Privacy Policy

Agent Checkout ("we," "us," or "our") operates the Agent Checkout Shopify plugin and associated services. This policy explains what data we collect, how we use it, and your rights regarding that data.

Store Information

• Your Shopify store domain (e.g., your-store.myshopify.com)
• Product catalog data (titles, descriptions, prices, images, variants)
• OAuth session tokens for authenticated API access
• Store configuration preferences (agent discovery enabled/disabled)

Transaction Data

• Checkout session metadata (items, totals, status)
• Payment method type (crypto or card token)
• Shopify order IDs created through agent checkouts
• Platform fees collected

What We Do NOT Collect

We do not collect, store, or process any customer personally identifiable information (PII). We do not store customer names, email addresses, physical addresses, payment card numbers, or any other personal data belonging to your store's customers. All payment processing is handled by Stripe.

• To list your store in the Agent Checkout discovery network
• To enable AI agents to search your product catalog
• To process and track agent-initiated checkout sessions
• To route payments to your connected Stripe account
• To display aggregate statistics in your Shopify admin dashboard

Your data is stored in a PostgreSQL database hosted on Railway (railway.com), a SOC 2 compliant infrastructure provider. All data is transmitted over HTTPS. API keys are generated uniquely per store and can be regenerated at any time.

When you uninstall the Agent Checkout plugin, we receive a notification from Shopify and immediately delete your session data and store configuration. Within 48 hours of uninstall, Shopify sends a shop/redact webhook, and we purge all remaining store data from our systems. You can also request data deletion at any time by contacting us.

We comply with GDPR and Shopify's mandatory data protection requirements. We handle all three required webhooks:

• Customer data request — We acknowledge the request. Since we do not store customer PII, there is no personal data to export.
• Customer data erasure — We acknowledge the request. Since we do not store customer PII, there is no personal data to delete.
• Shop data erasure — We delete all store data including sessions, configuration, and transaction logs.

• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Railway — Infrastructure hosting. Subject to Railway's Privacy Policy.
• Shopify — E-commerce platform. Subject to Shopify's Privacy Policy.

For privacy-related inquiries, data requests, or questions about this policy, contact us at:

GoTeammate
Email: [email protected]