Privacy Policy

Last updated: May 2026

MCPify ("we", "us", "our") is committed to protecting the privacy of Shopify merchants and their customers. This Privacy Policy explains how we collect, use, and protect information when you use the MCPify app.

1. Information We Collect

Data	Purpose	Retention
Shopify store domain	Identify your store	Until app uninstall
Shopify OAuth access token	Query store data on your behalf	Until app uninstall
Agent configuration (name, tone, prompt)	Customize AI behavior	Until deleted by you
Monthly usage count (number of AI calls)	Enforce plan limits	Resets monthly

2. Shopify Store Data We Access

With your permission, MCPify reads the following data from your Shopify store to answer customer questions:

• Products — titles, descriptions, prices, variants (read-only)
• Inventory — stock levels per variant (read-only)
• Orders — order status and fulfillment for customer lookup (read-only)
• Pages — your store pages, policies, FAQs (read-only)

This data is fetched in real-time per customer query and is not stored or cached on our servers beyond the duration of a single API request.

3. What We Do NOT Collect

• Customer personal data (names, emails, addresses) from your store
• Payment or financial information
• Persistent chat logs or conversation history
• Browsing history of your customers
• Any data from Shopify Admin beyond the scopes listed above

4. How We Use Your Data

Data collected is used solely to:

• Provide the AI chatbot service on your storefront
• Authenticate API requests from your store
• Enforce your subscription plan limits
• Improve service reliability and performance

We do not sell, rent, or share your data with third parties for marketing purposes.

5. Third-Party Services

MCPify uses the following third-party services to operate:

• Cloudflare Workers & KV — infrastructure and data storage (encrypted at rest)
• Groq AI — AI language model processing. Chat messages are sent to Groq for real-time processing. Groq's privacy policy applies: groq.com/privacy-policy
• Stripe — payment processing. We do not store card details. Stripe's privacy policy: stripe.com/privacy

6. Data Security

All data is encrypted in transit (TLS) and at rest (Cloudflare KV encryption). Access tokens are stored with restricted access and never logged. We follow Shopify's security best practices for app development.

7. Your Rights (GDPR & CCPA)

You have the right to:

• Access — request a copy of data we hold about your store
• Deletion — request deletion of all your data by uninstalling the app or contacting us
• Portability — receive your configuration data in a machine-readable format
• Correction — update your agent configuration at any time from the app dashboard

To exercise these rights, email privacy@mcpify.live.

8. Data Retention

When you uninstall MCPify from your Shopify store, your OAuth access token and store configuration are deleted within 30 days. Usage counters are purged after 90 days.

9. Children's Privacy

MCPify is a B2B service for Shopify merchants. We do not knowingly collect data from children under 13.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email. Continued use of the app after changes constitutes acceptance.

11. Contact

For privacy-related questions or data deletion requests:

• Email: privacy@mcpify.live
• Website: mcpify.live