Privacy Policy
Last updated: April 27, 2026
Who we are
agentcentral is operated by Eulyptica (“we”, “us”, “our”). Our product gives AI agents programmatic access to Amazon seller data via MCP servers.
What we collect
- Account info — email address and name when you sign up.
- Amazon OAuth tokens — access and refresh tokens issued by Amazon through its official OAuth flow, encrypted at rest. Used only to sync your seller data and, where enabled, submit Amazon API changes requested through the Service. We never store your Amazon password.
- Amazon seller data — advertising metrics, inventory levels, sales data, and related information synced from your Amazon account. Stored in an isolated BigQuery dataset per account.
- Usage data — basic analytics (page views, feature usage) via Vercel Analytics. No cookies, no cross-site tracking.
How we use your data
- To sync and serve your Amazon seller data to your AI agent.
- To authenticate your account and manage your subscription.
- To operate, secure, and debug the Service, including account-specific sync or API issues.
We do not sell your data. We do not use your Amazon data to train models. Your data is yours.
Product analytics and product improvement use usage data and operational metadata, not your Amazon business data. We inspect account-specific Amazon data only when needed to provide support, debug your account, operate the Service for you, or comply with law.
Amazon account access
We use Amazon’s official OAuth authorization flow when you connect Amazon Ads or Seller Central. Amazon provides tokens scoped to the permissions you approve; we do not ask for, see, or store your Amazon password.
OAuth tokens are encrypted before storage using Google Cloud KMS and are used only by Agent Central’s backend services to sync your data and perform Amazon API writes requested through the Service. We do not expose raw Amazon OAuth tokens through MCP tools, customer dashboards, or AI agent responses.
You can revoke Agent Central’s Amazon access from Amazon or request account deletion from Agent Central. Revoking access stops future syncs and Amazon API writes until you reconnect.
Data isolation
Each account’s Amazon data is isolated at the infrastructure level. Your advertising, inventory, and sales data is never mixed with other accounts’ data.
Subprocessors
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Google Cloud Platform | Data storage, processing, encryption | Amazon seller data, encrypted OAuth tokens | US (us-central1) |
| Vercel | Website hosting, privacy-friendly analytics | Page views, feature usage (no cookies) | US |
| Amazon (Advertising API, SP-API) | Data sync via Advertising API and SP-API | API credentials (in transit only) | US |
We will notify you by email before adding new subprocessors.
Legal basis for processing (GDPR)
We process your personal data under the following legal bases:
- Contract performance — processing your Amazon data is necessary to deliver the service you signed up for.
- Legitimate interest — product improvement, security monitoring, and fraud prevention.
- Consent — where required, such as marketing communications. You may withdraw consent at any time.
International data transfers
agentcentral is operated from the United States. If you are located in the European Economic Area (EEA), UK, or Switzerland, your data is transferred to the US for processing. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard these transfers.
Data retention
We retain your Amazon data for as long as your account is active. When you cancel, your data is deleted within 30 days. You can request immediate deletion at any time.
Security
OAuth tokens are encrypted at rest using Google Cloud KMS. All data in transit uses TLS. BigQuery datasets are access-controlled per account. Service accounts use least-privilege IAM roles.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of your personal data
- Correct inaccurate data
- Delete your account and all associated data
- Restrict or object to certain processing
- Data portability (receive your data in a structured format)
- Lodge a complaint with your local data protection authority (EEA/UK residents)
Contact us at support@agentcentral.to to exercise any of these rights.
California residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:
- Categories collected — identifiers (email, name), commercial information (Amazon seller data), and internet activity (usage analytics).
- No sale of personal information — we do not sell, share, or use your personal information for cross-context behavioral advertising.
- Right to know and delete — you may request disclosure of the data we hold or request deletion.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
Data Processing Agreement
A Data Processing Agreement (DPA) is available on request for customers who require one. Contact support@agentcentral.to.
Changes
We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect, except where changes are required by law or to address a security incident.