Security & data handling
A factual trust layer for merchants and agencies evaluating ACP.
This page explains what ACP needs to operate, how the read-only audit is positioned, when catalog changes can happen, and how data handling should be reviewed before a team rolls the product out.
What store data is accessed
ACP is built to access the store and catalog data needed for audits, product review workflows, billing, and support. The exact fields depend on which product workflows are active.
What is read-only during audit
The public audit flow is intended to analyze catalog data and return score, severity, and recommendations without changing the merchant catalog.
When product changes can happen
Catalog changes only happen when the merchant enables the relevant workflow and uses the review, approval, or publish controls provided by the application.
How AI providers fit in
Model providers are relevant for deeper optimization workflows. Merchants should review provider usage, model configuration, and billing separately from the first audit experience.
Retention and deletion
Operational data is retained only as needed to run the service, support the merchant, and meet legal obligations. Export and deletion requests can be initiated through support.
Subprocessor categories
Subprocessors generally fall into infrastructure, billing, support delivery, and optional AI provider categories. Formal named schedules should be confirmed in signed documentation.
This page is intentionally conservative. Any final legal language for retention periods, regional transfer controls, incident handling commitments, or named subprocessors should be reviewed before publication.