AgentPay - Privacy Policy

Privacy Policy

AgentPay Inc. d/b/a agentShop
Last Updated: December 23rd, 2025

1. Scope and Acceptance

This Privacy Policy ("Policy") describes how agentShop collects, uses, discloses, and otherwise processes Personal Information in connection with our websites, web applications, mobile applications, APIs, and related services (collectively, the "Services").
By accessing or using the Services, or by submitting information to us, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree, you must immediately cease all use of the Services.
This Policy is incorporated by reference into our Terms of Use.

2. Definitions

For purposes of this Policy:
"Personal Information" means information that identifies, relates to, describes, or can reasonably be linked to an identified or identifiable natural person or household, as defined under applicable law.
"Process," "Processing" means any operation performed on Personal Information, whether by automated means or otherwise.
"Controller" / "Business" and "Processor" / "Service Provider" have the meanings given under GDPR and CCPA/CPRA, respectively, as applicable.

3. Categories of Information We Collect

We may collect, use, and Process the following categories of information:
3.1 Identifiers and Contact Information
• Name, email address, phone number
• Business name and role
• Usernames, account identifiers, and authentication data
3.2 Business and Commerce Data
• E-commerce store data, including product catalogs, SKUs, pricing
• Orders, revenue, and performance metrics
• Site activity, conversion data, and customer behavior data retrieved via integrations (e.g., Shopify, WooCommerce, Meta/Instagram Shops)
3.3 Technical and Usage Information
• IP address, device identifiers, browser type, operating system
• Log data (timestamps, pages viewed, referring URLs)
• Session data, heatmaps, clickstream, scroll and interaction data
• Cookies, pixels, tags, SDKs, and similar technologies
3.4 AI-Related Data
• Prompts, queries, instructions, and configurations you provide
• AI model outputs, enrichments, scores, and rankings
• Derived metadata, internal labels, and analytics generated by the Services
3.5 Inference and Derived Data
• Inferences drawn from any of the above categories to create profiles, scores, or predictions about store performance, catalog quality, or similar metrics.
We do not intentionally collect "sensitive personal information" (as defined under CPRA) beyond what is strictly necessary for account security and fraud prevention.

4. Sources of Information

We obtain information:
• Directly from you (account creation, support requests, uploads).
• Automatically through your use of the Services (logs, cookies, analytics).
• From third parties, such as:
- E-commerce platforms (e.g., Shopify, WooCommerce)
- Social commerce platforms (e.g., Meta/Instagram Shops)
- Analytics and attribution providers
- Payment processors (for billing identifiers, but not full card numbers)
You represent and warrant that you have all rights, consents, and authority necessary to provide or connect such information to the Services.

5. Purposes of Processing

We Process Personal Information for the following purposes:
• Service Delivery – To provide, operate, maintain, secure, and improve the Services.
• AI-Powered Features – To generate, display, and refine AI-based insights, rankings, scores, and recommendations.
• Account and Authentication – To create and manage user accounts, and authenticate access.
• Integrations – To connect and synchronize with third-party platforms you authorize.
• Analytics and Product Improvement – To understand usage patterns, measure performance, and improve features.
• Security and Abuse Prevention – To detect, prevent, and respond to fraud, abuse, and security incidents.
• Legal and Compliance – To comply with applicable laws, regulations, legal process, and enforce our Terms.
• Communications – To send transactional messages, product updates, and (where permitted) marketing communications.
• Billing and Payments – To process subscription fees via Stripe or other processors (we do not store full payment card numbers).
Where required by law, we rely on your consent; otherwise, we rely on contractual necessity and our legitimate business interests in operating a secure, functional, and improving platform.

