communicate with you — sending transactional emails (invoices, security alerts, product updates). You can opt out of non-transactional communications at any time.
  • For security and fraud prevention — detecting and preventing misuse of the platform.

Data retention (product data)

  • Active account data is retained for the duration of your subscription.
  • After cancellation, your configuration and scoring history is retained for 90 days to allow reactivation, then deleted.
  • Billing records are retained for 7 years as required by applicable accounting law.
  • You may request earlier deletion at any time (see Your Rights below).

Sub-processors

We use trusted third-party services to operate MercatorOS products, including cloud infrastructure, payment processing, and transactional email. These sub-processors are bound by data processing agreements and may not use your data for their own purposes. Contact us at support@mercatoros.com for our current sub-processor list.

Your rights

Depending on your jurisdiction, you may have the following rights regarding personal data we hold about you:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a portable format
  • Withdraw consent — withdraw consent for analytics or marketing at any time
  • Object — object to certain types of processing

To exercise any right, email support@mercatoros.com. We will respond within 30 days. We may need to verify your identity before processing the request.

If you are in the European Economic Area or United Kingdom, you also have the right to lodge a complaint with your local supervisory authority.

Changing your website analytics preference

To withdraw consent or change your website analytics choice, clear your browser's local storage for mercatoros.com. The cookie banner will reappear on your next visit.

In Chrome: DevTools → Application → Local Storage → mercatoros.com → delete mercatoros_cookie_consent.

Changes to this policy

If we make material changes, we will update the "Last updated" date above and notify active subscribers by email. Continued use of our services after changes constitutes acceptance of the updated policy.