Privacy Policy
Last updated: 19 April 2026
AgentCheckout ("we", "us") operates agentcheckout.app and provides a hosted Model Context Protocol (MCP) endpoint service for e-commerce merchants. This policy explains what data we collect, why, and how we handle it.
1. Data we collect
From merchants
- Account data: store name, store URL, work email, company name.
- Store integration data: API credentials / OAuth tokens for your storefront platform.
- Catalogue data: product titles, descriptions, prices, variants, inventory counts.
From agent sessions
- Anonymised agent identifiers, tool calls made, inputs, timestamps.
- Cart and order data when a checkout completes.
From website visitors
- Standard server logs and privacy-friendly analytics (no identifying cookies).
2. Why we collect it
To provision and operate your MCP endpoint, to let AI agents search your catalogue and complete checkout, to secure the service, to show you a dashboard of agent activity, and to improve the product (aggregate and anonymised only).
We do not sell your data. We do not train AI models on your data.
3. Payment data
We never store full payment card numbers. Payment processing is handled by Razorpay, MoltPe, or (when enabled) Stripe. Their privacy policies apply to the payment step.
4. Data sharing
We share data only with infrastructure providers (hosting, database, monitoring), payment processors you have enabled, and legal authorities when required by law.
5. Data retention
- Account data: retained while your account is active; deleted within 30 days of closure.
- Agent session logs: 90 days, then anonymised.
- Order data: retained as required by tax and e-commerce law.
6. Your rights
You can export your data, delete your account, revoke agent tokens, or request correction at privacy@agentcheckout.app. EU/UK residents: GDPR rights apply.
7. Security
TLS for all connections, encrypted storage at rest, scoped tokens, least-privilege access.
8. International transfers
Data is processed in India and the United States. Cross-border transfers use appropriate safeguards where required.
9. Children
The service is not intended for users under 18.
10. Changes
We will notify account holders of material changes by email.