Back to Periskop
Privacy

Privacy policy

How Periskop collects, uses, and protects personal data on periskop.ai — the marketing site, developer surface, and the API/MCP. Written for humans, not lawyers; reviewed against the actual implementation in this repository.
Last updated · May 26, 2026

Who we are

Periskop is the product discovery layer for agentic commerce. This policy covers periskop.ai— the marketing site, developer surface, and the API/MCP described on this site. Where we act as a controller of personal data, “Periskop”, “we”, “our”, and “us” refer to the Periskop entity operating this site.

The consumer-facing portal periskop.shop is a separate surface with its own privacy policy. Where periskop.ai links out to merchant websites, those merchants operate their own sites under their own policies.

What this policy covers

This policy applies to personal data we process when you:

  • Visit periskop.ai or developer-facing pages on this site.
  • Submit one of our forms — the “Talk to us”, design-partner, or API/early-access form.
  • Use the Periskop API or MCP server with an API key issued for this site.
  • Email us at one of the addresses listed in this policy.

It does not cover periskop.shop, third-party merchant websites we link to, or unrelated services that may operate under the Periskop brand.

Personal data we collect

We collect personal data in the following ways:

  • From you, via forms.Name, email address, company or use-case description, and the free-text message you submit (for example, “what are you building?”).
  • From you, when you contact us. The contents of emails you send, and any information you choose to include.
  • Automatically, when permitted by your consent. A session identifier and a visitor identifier (random IDs we generate — no third-party tracking identifier is set without your consent), page URLs, referrer, browser timezone and language, and basic event signals such as page views and clicks.
  • From our infrastructure. Standard request metadata such as IP address and user agent are visible to our hosting and database providers and are recorded with form submissions for abuse prevention.

Data from forms and early-access requests

When you submit a form on periskop.ai — including the “Talk to us”, design-partner, or API/early-access form — we store the values you submitted, the page you submitted from, your IP address and user agent, and any UTM campaign parameters present in the URL. We store these records in our managed database (Supabase) so we can reply, evaluate fit, and contact you about Periskop.

We use this information to respond to your request and to decide whether to provide API/MCP access. We do not use it for advertising, and we do not sell it.

API/MCP and developer account data

If you obtain API or MCP access, we process the information needed to operate that access — for example, the email associated with your account, the API keys issued to you, request metadata (timestamps, endpoints, request IDs, latency, error codes), and the prompts and parameters you send to the API.

Request IDs are returned with each API response so you can correlate logs on your side with ours.

Prompts and usage data

When you call the Periskop API or MCP, the text you send (the shopping prompt, parameters, and any context you choose to include) is processed to produce product discovery results — ranked products, bundles, caveats, match quality, request IDs, image URLs, and merchant product links.

We may retain prompts and request/response metadata to operate the service, debug issues, prevent abuse, evaluate quality, and improve the recommendation engine. Please do not submit sensitive personal information (for example, health, financial account, or government-ID data) in prompts unless strictly necessary for your use case.

Analytics and cookies

periskop.ai uses a small number of cookies and similar browser storage. The full inventory and your options are listed on our Cookies page. In summary:

  • Essential storagerecords your cookie consent decision (granted or denied) so we don’t re-ask on every page load. This is always on.
  • Analytics— internal event analytics and (when configured) Google Analytics 4 — only load and run after you select “Accept all”. If you select “Essential only”, analytics scripts are not loaded and no analytics identifiers are stored on your device.

You can change your decision at any time using the Cookie settings button in the footer, which clears your stored decision and reopens the banner.

How we use personal data

  • To provide, operate, and secure the Periskop website and API/MCP.
  • To reply to your form submission or email and to evaluate early-access and design-partner requests.
  • To monitor for abuse, fraud, and rate-limit violations, and to preserve service availability.
  • To improve product discovery, debug issues, and measure aggregate product usage (where you have given consent for analytics).
  • To comply with legal obligations and to defend against legal claims.

AI and prompt processing

The Periskop API/MCP uses machine-learning systems to turn shopping prompts into structured product discovery results. Prompts and request/response metadata are processed within our infrastructure and by sub-processors strictly to provide and improve the service.

We do not use customer prompts to train foundation models for third parties. Where we use external model providers as sub-processors, those calls are made under contractual data processing terms.

Service providers and recipients

We rely on a small set of service providers (sub-processors) to operate periskop.ai. They process personal data only on our behalf and under contract. Current categories include:

  • Hosting and edge. Provider for the website, API endpoints, and CDN.
  • Managed database. Supabase, where form submissions, consent records, and event analytics are stored.
  • Analytics. Google Analytics 4 (loaded only after you accept analytics cookies), with IP anonymisation enabled.
  • Model providers. AI model providers used to generate product discovery results on the API/MCP path.
  • Transactional email. Amazon Web Services (AWS SES, US region) used to send account and developer transactional emails (for example, email verification, password reset, API-key and credit notifications). We do not send marketing email on this path.

We may disclose personal data where required by law, to defend legal claims, or in connection with a business transaction (for example, a corporate transaction, merger, or sale of assets), in which case we will require recipients to honour this policy.

We do not sell personal data and we do not share it for cross-context behavioural advertising.

International transfers

Our service providers may process personal data outside your country of residence, including in the United States. Where transfers are made from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses with our sub-processors.

Retention

We retain personal data for as long as we need it to:

  • Respond to your request and operate your access.
  • Run the service and prevent abuse.
  • Comply with legal, accounting, or reporting obligations.

As a guideline, form submissions and contact emails are kept for as long as the relationship is active and for a reasonable archival period afterward. API request and analytics records are kept for shorter rolling windows sufficient for debugging, abuse prevention, and aggregate analysis. Where you exercise a deletion right, we will honour it subject to legal exceptions.

Your rights

Depending on where you live, you may have the right to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent where we rely on it. To exercise any of these rights, email privacy@periskop.ai. We may need to verify your identity before acting on a request.

If you are in the EU/UK and believe we have not handled your data correctly, you may also complain to your local data protection authority.

Children

periskop.ai is a business and developer surface and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact privacy@periskop.ai and we will delete it.

Changes

We may update this policy. The “Last updated” date at the top reflects the most recent change. Material changes will be flagged on this page or via the relevant communication channel.

Contact

For privacy questions or to exercise your rights, email privacy@periskop.ai. For general questions, email info@periskop.ai. You can also use the Contact page.