Privacy Policy
This privacy policy covers Nash — the proxy API at negotiate.pier39.ai (powered by the open negotiate.v1 protocol), plus any AI shopper agent (such as the Nash Custom GPT or the Nash MCP connector) that talks to it on your behalf.
Effective date: November 2025 · Last updated: June 2026
What we collect
When you use a shopper agent that calls our proxy API, we receive:
- HTTP request metadata: your IP address, user agent, request timestamp, and the URL you called. This is standard server log data, retained for up to 30 days for abuse prevention and rate limiting.
- Negotiation messages: the shopper turns you (or your AI agent) send to a store, plus the merchant agent's replies. These are stored in memory for the duration of an active chat session (up to 1 hour idle) and then discarded. We do NOT retain transcripts after a session ends.
- The product and store you negotiate with: needed to route your request to the correct storefront.
We do NOT collect:
- Your real name, email, payment details, or shipping address — the protocol doesn't transmit any of these
- Browser cookies, fingerprints, or cross-site tracking
- Account credentials of any kind (the proxy is unauthenticated)
What we do with it
- Route the negotiation: we forward your messages to the storefront's chat endpoint, get the merchant's reply, return it to your agent. That's the entire purpose.
- Enforce rate limits: per-IP and per-session caps to prevent abuse. These are enforced from the request metadata above.
- Operational debugging: server logs are reviewed when something breaks (an endpoint errors, a deploy fails). Logs are not used for any other purpose.
We do NOT:
- Sell, share, or rent any of this data to third parties
- Use negotiation content to train AI models
- Build user profiles or behavioral analytics
- Run advertising of any kind
What stores you negotiate with see
When you negotiate at a third-party store, your messages are forwarded to that store's negotiate.v1 chat endpoint. Each store has its own privacy policy and data-handling practices. The proxy passes your IP and User-Agent through to the store, plus the negotiation messages themselves.
The Nash directory includes the Atlas Premium Appliance reference store at negotiate.pier39.ai/store (operated by Pier39) as well as third-party Nash-enabled storefronts. You should review their individual privacy policies before shopping at them. Treat each Nash-enabled store as a separate party — the negotiate.v1 protocol creates the conversation channel; it doesn't standardize their data practices.
Data retention
| Data | Retention |
|---|---|
| Active chat sessions (in memory) | Up to 1 hour idle, then discarded |
| Server access logs (request metadata) | Up to 30 days |
| Anonymized request counts (for analytics) | Aggregated, indefinite |
We do not retain individual negotiation transcripts after a session ends.
Your rights
You can:
- Stop using the proxy at any time. No account to delete.
- Request log deletion for your IP address by emailing the contact listed below. We delete on receipt; default retention is already 30 days.
- Inspect the source code. The entire proxy is open source at github.com/sanjana-pier39/pier39-skills. Verify our claims independently.
Cookies
The proxy API at negotiate.pier39.ai/api/proxy/* does NOT set cookies. It's a stateless REST API.
The Atlas storefront at negotiate.pier39.ai/store/* does NOT set tracking cookies. It uses one HttpOnly session cookie ONLY for the password-gated negotiation viewer at /, which isn't part of the public protocol surface.
Third-party services
The proxy is hosted on Fly.io, which has its own privacy policy. Standard Fly platform metadata (network logs, machine telemetry) is governed by their terms.
Nash uses the Anthropic Claude API to power seller agents at Pier39-operated stores. Anthropic's usage policies and privacy policy apply to those API calls. Conversation messages are sent to Anthropic as part of normal API usage.
Children
Nash and the negotiate.v1 protocol it's built on are not directed at children under 13. We do not knowingly collect data from anyone under 13.
Changes to this policy
We'll update this page when we change anything material about data handling. The "Last updated" date at the top reflects the most recent revision. Substantive changes will be announced on our launch surfaces (GitHub releases, blog).
Contact
For privacy questions, log deletion requests, or anything else covered above, open an issue at github.com/sanjana-pier39/pier39-skills/issues or email sanjana@pier39.ai.
Summary in one paragraph
We run a proxy that lets AI shopping agents negotiate at compliant stores. We see your IP, the stores you visit, and the messages you send — for at most 30 days, only to keep the service running. We don't sell or share data, don't train AI on your conversations, and don't run ads. Each store you negotiate at has its own privacy practices; check theirs separately. The whole thing is open source.