6. Disclosures of Personal Information

We may disclose Personal Information to:
6.1 Service Providers / Processors
We engage third-party entities that Process information on our behalf subject to contractual restrictions, including but not limited to:
• Cloud hosting (e.g., AWS)
• AI providers (e.g., OpenAI, AWS AI services)
• Authentication and identity providers (e.g., Clerk Inc.)
• Payment processors (e.g., Stripe)
• Analytics and product tools (e.g., Google Analytics, Mixpanel, Segment, FullStory, Hotjar, Shopify Analytics)
6.2 Third-Party Integrations
When you connect a third-party platform, you authorize us to exchange relevant data with that platform as needed to provide the Services.
6.3 Corporate Transactions
In connection with a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, information may be shared with actual or potential counterparties and their advisors.
6.4 Legal and Security
We may disclose information where we reasonably believe it necessary to:
• Comply with law, regulation, or legal process
• Respond to lawful requests by public authorities
• Protect rights, property, or safety of agentShop, our users, or the public
6.5 Aggregated / De-Identified Data
We may use, share, or publish aggregated, anonymized, or otherwise de-identified data for any lawful purpose. Such data will not reasonably identify you.
6.6 No "Sale" of Personal Information
We do not "sell" Personal Information as that term is defined under CCPA/CPRA.

7. AI-Specific Disclosures

• We use third-party AI models and infrastructure to Process prompts, generated outputs, and related metadata.
• We do not use identifiable customer Personal Information to train our own proprietary general-purpose models.
• We may store prompts and outputs as necessary to provide, secure, and improve the Services (e.g., debugging, quality assurance, abuse prevention).
• Certain features involve automated decision-making or scoring. You remain solely responsible for reviewing and validating any AI outputs before acting on them or presenting them to others.

8. Cookies and Tracking Technologies

We and our partners use cookies, pixels, beacons, SDKs, and similar technologies to:
• Keep you signed in
• Remember preferences
• Measure and analyze usage
• Attribute and optimize marketing
You may manage cookie preferences through your browser or device settings. Some features may not function properly without certain cookies.
More detail is provided in Annex 1 – Cookie Policy.
We do not currently respond to "Do Not Track" signals.

9. Data Security

We implement reasonable technical and organizational measures intended to protect Personal Information, including:
• Encryption in transit and at rest
• Role-based access controls
• Regular security testing and monitoring
However, no security measure is entirely secure, and we cannot guarantee absolute security. To the maximum extent permitted by law, we disclaim liability for unauthorized access, use, or disclosure arising from events beyond our reasonable control.

10. Data Retention

We retain Personal Information for as long as reasonably necessary to:
• Provide and maintain the Services
• Fulfill the purposes described in this Policy
• Comply with legal obligations
• Resolve disputes
• Enforce agreements
We may retain de-identified or aggregated data indefinitely.

11. International Data Transfers

We may transfer, store, and process information in the United States and other jurisdictions that may have data protection laws different from those in your jurisdiction.
Where required, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers.

12. Your Rights

12.1 U.S. / California (CCPA/CPRA)
If you are a California resident, you may have the right to:
• Request access to specific pieces and categories of Personal Information we have collected about you;
• Request deletion of Personal Information, subject to legal exceptions;
• Request correction of inaccurate Personal Information;
• Request information about categories of Personal Information disclosed for a business purpose.
We do not "sell" Personal Information and do not share it for cross-context behavioral advertising in a manner that requires a "Do Not Sell or Share My Personal Information" link under CPRA.
12.2 EU/EEA and UK
If you are located in the EU/EEA or UK, you may have rights to:
• Access your Personal Information;
• Request correction or deletion;
• Object to or restrict Processing;
• Data portability;
• Lodge a complaint with a supervisory authority.
Additional terms for EU/UK users appear in Annex 2 – EU/UK Addendum.
12.3 Exercising Rights
To exercise any rights, contact us at info@useagentshop.com. We may need to verify your identity before fulfilling your request and may deny or limit requests where permitted or required by law.

13. Children's Data

The Services are not directed to children under 13, and we do not knowingly collect Personal Information from children under 13. If we learn that we have collected such information, we will take reasonable steps to delete it.

14. Changes to This Policy

We may revise this Policy from time to time. The "Last Updated" date indicates the effective date. Your continued use after changes become effective constitutes acceptance of the revised Policy.