Privacy Policy

Last updated: February 3, 2026

1. Introduction

Mermaid Agents ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service for provisioning AI agent identities. Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name, email address, and contact information
  • Organization/company information
  • Authentication credentials (managed by our identity provider, Clerk)
  • Role and permission settings within your organization

2.2 Know Your Business (KYB) Information

To comply with financial regulations, we collect:

  • Business registration documents and tax identification numbers
  • Beneficial owner information and identification documents
  • Business address and contact details
  • Bank account information for funding and withdrawals
  • Government-issued identification for authorized representatives

2.3 Avatar and Agent Activity Data

When you provision and operate AI agent avatars, we collect:

  • Avatar configuration and metadata
  • Email communications sent and received by avatars
  • SMS and voice communications associated with avatar phone numbers
  • Financial transactions including card purchases and bank transfers
  • Approval requests and responses
  • API calls and usage patterns

2.4 Technical Information

We automatically collect:

  • IP addresses and device identifiers
  • Browser type and operating system
  • Usage data and interaction logs
  • Error logs and performance metrics

3. How We Use Your Information

We use the collected information to:

  • Provide, maintain, and improve the Service
  • Process financial transactions and manage virtual cards and bank accounts
  • Verify your identity and comply with KYC/KYB requirements
  • Enable email and phone communications for your AI agents
  • Process approval requests and maintain audit trails
  • Detect, prevent, and respond to fraud and security incidents
  • Comply with legal obligations and regulatory requirements
  • Communicate with you about the Service, updates, and support
  • Analyze usage patterns to improve the Service
  • Enforce our Terms of Use

4. AI Agent Data and Human Oversight

Our Service is designed for human-supervised AI agents. Regarding agent data:

  • Human Access: All data generated by AI agent activities is accessible to the human operators (you and your authorized team members) who control those agents.
  • Audit Trails: We maintain comprehensive logs of all agent activities for compliance, security, and your oversight needs.
  • Third-Party Communications: When your AI agents communicate with third parties (via email or phone), those third parties should be informed they are interacting with an AI system operated under your supervision.
  • Data Responsibility: You are responsible for ensuring that your AI agents' data collection and processing activities comply with applicable privacy laws and your own privacy policies.

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • Banking Partners: Stripe and Unit for payment processing, card issuance, and bank account services
  • Identity Verification: Clerk for authentication and identity management
  • Communication Providers: Email and telephony service providers to enable avatar communications
  • Infrastructure: Cloud hosting and database providers

5.2 Legal and Compliance

We may disclose information when required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

5.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication requirements
  • Monitoring for unauthorized access or anomalous activity
  • Secure data centers with physical security controls
  • Employee security training and background checks

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations (including financial record-keeping requirements)
  • Resolve disputes and enforce our agreements
  • Maintain audit trails as required by regulations

Financial records may be retained for seven (7) years or longer as required by law. You may request deletion of your account data, subject to our legal retention obligations.

8. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Request your data in a portable format
  • Objection: Object to certain processing of your information
  • Restriction: Request restriction of processing in certain circumstances

To exercise these rights, please contact us at privacy@mermaidagents.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer information internationally, we implement appropriate safeguards, such as Standard Contractual Clauses, to protect your information.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

11. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation (GDPR). We process your data based on legitimate interests, contractual necessity, legal obligations, and/or your consent. You have the right to lodge a complaint with a supervisory authority if you believe your rights have been violated.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete that information.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. We may also notify you via email for significant changes. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@mermaidagents.com

Legal Inquiries: legal@mermaidagents.com

← Back to Home