Your Privacy, Protected by Design
Last updated: March 27, 2026
Your customers' trust is your most valuable asset. That is why AgenticMCPStores is engineered to keep your business data secure, transparent, and completely under your control.
1. Minimal Customer Data (when required)
You own your customer relationships. AgenticMCPStores is designed to store the minimum data needed to run your MCP storefront (account + store configuration). We do not store payment card details. For checkout flows, we may temporarily process and store buyer/fulfillment details associated with an order or session to complete the workflow and provide auditability.
2. Bank-Grade Credential Security
Your Shopify and WooCommerce API keys and OAuth tokens are AES-256 encrypted at rest. When AI agents access your storefront, they use scoped, temporary credentials that prevent unauthorized access to your core infrastructure.
3. Complete Transparency for You
You can see exactly what tools (endpoints) you are exposing to external AI agents. Every read and write request is logged, so you know exactly how ChatGPT or Claude interacts with your store.
4. Explicit Confirmation Built-in
Sensitive actions—like finalizing a checkout or purchasing an item—always require explicit human confirmation. The AI agent prepares the cart, but your customer's final click ensures safety and compliance.
5. Automated Processing Disclosure
Our AI systems (MCP tools) process product data to provide suggestions. These suggestions are automated and non-binding; the final purchase decision always rests with the human user.
6. International Transfers (DPF & SCCs)
When we use AI providers like OpenAI or Anthropic located outside the EEA, we ensure your personal data's protection level is guaranteed through the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs).
7. Commercial Communications (LSSI-CE)
We will not send commercial communications without your express prior consent, unless there is a prior contractual relationship and the products are similar to those initially contracted. You can opt-out at any time.
8. 72-Hour Breach Notification
In the unlikely event of a data security breach that poses a risk to your rights, we commit to notifying you and the competent authority within a maximum of 72 hours of becoming aware of the incident.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA): (1) Right to Know — you may request disclosure of the categories and specific pieces of personal information we collect; (2) Right to Delete — you may request deletion of your personal information, subject to legal exceptions; (3) Right to Correct — you may request correction of inaccurate personal information; (4) Right to Opt-Out of Sale or Sharing — we do not sell or share your personal information for cross-context behavioral advertising; (5) Right to Limit Use of Sensitive Personal Information — we do not use or disclose sensitive personal information beyond permitted purposes. To exercise these rights, contact support@agenticmcpstores.com. We respond within 45 days.
10. Automated Decision-Making & Trust Scoring
We use an automated trust scoring system to evaluate merchant stores on a scale of 0 to 100. This score is computed from 8 operational signals: catalog completeness (15%), catalog freshness (15%), price accuracy (15%), availability accuracy (10%), policy coverage (10%), checkout success rate (15%), fulfillment rate (10%), and dispute rate (10%). The score is recalculated periodically and affects your store's visibility to AI agents: scores below 50 reduce ranking, below 30 hide your store, and below 20 suspend it. Under GDPR Article 22, you have the right to: (a) obtain an explanation of the decision, (b) contest the decision, and (c) request human review. You can submit an appeal from your merchant dashboard or by emailing support@agenticmcpstores.com. Human review is completed within 15 business days.
11. Platform Integrations — Data We Access
When you connect an e-commerce platform, we access only the data required to operate your MCP storefront. For Shopify (Admin REST API 2024-10, scopes: read_products, read_inventory, write_checkouts): shop metadata (name, currency, country, plan), product catalog (title, description, price, inventory count, images, variants, SKU), and product count. We do not access end-customer data (names, emails, phone numbers, or addresses). For WooCommerce (REST API v3, Consumer Key/Secret): system_status (WC version, site URL) and product catalog (id, name, price, stock, variations). We do not store end-buyer data. For PrestaShop (native WebService API, merchant API key): shop name, products list (id, name, price), and PS_VERSION_DB for technical compatibility. We do not access personal data of buyers. For all platforms, connection credentials are encrypted with AES-256-GCM and are permanently deleted if you disconnect your store.
12. Payment Processing Partners
When you accept payments through AgenticMCPStores, your transactions are processed by third-party payment providers. Stripe (Stripe, Inc.) processes card payments and acts as a data processor on our behalf; their privacy policy is available at stripe.com/privacy. PayPal (PayPal Holdings, Inc.) processes PayPal payments and acts as an independent data controller for buyer transaction data; their privacy policy is available at paypal.com/privacy. We do not store credit card numbers, CVV codes, or any Sensitive Authentication Data as defined by PCI DSS. Payment tokens used in agent-initiated transactions (such as Mastercard Agent Pay) are processed via Stripe Connect Direct Charges on the merchant's own Stripe Connected Account — funds flow directly to the merchant and never pass through AgenticMCPStores.
Your Right to Access Your Data
Data Subject Access Requests (DSAR)
Under GDPR (Articles 15-22), you have the right to access, delete, correct, export, or object to processing of your personal data. If you are a customer of a store powered by AgenticMCPStores, you can submit a Data Subject Access Request at any time.
Submit Data RequestCalifornia Rights (CCPA/CPRA)
California Residents
We do not sell or share your personal information. To exercise your CCPA/CPRA rights (access, deletion, correction, opt-out), contact us at support@agenticmcpstores.com. We respond within 45 days.
Automated Decisions and Profiling
Trust Score — Merchant Trust Scoring System
AgenticMCPStores computes a Trust Score for each merchant store registered on the platform. This score is a numeric value between 0.0 and 1.0 that reflects the operational quality of the store and is used by AI agents to decide whether to initiate commercial transactions with that store. The system applies exclusively to merchants (store owners) registered on the platform, and not to end buyers or their personal data.
The Trust Score is computed using a deterministic algorithm with fixed weights. It does not use machine learning or artificial intelligence to learn or infer patterns: each recalculation applies the same mathematical formulas to the same input data and produces the same result. There is no inferred profile or predictive model; only objective operational metrics.
Score components (12 factors):
| Factor | Weight |
|---|---|
| Catalog completeness | 11% |
| Catalog freshness | 11% |
| Price accuracy | 12% |
| Availability accuracy | 8% |
| Policy coverage | 8% |
| Checkout success rate | 11% |
| Fulfillment rate | 8% |
| Dispute rate | 7% |
| Agent satisfaction rate | 8% |
| Response latency | 5% |
| Review sentiment | 5% |
| Data consistency | 6% |
The score is recalculated periodically and has direct effects on store visibility: scores below 0.50 reduce ranking in agent listings; below 0.30 the store is hidden from agents; below 0.20 the store is suspended from the platform.
Your rights under GDPR Art. 22
As a merchant subject to this automated scoring system, you have the right to:
- Obtain a detailed explanation of how your Trust Score was calculated and which factors had the greatest impact.
- Contest the decision if you believe the score does not accurately reflect your store or that the data used is incorrect.
- Request human review of the score by the AgenticMCPStores team.
- Request correction of erroneous operational data that is affecting your score.
How to exercise your rights
You can request human review of your Trust Score in two ways:
- Sending an email to privacy@agenticmcpstores.com with the subject "Trust Score Review" and your store ID or domain.
- Using the platform's contact form.
Response time: 30 business days from receipt of the request.
This section complies with Art. 22 of the GDPR (General Data Protection Regulation, EU 2016/679) on automated individual decision-making, including profiling.