Legal

Privacy Policy

Effective June 2, 2026

MerchLocal is a done-for-you merch service for restaurants. This Privacy Policy explains what personal information we collect, why we collect it, how we use it, and the choices you have. We've tried to write this in plain English. If anything is unclear, email hello@merchlocal.co and we'll explain.

Who we are
Information we collect
How we use information
Who we share information with
AI processing (Giorgio chat)
Cookies and tracking
How long we keep information
Your rights and choices
Security
Children's privacy
International users
Changes to this policy
Contact us

1. Who we are

"MerchLocal," "we," "us," and "our" refer to MerchLocal LLC, a New Jersey limited liability company. We operate the website at merchlocal.co, the related catalog, the Giorgio intake chat, and a client portal for restaurants we work with. This policy covers all of those (together, the "Service").

The data controller for your information is MerchLocal LLC. You can reach us at hello@merchlocal.co.

2. Information we collect

Information you give us directly

Inquiry form: your name, email address, restaurant name, city, and the free-text message you send us.
Giorgio chat: everything you type in the chat, which typically includes your name, role, restaurant name, email address, the kind of merch you're interested in, and other details you choose to share.
Client portal: if you are a MerchLocal client, your account email, authentication credentials, and information related to your merch program (products, approvals, order history).
Email correspondence: the contents of any emails you send us.

Information collected automatically

Log data: standard server logs from our hosting provider, including IP address, browser type, pages visited, and timestamps.
Cookies: session and authentication cookies needed for the client portal to function. We do not currently use advertising or analytics cookies. See Section 6.

What we don't collect

We do not knowingly collect government-issued IDs, payment card numbers, health information, or precise geolocation. If you send us a sensitive document in an email or chat, please don't — we'd rather not have it.

3. How we use information

We use the information you provide to:

Respond to your inquiry and follow up with proposals, sketches, or samples.
Operate the Service, including the client portal and the Giorgio chat.
Design, produce, and ship merchandise on behalf of restaurant clients we work with.
Send you transactional emails about your account or order (e.g., login codes, order confirmations).
Comply with legal obligations and enforce our Terms of Service.
Improve the Service, including measuring which parts of the site or chat are working.

We do not sell your personal information, and we do not use it for cross-context behavioral advertising. We do not use your data to train any AI model.

We share personal information with the following categories of service providers, only as needed to operate the Service:

Cloud hosting and infrastructure providers (to host the website, run server functions, and store data).
Email delivery providers (to send transactional and account emails).
AI service providers, including Anthropic, PBC, which powers the Giorgio intake chat. See Section 5 below.
Production and fulfillment partners (to print and ship physical merchandise — they receive shipping addresses but not chat transcripts or inquiry messages).
Professional advisors (lawyers, accountants) when reasonably needed.

We may also disclose information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect rights, safety, or property.

If MerchLocal is acquired, merged, or sells assets, personal information may transfer to the acquirer, subject to the same protections described in this policy.

5. AI processing (Giorgio chat)

The Giorgio intake chat is an AI agent powered by Anthropic, PBC. When you chat with Giorgio, the messages you send (which may include your name, email, restaurant, and anything else you type) are sent to Anthropic's API to generate Giorgio's replies. Anthropic processes this content under its commercial terms, which prohibit use of the content to train Anthropic's models. Anthropic may retain the content briefly for abuse detection.

We also store the transcript of your Giorgio conversation in our own systems so that our team can read it and follow up with you. If you'd rather not have your chat stored, don't use Giorgio — email hello@merchlocal.co directly instead.

6. Cookies and tracking

The marketing website uses minimal cookies. The client portal uses authentication cookies that are strictly necessary to keep you logged in. We do not currently use third-party advertising cookies, analytics cookies, or social-media tracking pixels.

If we add analytics in the future, we'll update this policy and, where required, ask for your consent.

7. How long we keep information

Inquiry form submissions: kept for up to 36 months from the date of submission so we can follow up and reference prior conversations.
Giorgio chat transcripts: kept for up to 36 months.
Client portal accounts and related data: kept while you are an active client, and for a reasonable period afterward for accounting, tax, and dispute-resolution purposes (typically up to 7 years).
Server logs: kept for up to 90 days.

You can ask us to delete your information sooner — see Section 8.

8. Your rights and choices

Depending on where you live, you may have the following rights:

Access: request a copy of the personal information we hold about you.
Correction: ask us to correct inaccurate information.
Deletion: ask us to delete your personal information.
Portability: ask for your information in a portable format.
Objection / restriction: object to or restrict certain processing.
Opt out of sale or sharing: we don't sell personal information or share it for cross-context behavioral advertising, but if that ever changed, California residents would have the right to opt out.
Non-discrimination: we won't deny you services or charge you more for exercising these rights.

To make a request, email hello@merchlocal.co with the subject line "Privacy request." We may need to verify your identity before fulfilling the request. We respond within 45 days where required by law.

If you are in the EU or UK, you also have the right to lodge a complaint with your local data protection authority.

9. Security

We take reasonable steps to protect personal information, including encryption in transit (HTTPS), encryption at rest for stored data, access controls, and limiting who on our team can see what. No system is perfectly secure, and we cannot guarantee absolute security.

10. Children's privacy

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has given us personal information, email hello@merchlocal.co and we will delete it.

11. International users

MerchLocal operates from the United States. If you access the Service from outside the U.S., your information will be transferred to, stored, and processed in the U.S. The laws of the U.S. may differ from those of your country. By using the Service, you consent to this transfer.

12. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date at the top and, where appropriate, notify you by email or a notice on the site. Continued use of the Service after the changes take effect means you accept the updated policy.

13. Contact us

Questions, requests, or concerns? Email hello@merchlocal.co.