Mercle App Privacy Policy

 

Effective Date: September 16, 2025

This Privacy Policy (“Policy”) explains how Mercle (“Mercle,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal information in connection with our mobile application, website(s), products, and services (collectively, the “Service”). By accessing or using the Service, you acknowledge that you have read and understood this Policy.

Geographic Scope. The Service is not offered to or intended for residents of Africa or Europe (including, without limitation, the European Union/EEA, the United Kingdom, and Switzerland) until further notice. If you are located in, or are a resident of, any country in Africa or Europe, you must not access or use the Service.

If you do not agree with this Policy, do not use the Service.

 

1) Key Principles

  • User-provided, not scraped. We do not compile profiles about other individuals from public sources. We create a profile only for the signed-in user, based on information you provide or connect within the Service.
  • Biometric restraint. We capture camera frames solely to perform a face liveness check and compute a non-reversible face embedding (together, “Face Data”). Raw camera frames are discarded immediately after processing. We do not collect iris data.
  • Limited retention. We retain the face embedding and liveness results for 90 days, after which they are automatically deleted, unless a longer period is required by law or to resolve disputes. You may request earlier deletion at any time.
  • Non-custodial wallets. Wallet connections are read-only and non-custodial. We will never request your seed phrase or private keys, and we cannot move your funds.
  • No sale or tracking ads. We do not sell your personal information and we do not use your data for cross-app or cross-website behavioral advertising.

 

2) Definitions

  • “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked with an individual, such as a phone number, wallet public key, or certain device identifiers.
  • “Face Data” means a non-reversible mathematical representation (embedding) derived from images captured during a liveness check, plus the liveness outcome and associated timestamps or audit logs. Face Data is treated as sensitive personal information.
  • “Process/Processing” means any operation performed on personal information, such as collection, use, storage, disclosure, transmission, or deletion.
  • “Service” means the Mercle mobile application, website(s), APIs, and related offerings.

3) Information We Collect

 

3.1 Information You Provide

  • Account & Contact. Phone number (for OTP verification), country code, and any communications you send to support.
  • Wallet Connection (optional). Your wallet public address(es) and explicit signatures you approve (e.g., a login nonce to prove address ownership). We never ask for private keys or seed phrases.
  • In-App Actions. Actions such as initiating liveness, completing verification, claiming rewards, opening loot boxes, or adjusting settings.

3.2 Information Collected via Devices

  • Camera Access (for liveness). During liveness only, we access the camera to collect images sufficient to (i) confirm you are a real person and (ii) compute a non-reversible face embedding. We do not collect or store iris data. Raw camera frames are discarded immediately after processing.
  • Device & Diagnostics. Device model, OS version, language/locale, app version, crash logs, and basic performance telemetry used to maintain and improve the Service.
  • Local Storage. The app may store tokens and preferences on your device to maintain session continuity.

3.3 Information From Third Parties

We may receive limited information from service providers who support secure hosting, error reporting, or messaging. We do not use third-party vendors to provide face recognition for advertising or unrelated purposes, and we do not purchase data from brokers to build profiles.

 

4) How We Use Personal Information

 

We use personal information to:

  1. Provide the Service. Operate essential features (OTP login, liveness verification, rewards, profile for the signed-in user).
  2. Authenticate and Prevent Abuse. Verify that the person using the app is real (liveness) and guard against duplicate or fraudulent accounts.
  3. Rewards and Features. Attribute rewards to the correct user and enable wallet-related functionality that you initiate.
  4. Improve and Secure the Service. Monitor performance, fix bugs, analyze reliability, and enhance user experience.
  5. Communicate with You. Respond to requests, provide updates, and furnish support.

We do not use Face Data or wallet information for advertising, data brokerage, or to create profiles about other people.

 

5) Face Data: Notice, Use, Retention, and Deletion

 

5.1 Notice and Consent

 

Before liveness begins, the app notifies you and requests permission to use the camera. By proceeding, you consent to the capture of camera frames solely for liveness determination and the creation of a non-reversible face embedding.

 

5.2 Collection and Use

  • Collection- Only during liveness, the app captures images to verify that a live person is present and to compute a face embedding.
  • Use- Face Data is used only for: (a) Liveness verification (anti-spoofing) (b) 1-to-N uniqueness matching ( also 1-1 matching for confirming the same user later). We do not use Face Data for ads or cross-service profiling.

5.3 Storage and Sharing

  • Raw frames: Discarded immediately after processing; we do not store raw photos or videos from liveness.
  • Embedding & liveness result: Stored securely and in encrypted manner. Access is limited to authorized systems for the purposes in this Policy.
  • No third-party face vendors for ads or unrelated processing. We do not sell Face Data and do not disclose it to data brokers.

