Legal
Effective date: 1 January 2025 · Last updated: 1 May 2025
MergeDeck ("we", "us", or "our") operates the platform available at mergedeck.com — a curated marketplace for business acquisitions, investments, and M&A advisory. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.
For questions about this policy, contact us at ceo@mergedeck.com.
Account Information
When you create an account, we collect your name, email address, and authentication credentials via our identity provider (Clerk).
Profile & Listing Data
Information you provide when creating a listing — including business details, financial information, deal structure, location, and contact preferences.
Communication Data
Messages exchanged through the platform's messaging system between participants. These are stored to facilitate deal conversations and are accessible only to participants and platform administrators for safety purposes.
Usage Data
Automatically collected data including IP address, browser type, pages visited, time spent, and referring URLs. We use Google Analytics and Vercel Analytics for this purpose.
Role Application Data
Information submitted when applying for a role (Buyer, Seller, Advisor, Investor) — including company details, professional background, and stated purpose.
We do not sell your personal information. We share information only in the following circumstances:
Between deal participants — Contact details are shared only when both parties have confirmed mutual interest through the platform's introduction process.
Service providers — We work with Neon (database), Supabase (file storage), Resend (email), Clerk (authentication), and Vercel (hosting). Each operates under a data processing agreement.
Legal requirements — We may disclose information if required by law, court order, or to protect the rights and safety of our users.
We retain your account and listing data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where retention is required by law or for legitimate business purposes (e.g., ongoing dispute resolution or regulatory compliance). Anonymised, aggregated data may be retained indefinitely.
We use essential cookies for authentication and session management. We also use analytics cookies (Google Analytics, Vercel Analytics) to understand how the platform is used. You can disable non-essential cookies in your browser settings, though this may affect platform functionality.
You have the right to:
To exercise any of these rights, contact ceo@mergedeck.com. We will respond within 30 days.
We implement industry-standard security measures including encrypted data transmission (TLS), secure authentication, role-based access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and not share your credentials.
MergeDeck is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date. Continued use of the platform after changes constitutes acceptance of the revised policy.