Privacy Policy
This privacy policy covers the negotiate.v1 proxy API at negotiate.pier39.ai and any AI shopper agent (such as the Pier39 Custom GPT or the negotiate-mcp connector) that talks to it on your behalf.
Effective date: November 2025 · Last updated: November 2025
What we collect
When you use a shopper agent that calls our proxy API, we receive:
- HTTP request metadata: your IP address, user agent, request timestamp, and the URL you called. This is standard server log data, retained for up to 30 days for abuse prevention and rate limiting.
- Negotiation messages: the shopper turns you (or your AI agent) send to a store, plus the merchant agent's replies. These are stored in memory for the duration of an active chat session (up to 1 hour idle) and then discarded. We do NOT retain transcripts after a session ends.
- The product and store you negotiate with: needed to route your request to the correct storefront.
We do NOT collect:
- Your real name, email, payment details, or shipping address — the protocol doesn't transmit any of these
- Browser cookies, fingerprints, or cross-site tracking
- Account credentials of any kind (the proxy is unauthenticated)
What we do with it
- Route the negotiation: we forward your messages to the storefront's chat endpoint, get the merchant's reply, return it to your agent. That's the entire purpose.
- Enforce rate limits: per-IP and per-session caps to prevent abuse. These are enforced from the request metadata above.
- Operational debugging: server logs are reviewed when something breaks (an endpoint errors, a deploy fails). Logs are not used for any other purpose.
We do NOT:
- Sell, share, or rent any of this data to third parties
- Use negotiation content to train AI models
- Build user profiles or behavioral analytics
- Run advertising of any kind
What stores you negotiate with see
When you negotiate at a third-party store, your messages are forwarded to that store's negotiate.v1 chat endpoint. Each store has its own privacy policy and data-handling practices. The proxy passes your IP and User-Agent through to the store, plus the negotiation messages themselves.
Currently the only stores in the public directory are run by Pier39 (e.g., the Atlas Premium Appliance reference store at negotiate.pier39.ai/store). As more stores adopt the protocol, you should review their individual privacy policies before negotiating at them. Treat each negotiate.v1 store as a separate party — the protocol creates the conversation channel; it doesn't standardize their data practices.
Data retention
| Data | Retention |
|---|---|
| Active chat sessions (in memory) | Up to 1 hour idle, then discarded |
| Server access logs (request metadata) | Up to 30 days |
| Anonymized request counts (for analytics) | Aggregated, indefinite |
We do not retain individual negotiation transcripts after a session ends.
Your rights
You can:
- Stop using the proxy at any time. No account to delete.
- Request log deletion for your IP address by emailing the contact listed below. We delete on receipt; default retention is already 30 days.
- Inspect the source code. The entire proxy is open source at github.com/sanjana-pier39/pier39-skills. Verify our claims independently.
Cookies
The proxy API at negotiate.pier39.ai/api/proxy/* does NOT set cookies. It's a stateless REST API.
The Atlas storefront at negotiate.pier39.ai/store/* does NOT set tracking cookies. It uses one HttpOnly session cookie ONLY for the password-gated negotiation viewer at /, which isn't part of the public protocol surface.
Third-party services
The proxy is hosted on Fly.io, which has its own privacy policy. Standard Fly platform metadata (network logs, machine telemetry) is governed by their terms.
The proxy uses the Anthropic Claude API to power merchant agents at Pier39-operated stores. Anthropic's usage policies and privacy policy apply to those API calls. Negotiation messages are sent to Anthropic as part of normal API usage.
Children
The negotiate.v1 protocol and the Pier39 reference implementations are not directed at children under 13. We do not knowingly collect data from anyone under 13.
Changes to this policy
We'll update this page when we change anything material about data handling. The "Last updated" date at the top reflects the most recent revision. Substantive changes will be announced on our launch surfaces (GitHub releases, blog).
Contact
For privacy questions, log deletion requests, or anything else covered above, open an issue at github.com/sanjana-pier39/pier39-skills/issues or email sanjana@pier39.ai.
Summary in one paragraph
We run a proxy that lets AI shopping agents negotiate at compliant stores. We see your IP, the stores you visit, and the messages you send — for at most 30 days, only to keep the service running. We don't sell or share data, don't train AI on your conversations, and don't run ads. Each store you negotiate at has its own privacy practices; check theirs separately. The whole thing is open source.