5.4 Retention and Deletion

  • Retention. The face embedding and liveness outcome are retained for 90 days to enable re-authentication and to prevent abuse or duplicate accounts, after which they are automatically deleted, unless we are required to retain them longer to comply with law or to resolve disputes. After the deletion of face embeddings, they are stored in encrypted form, which even we don’t have access to, everything happens inside TEEs.
  • Your Controls. You may request immediate deletion of Face Data at any time via Settings → Privacy → Delete Account or by contacting support@mercle.xyz. Deletion requests are honored unless retention is required by law or for security purposes (e.g., ongoing fraud investigation).

6) Wallet Connection

Connecting a wallet is non-custodial and read-only. We see your public address and receive explicit signatures that you affirm in your wallet interface (for example, to sign a login nonce). We cannot access or move funds, and we will never request your seed phrase or private keys. You may disconnect your wallet at any time in Settings. Wallet information is used to attribute rewards and to enable features you initiate; it is not used to build profiles of other people or to track you across third-party services.

 

7) What We Do Not Do

  • We do not compile or enrich profiles about other individuals from public sources (such as social networks, block explorers, or other public databases).
  • We do not sell personal information.
  • We do not use your information for cross-app or cross-website targeted advertising.
  • We do not request, store, or ever ask you to reveal your seed phrase or private keys.

8) Disclosures to Service Providers and Others

We may disclose personal information to:

  • Service Providers (Processors). Vendors that provide hosting, security, error logging, messaging, or customer support, restricted by contract to use personal information only to provide services to us, and subject to confidentiality and security obligations.
  • Legal, Safety, and Compliance. Law enforcement, regulators, or other parties when required by applicable law, valid legal process, or to protect the rights, safety, and security of users, our systems, or others.
  • Business Transactions. Successors or affiliates in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy or a policy no less protective.

9) Security

We implement administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption in transit, access controls, least-privilege permissions, and vulnerability management practices. No method of transmission or storage is perfectly secure; if we learn of a security incident affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

 

10) Retention Schedule

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law.

  • Face Data. Raw camera frames are discarded immediately after processing. The face embedding and liveness outcome are retained for 90 days, then automatically deleted, unless a longer period is required to comply with legal obligations or to resolve disputes.
  • Account & Wallet Data. Retained for the life of your account. If you delete your account, we will delete or de-identify personal information within a commercially reasonable period (typically within 30 days), unless retention is required for legal, security, or anti-fraud purposes.
  • Support Communications and Logs. Retained for a period consistent with business needs and legal requirements, then deleted or de-identified.

11) Your Choices and Rights

  • Access, Correction, Deletion. You may request access to, correction of, or deletion of your personal information by contacting support@mercle.xyz .
  • Biometric Deletion. You may delete Face Data at any time via Settings → Account Settings → Delete Account Data or by contacting support.
  • Wallet Disconnect. You may disconnect a wallet in Settings at any time.
  • Opt-Out of Non-Essential Communications. You may opt out of non-essential communications by following in-app prompts or contacting support.

 

Because the Service is not offered to residents of Africa or Europe, rights specific to those jurisdictions (e.g., GDPR/UK GDPR) are not addressed here. If you nonetheless access the Service from a restricted location, you do so contrary to our geographic restriction, and we may disable access and delete your account consistent with this Policy.

 

12) Children’s Privacy

The Service is not intended for children under 13 years of age (or older, if the laws of your jurisdiction require a higher age). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact support@mercle.xyz and we will take appropriate steps to remove such information and terminate the account.

 

13) Third-Party Sites and Services

The Service may contain links to third-party websites or services (including external wallet applications). We are not responsible for the privacy or security practices of such third parties. Review the privacy policies of those services before providing personal information.

 

14) International Transfers

We may process and store personal information in countries where we or our service providers maintain facilities. Those countries may have privacy laws that differ from those in your jurisdiction. By using the Service (outside Africa and Europe), you acknowledge such transfers and processing. We implement appropriate safeguards designed to protect your personal information consistent with this Policy.

 

15) Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Effective Date” above and, where appropriate, provide additional notice (e.g., in-app notice). Your continued use of the Service after the updated Policy becomes effective constitutes your acceptance of the changes.

 

16) Contact UsIf you have questions about this Policy or our privacy practices, please contact us. We will respond within a reasonable time.

