Privacy policy
Who we are
Periskop is the product discovery layer for agentic commerce. This policy covers periskop.ai— the marketing site, developer surface, and the API/MCP described on this site. Where we act as a controller of personal data, “Periskop”, “we”, “our”, and “us” refer to the Periskop entity operating this site.
The consumer-facing portal periskop.shop is a separate surface with its own privacy policy. Where periskop.ai links out to merchant websites, those merchants operate their own sites under their own policies.
What this policy covers
This policy applies to personal data we process when you:
- Visit periskop.ai or developer-facing pages on this site.
- Submit one of our forms — the “Talk to us”, design-partner, or API/early-access form.
- Use the Periskop API or MCP server with an API key issued for this site.
- Email us at one of the addresses listed in this policy.
It does not cover periskop.shop, third-party merchant websites we link to, or unrelated services that may operate under the Periskop brand.
Personal data we collect
We collect personal data in the following ways:
- From you, via forms.Name, email address, company or use-case description, and the free-text message you submit (for example, “what are you building?”).
- From you, when you contact us. The contents of emails you send, and any information you choose to include.
- Automatically, when permitted by your consent. A session identifier and a visitor identifier (random IDs we generate — no third-party tracking identifier is set without your consent), page URLs, referrer, browser timezone and language, and basic event signals such as page views and clicks.
- From our infrastructure. Standard request metadata such as IP address and user agent are visible to our hosting and database providers and are recorded with form submissions for abuse prevention.
Data from forms and early-access requests
When you submit a form on periskop.ai — including the “Talk to us”, design-partner, or API/early-access form — we store the values you submitted, the page you submitted from, your IP address and user agent, and any UTM campaign parameters present in the URL. We store these records in our managed database (Supabase) so we can reply, evaluate fit, and contact you about Periskop.
We use this information to respond to your request and to decide whether to provide API/MCP access. We do not use it for advertising, and we do not sell it.
API/MCP and developer account data
If you obtain API or MCP access, we process the information needed to operate that access — for example, the email associated with your account, the API keys issued to you, request metadata (timestamps, endpoints, request IDs, latency, error codes), and the prompts and parameters you send to the API.
Request IDs are returned with each API response so you can correlate logs on your side with ours.
Prompts and usage data
When you call the Periskop API or MCP, the text you send (the shopping prompt, parameters, and any context you choose to include) is processed to produce product discovery results — ranked products, bundles, caveats, match quality, request IDs, image URLs, and merchant product links.
We may retain prompts and request/response metadata to operate the service, debug issues, prevent abuse, evaluate quality, and improve the recommendation engine. Please do not submit sensitive personal information (for example, health, financial account, or government-ID data) in prompts unless strictly necessary for your use case.
How we use personal data
- To provide, operate, and secure the Periskop website and API/MCP.
- To reply to your form submission or email and to evaluate early-access and design-partner requests.
- To monitor for abuse, fraud, and rate-limit violations, and to preserve service availability.
- To improve product discovery, debug issues, and measure aggregate product usage (where you have given consent for analytics).
- To comply with legal obligations and to defend against legal claims.
Legal bases
Where the EU/UK GDPR applies, we rely on the following legal bases:
- Performance of a contract / steps prior to a contract — to respond to your request, evaluate access, and operate the API/MCP you sign up for.
- Legitimate interests — to secure and improve the service, prevent abuse, and conduct business communications related to your inquiry. Where we rely on legitimate interests, we have weighed those interests against your rights.
- Consent — for non-essential analytics cookies and similar storage, where required. You can withdraw consent at any time via the Cookie settings control.
- Legal obligations — to comply with applicable laws.
AI and prompt processing
The Periskop API/MCP uses machine-learning systems to turn shopping prompts into structured product discovery results. Prompts and request/response metadata are processed within our infrastructure and by sub-processors strictly to provide and improve the service.
We do not use customer prompts to train foundation models for third parties. Where we use external model providers as sub-processors, those calls are made under contractual data processing terms.
Service providers and recipients
We rely on a small set of service providers (sub-processors) to operate periskop.ai. They process personal data only on our behalf and under contract. Current categories include:
- Hosting and edge. Provider for the website, API endpoints, and CDN.
- Managed database. Supabase, where form submissions, consent records, and event analytics are stored.
- Analytics. Google Analytics 4 (loaded only after you accept analytics cookies), with IP anonymisation enabled.
- Model providers. AI model providers used to generate product discovery results on the API/MCP path.
- Transactional email. Amazon Web Services (AWS SES, US region) used to send account and developer transactional emails (for example, email verification, password reset, API-key and credit notifications). We do not send marketing email on this path.
We may disclose personal data where required by law, to defend legal claims, or in connection with a business transaction (for example, a corporate transaction, merger, or sale of assets), in which case we will require recipients to honour this policy.
We do not sell personal data and we do not share it for cross-context behavioural advertising.
International transfers
Our service providers may process personal data outside your country of residence, including in the United States. Where transfers are made from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses with our sub-processors.
Retention
We retain personal data for as long as we need it to:
- Respond to your request and operate your access.
- Run the service and prevent abuse.
- Comply with legal, accounting, or reporting obligations.
As a guideline, form submissions and contact emails are kept for as long as the relationship is active and for a reasonable archival period afterward. API request and analytics records are kept for shorter rolling windows sufficient for debugging, abuse prevention, and aggregate analysis. Where you exercise a deletion right, we will honour it subject to legal exceptions.
Your rights
Depending on where you live, you may have the right to access, correct, delete, restrict, port, or object to processing of your personal data, and to withdraw consent where we rely on it. To exercise any of these rights, email privacy@periskop.ai. We may need to verify your identity before acting on a request.
If you are in the EU/UK and believe we have not handled your data correctly, you may also complain to your local data protection authority.
Children
periskop.ai is a business and developer surface and is not directed at children. We do not knowingly collect personal data from children under 16. If you believe a child has provided us personal data, contact privacy@periskop.ai and we will delete it.
Third-party merchant links
Periskop returns product discovery results that include links to third-party merchant product pages. We do not control those merchant sites and we are not responsible for their content, their pricing, their availability, or how they process your personal data. Their privacy policies and terms apply when you follow a merchant link.
Changes
We may update this policy. The “Last updated” date at the top reflects the most recent change. Material changes will be flagged on this page or via the relevant communication channel.
Contact
For privacy questions or to exercise your rights, email privacy@periskop.ai. For general questions, email info@periskop.ai. You can also use the Contact page.