Privacy Policy

Last updated: April 3, 2026

1. Overview

AgentCart ("we", "our", or "us") provides a Shopify app and web platform that helps merchants make their stores discoverable and operable by AI agents. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

  • Merchant account data — email address and Shopify store URL provided during sign-up or OAuth installation.
  • Shopify API credentials — Admin API access token and, where available, Storefront API token, used solely to read product catalog data and register webhooks on your behalf.
  • Product catalog data — product titles, descriptions, prices, images, and URLs crawled from your store to generate optimization scores and AI-readable manifests.
  • Agent interaction data — anonymized logs of AI agent requests (e.g. catalog lookups, checkout sessions initiated) associated with your merchant account. No end-customer personal data is stored.
  • Usage analytics — aggregate request counts, platform breakdowns, and conversion metrics shown in your dashboard.

3. Data We Do Not Collect

We do not collect, store, or process personal data about your customers (shoppers). AgentCart does not receive customer names, emails, addresses, or payment information at any point.

4. How We Use Your Data

  • To crawl and index your product catalog for AI-readiness scoring.
  • To generate and serve your Universal Commerce Protocol (UCP) manifest at /.well-known/ucp.
  • To facilitate AI agent checkout sessions by creating Shopify carts on your store.
  • To display analytics in your AgentCart dashboard.
  • To send transactional emails (e.g. scan completion notifications).
We do not sell your data or use it for advertising.

5. Data Retention

Merchant account data is retained for the lifetime of your account. Agent interaction logs and checkout session records are retained for 12 months. You may request deletion at any time by contacting us.

6. GDPR / Shopify Compliance

We respond to Shopify's mandatory GDPR webhooks:
  • customers/data_request — acknowledged. We hold no customer personal data.
  • customers/redact — acknowledged. No customer data to delete.
  • shop/redact — all merchant transactional data is permanently deleted within 48 hours of app uninstall.

7. Data Security

All data is stored on Supabase (PostgreSQL) with row-level security enabled. API credentials are stored encrypted at rest. Connections are secured over TLS.

8. Third-Party Services

  • Shopify — product and order data via Shopify API.
  • Supabase — database and authentication hosting.
  • Vercel — application hosting.
  • Anthropic / OpenAI — AI models used for product description enrichment (product data only, no personal data).

9. Your Rights

You may request access to, correction of, or deletion of your data at any time by emailing support@agentcart.io. We will respond within 30 days.

10. Changes to This Policy

We may update this policy. Material changes will be communicated via email or an in-app notice. Continued use of the app constitutes acceptance of the updated policy.

11. Contact

AgentCart
support@agentcart.io