Email: support@mercle.xyzSupport Page: https://mercle.ai/support

 

Mercle App Privacy Policy

 

Effective Date: September 16, 2025

This Privacy Policy (“Policy”) explains how Mercle (“Mercle,” “we,” “our,” or “us”) collects, uses, discloses, and protects personal information in connection with our mobile application, website(s), products, and services (collectively, the “Service”). By accessing or using the Service, you acknowledge that you have read and understood this Policy.

Geographic Scope. The Service is not offered to or intended for residents of Africa or Europe (including, without limitation, the European Union/EEA, the United Kingdom, and Switzerland) until further notice. If you are located in, or are a resident of, any country in Africa or Europe, you must not access or use the Service.

If you do not agree with this Policy, do not use the Service.

 

1) Key Principles

  • User-provided, not scraped. We do not compile profiles about other individuals from public sources. We create a profile only for the signed-in user, based on information you provide or connect within the Service.
  • Biometric restraint. We capture camera frames solely to perform a face liveness check and compute a non-reversible face embedding (together, “Face Data”). Raw camera frames are discarded immediately after processing. We do not collect iris data.
  • Limited retention. We retain the face embedding and liveness results for 90 days, after which they are automatically deleted, unless a longer period is required by law or to resolve disputes. You may request earlier deletion at any time.
  • Non-custodial wallets. Wallet connections are read-only and non-custodial. We will never request your seed phrase or private keys, and we cannot move your funds.
  • No sale or tracking ads. We do not sell your personal information and we do not use your data for cross-app or cross-website behavioral advertising.

 

2) Definitions

  • “Personal Information” means information that identifies, relates to, describes, or could reasonably be linked with an individual, such as a phone number, wallet public key, or certain device identifiers.
  • “Face Data” means a non-reversible mathematical representation (embedding) derived from images captured during a liveness check, plus the liveness outcome and associated timestamps or audit logs. Face Data is treated as sensitive personal information.
  • “Process/Processing” means any operation performed on personal information, such as collection, use, storage, disclosure, transmission, or deletion.
  • “Service” means the Mercle mobile application, website(s), APIs, and related offerings.

3) Information We Collect

 

3.1 Information You Provide

  • Account & Contact. Phone number (for OTP verification), country code, and any communications you send to support.
  • Wallet Connection (optional). Your wallet public address(es) and explicit signatures you approve (e.g., a login nonce to prove address ownership). We never ask for private keys or seed phrases.
  • In-App Actions. Actions such as initiating liveness, completing verification, claiming rewards, opening loot boxes, or adjusting settings.

3.2 Information Collected via Devices

  • Camera Access (for liveness). During liveness only, we access the camera to collect images sufficient to (i) confirm you are a real person and (ii) compute a non-reversible face embedding. We do not collect or store iris data. Raw camera frames are discarded immediately after processing.
  • Device & Diagnostics. Device model, OS version, language/locale, app version, crash logs, and basic performance telemetry used to maintain and improve the Service.
  • Local Storage. The app may store tokens and preferences on your device to maintain session continuity.

3.3 Information From Third Parties

We may receive limited information from service providers who support secure hosting, error reporting, or messaging. We do not use third-party vendors to provide face recognition for advertising or unrelated purposes, and we do not purchase data from brokers to build profiles.

 

4) How We Use Personal Information

 

We use personal information to:

  1. Provide the Service. Operate essential features (OTP login, liveness verification, rewards, profile for the signed-in user).
  2. Authenticate and Prevent Abuse. Verify that the person using the app is real (liveness) and guard against duplicate or fraudulent accounts.
  3. Rewards and Features. Attribute rewards to the correct user and enable wallet-related functionality that you initiate.
  4. Improve and Secure the Service. Monitor performance, fix bugs, analyze reliability, and enhance user experience.
  5. Communicate with You. Respond to requests, provide updates, and furnish support.

We do not use Face Data or wallet information for advertising, data brokerage, or to create profiles about other people.

 

5) Face Data: Notice, Use, Retention, and Deletion

 

5.1 Notice and Consent

 

Before liveness begins, the app notifies you and requests permission to use the camera. By proceeding, you consent to the capture of camera frames solely for liveness determination and the creation of a non-reversible face embedding.

 

5.2 Collection and Use

  • Collection- Only during liveness, the app captures images to verify that a live person is present and to compute a face embedding.
  • Use- Face Data is used only for: (a) Liveness verification (anti-spoofing) (b) 1-to-N uniqueness matching ( also 1-1 matching for confirming the same user later). We do not use Face Data for ads or cross-service profiling.

5.3 Storage and Sharing

  • Raw frames: Discarded immediately after processing; we do not store raw photos or videos from liveness.
  • Embedding & liveness result: Stored securely and in encrypted manner. Access is limited to authorized systems for the purposes in this Policy.
  • No third-party face vendors for ads or unrelated processing. We do not sell Face Data and do not disclose it to data brokers.

