Merit Systems Privacy Policy

Last updated: March 10, 2026

This Privacy Policy explains how Merit Systems, Inc. (Merit, we, us, or our) collects, uses, shares, and retains information in connection with merit.systems and the websites, applications, software, APIs, tools, and related services that link to or incorporate this Policy (collectively, the Services).

1. Scope

This Policy applies to the Services, including Merit-operated products such as AgentCash, The Stables services, x402scan, and Poncho, except to the extent a product-specific privacy supplement or separate privacy notice says otherwise.

2. Information We Collect

Depending on how you use the Services, we may collect:

• contact, account, profile, organization, and registration information you provide;
• wallet addresses, wallet identifiers, payment metadata, transaction hashes, balances, and related protocol metadata;
• prompts, requests, instructions, files, uploads, messages, call parameters, booking parameters, and other content you submit through the Services;
• target lists, recipient details, contact details, domains, social handles, phone numbers, email addresses, wallet addresses, and other identifiers or data you submit or instruct the Services to act on;
• logs, usage data, diagnostics, analytics events, browser and device information, IP address, and approximate location inferred from IP;
• settings, preferences, linked-account data, integration metadata, and workflow metadata;
• fraud-prevention, duplicate-detection, eligibility, and anti-abuse signals associated with onboarding, Promotions, referrals, access controls, and account protection;
• public blockchain data and public listing or registry data associated with wallets, payments, resources, or transactions.

We do not collect the same categories for every Service or every user. Collection depends on the product and how you use it.

3. How We Use Information

We may use information to:

• provide, operate, maintain, secure, and improve the Services;
• process requests, route tool calls, run workflows, and operate agents or automations you authorize;
• enable searches, enrichments, scraping, calls, messages, uploads, generations, transactions, bookings, registrations, and other actions you request or authorize;
• support wallet, payment, protocol, settlement, and onramp functionality;
• detect fraud, abuse, duplication, spam, security incidents, and policy violations;
• administer Promotions, invite codes, referrals, onboarding flows, access controls, and eligibility checks;
• communicate with you about the Services;
• comply with legal obligations, enforce contracts, and protect our rights, users, providers, and operations;
• create aggregated, de-identified, statistical, or operational data for lawful business purposes.

4. How We Share Information

We may share information with:

• service providers that support hosting, storage, analytics, security, communications, customer support, and related operations;
• wallet providers, payment providers, facilitators, settlement providers, onramps, and protocol-related providers;
• exchanges, issuers, redemption counterparties, and other funding or digital-asset providers you choose to use through or alongside the Services;
• model providers, agent providers, and automation infrastructure providers when you use AI or agent features;
• third-party providers used to fulfill your request, including providers for data, search, enrichment, social, generation, storage, telecom, communications, bookings, domains, registries, travel, jobs, crypto, and related capabilities;
• External Resources and counterparties you choose to interact with through the Services;
• law enforcement, regulators, courts, advisors, counterparties, or other parties where disclosure is required or reasonably appropriate for legal, security, dispute, compliance, or operational reasons;
• acquirers, investors, lenders, or other transaction counterparties in connection with a financing, merger, acquisition, reorganization, or sale.

We do not promise that every provider category is used by every Service. Sharing depends on the Service and how you use it.

5. Blockchain and Public Data

If you use wallets, payment protocols, or on-chain functionality, some information is public and immutable by design. Public blockchain records may include wallet addresses, balances, transfers, timestamps, transaction hashes, and related metadata. Merit cannot alter or delete public blockchain data.

Some Merit products also display or process public resource listings, endpoint metadata, discovery records, and other publicly available information.

6. AI, Agents, and Provider Processing

If you use AI, agent, or tool-calling features:

• your prompts, files, context, instructions, or request parameters may be processed by third-party providers;
• your targets, recipients, identifiers, contact details, and other submitted data may be sent to providers or External Resources to perform the action you requested;
• your requests may be routed to third-party services to perform the action you requested;
• Merit may store or process related metadata, logs, and operational records.

If you use the Services to search for, enrich, scrape, analyze, contact, call, message, upload, host, generate from, transact with, or otherwise act on third-party data or content, Merit and the providers or External Resources you invoke may process the inputs, targets, and related metadata needed to perform those actions.

You should not assume that content stays only on your device, only within Merit systems, or confidential, unless a specific product notice or separate written agreement expressly says so.

7. Promotions, Onboarding, and Anti-Abuse Processing

If you participate in onboarding, Promotions, referrals, invite flows, or related programs, Merit may process information to determine eligibility, prevent abuse, and administer the program. This may include:

• wallet and account identifiers;
• linked profile or integration signals;
• duplicate-detection and fraud-prevention signals;
• promotion status, claim history, and reward metadata;
• logs or review records associated with the program.

8. Cookies, Local Storage, and Analytics

We may use cookies, local storage, analytics tools, and similar technologies to:

• keep you signed in;
• remember settings and preferences;
• measure traffic, engagement, and usage;
• diagnose errors and monitor performance;
• improve security and product quality.

Some analytics may be provided by third parties.

9. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Policy, including to:

• operate and improve the Services;
• administer Promotions and prevent abuse;
• comply with legal, tax, accounting, and compliance obligations;
• resolve disputes and enforce agreements;
• maintain security, audit, and operational records.

Retention periods vary by product, data type, and legal requirement. Public blockchain data is not controlled by Merit and cannot be deleted by Merit.

10. Your Choices

Depending on the Service and your location, you may be able to:

• disconnect wallets or integrations;
• update account or profile information;
• delete certain content or local data;
• opt out of certain communications;
• request access to or deletion of certain personal information.

These rights may be limited where Merit must retain data for legal, security, anti-abuse, recordkeeping, operational, or fraud-prevention reasons, or where the data is public blockchain data or otherwise not controlled by Merit.

11. Security

We use reasonable administrative, technical, and organizational measures to protect information, but no system is completely secure. We cannot guarantee absolute security.

You are responsible for protecting your own devices, accounts, wallets, credentials, and approvals.

12. Children

The Services are not directed to children under 18, and we do not knowingly provide the Services to children under 18.

13. Changes

We may update this Policy at any time. If we make material changes, we may post the updated Policy, update the date above, or provide other notice. Your continued use of the Services after the effective date of the updated Policy constitutes acceptance.

14. Contact

Privacy questions and requests may be sent to:

[email protected]

or by mail to:

Merit Systems, Inc.
224 West 35th Street, Ste 500 #2218
New York, NY 10001

15. Product Supplements

Some products may have supplemental privacy notices or product-specific disclosures. If a product-specific privacy supplement conflicts with this Policy, the supplement controls for that product.

Current product supplements include:

• AgentCash Supplemental Terms and Privacy Notes
• The Stables Supplemental Terms and Privacy Notes
• x402scan Supplemental Terms and Privacy Notes
• Poncho Supplemental Terms and Privacy Notes