Privacy Policy
Last updated: June 9, 2026
Who we are
agentcentral is operated by Eulyptica (“we”, “us”, “our”). Our product gives AI agents programmatic access to Amazon seller data via MCP servers.
What we collect
- Account info — email address and name when you sign up.
- Amazon OAuth tokens — access and refresh tokens issued by Amazon through its official OAuth flow, encrypted at rest. Used only to sync your seller data and, where enabled, submit Amazon API changes requested through the Service. We never store your Amazon password.
- Amazon seller data — advertising metrics, inventory levels, sales data, and related information synced from your Amazon account. Stored in account-isolated cloud storage.
- Usage data — basic analytics (page views, feature usage) via Vercel Analytics. No cookies, no cross-site tracking.
- Marketing attribution data — ad click identifiers, UTM parameters, landing page, referral source, signup and activation events, and limited account identifiers used for advertising measurement and customer-list suppression.
How we use your data
- To sync and serve your Amazon seller data to your AI agent.
- To authenticate your account and manage your subscription.
- To operate, secure, and debug the Service, including account-specific sync or API issues.
- To measure the effectiveness of our advertising, understand which campaigns lead to signups, account activation, or paid subscriptions, and avoid showing acquisition ads to existing accounts.
We do not sell your data. We do not use your Amazon data to train models. Your data is yours.
Product analytics and product improvement use usage data and operational metadata, not your Amazon business data. We inspect account-specific Amazon data only when needed to provide support, debug your account, operate the Service for you, or comply with law.
Amazon account access
We use Amazon’s official OAuth authorization flow when you connect Amazon Ads or Seller Central. Amazon provides tokens scoped to the permissions you approve; we do not ask for, see, or store your Amazon password.
OAuth tokens are encrypted before storage using managed encryption and are used only by agentcentral’s backend services to sync your data and perform Amazon API writes requested through the Service. We do not expose raw Amazon OAuth tokens through MCP tools, customer dashboards, or AI agent responses.
You can revoke agentcentral’s Amazon access from Amazon or request account deletion from agentcentral. Revoking access stops future syncs and Amazon API writes until you reconnect.
Data isolation
Each account’s Amazon data is isolated at the infrastructure level. Your advertising, inventory, and sales data is never mixed with other accounts’ data.
Subprocessors
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Google Cloud Platform | Data storage, processing, encryption | Amazon seller data, encrypted OAuth tokens | United States |
| Vercel | Website hosting, privacy-friendly analytics | Page views, feature usage (no cookies) | US |
| Amazon (Advertising API, SP-API) | Data sync via Advertising API and SP-API | API credentials (in transit only) | US |
| Google Ads | Advertising measurement, conversion tracking, and customer-list suppression | Hashed email, ad click identifiers, conversion event metadata | US/global |
We will notify you by email before adding new subprocessors.
Service providers
Separate from the subprocessors above, which handle data we process on your behalf, we use the following providers for our own operations such as billing, account records, and communications:
| Provider | Purpose | Data processed | Location |
|---|---|---|---|
| Stripe | Payment processing and subscription billing | Name, email, billing details (card data is handled by Stripe and never stored by us) | US/global |
| Resend | Transactional and product email delivery | Email address, email content | US |
| Supabase | Account and service records, onboarding email state | Email address, account and configuration records | United States |
Legal basis for processing (GDPR)
We process your personal data under the following legal bases:
- Contract performance — processing your Amazon data is necessary to deliver the service you signed up for.
- Legitimate interest — product improvement, security monitoring, and fraud prevention.
- Consent — where required, such as marketing communications. You may withdraw consent at any time.
International data transfers
agentcentral is operated from the United States. If you are located in the European Economic Area (EEA), UK, or Switzerland, your data is transferred to the US for processing. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to safeguard these transfers.
Data retention
We retain your Amazon data for as long as your account is active. When you cancel, your data is deleted within 30 days. You can request immediate deletion at any time.
Security
OAuth tokens are encrypted at rest. All data in transit uses TLS. Account data is access-controlled per account. Production access follows least-privilege controls.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of your personal data
- Correct inaccurate data
- Delete your account and all associated data
- Restrict or object to certain processing
- Data portability (receive your data in a structured format)
- Lodge a complaint with your local data protection authority (EEA/UK residents)
Contact us at support@agentcentral.to to exercise any of these rights.
California residents (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides additional rights:
- Categories collected — identifiers (email, name), commercial information (Amazon seller data), and internet activity (usage analytics).
- No sale of personal information — we do not sell, share, or use your personal information for cross-context behavioral advertising.
- Right to know and delete — you may request disclosure of the data we hold or request deletion.
- Non-discrimination — we will not discriminate against you for exercising your CCPA rights.
Data Processing Agreement
Our Data Processing Agreement forms part of our Terms of Service and applies whenever we process personal data on your behalf. Questions: support@agentcentral.to.
Changes
We may update this policy from time to time. Material changes will be communicated via email at least 30 days before they take effect, except where changes are required by law or to address a security incident.