5.4 Retention and Deletion

  • Retention. The face embedding and liveness outcome are retained for 90 days to enable re-authentication and to prevent abuse or duplicate accounts, after which they are automatically deleted, unless we are required to retain them longer to comply with law or to resolve disputes. After the deletion of face embeddings, they are stored in encrypted form, which even we don’t have access to, everything happens inside TEEs.
  • Your Controls. You may request immediate deletion of Face Data at any time via Settings → Privacy → Delete Account or by contacting support@mercle.xyz. Deletion requests are honored unless retention is required by law or for security purposes (e.g., ongoing fraud investigation).

6) Wallet Connection

Connecting a wallet is non-custodial and read-only. We see your public address and receive explicit signatures that you affirm in your wallet interface (for example, to sign a login nonce). We cannot access or move funds, and we will never request your seed phrase or private keys. You may disconnect your wallet at any time in Settings. Wallet information is used to attribute rewards and to enable features you initiate; it is not used to build profiles of other people or to track you across third-party services.

 

7) What We Do Not Do

  • We do not compile or enrich profiles about other individuals from public sources (such as social networks, block explorers, or other public databases).
  • We do not sell personal information.
  • We do not use your information for cross-app or cross-website targeted advertising.
  • We do not request, store, or ever ask you to reveal your seed phrase or private keys.

8) Disclosures to Service Providers and Others

We may disclose personal information to:

  • Service Providers (Processors). Vendors that provide hosting, security, error logging, messaging, or customer support, restricted by contract to use personal information only to provide services to us, and subject to confidentiality and security obligations.
  • Legal, Safety, and Compliance. Law enforcement, regulators, or other parties when required by applicable law, valid legal process, or to protect the rights, safety, and security of users, our systems, or others.
  • Business Transactions. Successors or affiliates in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy or a policy no less protective.

9) Security

We implement administrative, technical, and physical safeguards designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption in transit, access controls, least-privilege permissions, and vulnerability management practices. No method of transmission or storage is perfectly secure; if we learn of a security incident affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

 

10) Retention Schedule

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy or as required by law.

  • Face Data. Raw camera frames are discarded immediately after processing. The face embedding and liveness outcome are retained for 90 days, then automatically deleted, unless a longer period is required to comply with legal obligations or to resolve disputes.
  • Account & Wallet Data. Retained for the life of your account. If you delete your account, we will delete or de-identify personal information within a commercially reasonable period (typically within 30 days), unless retention is required for legal, security, or anti-fraud purposes.
  • Support Communications and Logs. Retained for a period consistent with business needs and legal requirements, then deleted or de-identified.

11) Your Choices and Rights

  • Access, Correction, Deletion. You may request access to, correction of, or deletion of your personal information by contacting support@mercle.xyz .
  • Biometric Deletion. You may delete Face Data at any time via Settings → Account Settings → Delete Account Data or by contacting support.
  • Wallet Disconnect. You may disconnect a wallet in Settings at any time.
  • Opt-Out of Non-Essential Communications. You may opt out of non-essential communications by following in-app prompts or contacting support.

 

Because the Service is not offered to residents of Africa or Europe, rights specific to those jurisdictions (e.g., GDPR/UK GDPR) are not addressed here. If you nonetheless access the Service from a restricted location, you do so contrary to our geographic restriction, and we may disable access and delete your account consistent with this Policy.

 

12) Children’s Privacy

The Service is not intended for children under 13 years of age (or older, if the laws of your jurisdiction require a higher age). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact support@mercle.xyz and we will take appropriate steps to remove such information and terminate the account.

 

13) Third-Party Sites and Services

The Service may contain links to third-party websites or services (including external wallet applications). We are not responsible for the privacy or security practices of such third parties. Review the privacy policies of those services before providing personal information.

 

14) International Transfers

We may process and store personal information in countries where we or our service providers maintain facilities. Those countries may have privacy laws that differ from those in your jurisdiction. By using the Service (outside Africa and Europe), you acknowledge such transfers and processing. We implement appropriate safeguards designed to protect your personal information consistent with this Policy.

 

15) Changes to This Policy

We may update this Policy from time to time. When we do, we will revise the “Effective Date” above and, where appropriate, provide additional notice (e.g., in-app notice). Your continued use of the Service after the updated Policy becomes effective constitutes your acceptance of the changes.

 

16) Contact UsIf you have questions about this Policy or our privacy practices, please contact us. We will respond within a reasonable time.

Email: support@mercle.xyzSupport Page: https://mercle.ai/support