Authentication & Authorization
AgenticCart implements multiple layers of security to protect your store and customer data throughout the entire purchase flow.
License-Based Authentication
All checkout and order creation API requests require a valid Bearer token (your license key). This prevents unauthorized access to sensitive operations.
Authorization: Bearer {your-license-key}
Domain Verification
Domains must be verified before checkout sessions can be created. This prevents domain spoofing and ensures requests come from legitimate, authorized stores.
HTTPS Enforcement
All API communication must use HTTPS with TLS 1.2 or higher. This encrypts data in transit and prevents man-in-the-middle attacks and eavesdropping.
Data Privacy
AgenticCart is designed with privacy-first principles to minimize data collection and protect customer information:
No Payment Data Storage
Card information never touches AgenticCart servers. Stripe handles all payment data with PCI DSS Level 1 compliance.
Minimal Data Collection
Only stores information necessary for order processing: names, shipping addresses, and order details.
No Tracking
AgenticCart doesn't track individual customer behavior, build profiles, or share data with third parties.
GDPR Compliant
Customer data is processed lawfully under legitimate interest for order fulfillment and contractual necessity.
Compliance Considerations
PCI DSS
Payment Card Industry Data Security Standard compliance is handled entirely by Stripe. You benefit from their Level 1 certification without additional requirements.
What this means: No need for security audits, PCI questionnaires, or infrastructure changes specific to payment processing.
GDPR
AgenticCart processes personal data only for order fulfillment, which is a contractual necessity. Update your privacy policy to mention AI-facilitated purchases.
Action Required: Add a section to your privacy policy explaining that customers may purchase through AI assistants like ChatGPT.
Consumer Protection Laws
All standard e-commerce laws apply to AI-facilitated purchases. Ensure your return policy, terms of service, and product information comply with your jurisdiction.
Liability & Disputes
Your Rights & Obligations
Orders placed through ChatGPT are legally equivalent to orders placed on your website. You retain the same rights and obligations:
- Your return and refund policies apply
- Product warranties and guarantees remain valid
- Customer service inquiries should be handled through your normal channels
- Disputes follow standard e-commerce resolution procedures
Security Best Practices
Recommended Actions
Keep Software Updated
Regularly update WordPress, WooCommerce, and AgenticCart plugin to ensure you have the latest security patches.
Strong Passwords
Use strong, unique passwords for admin accounts. Consider implementing two-factor authentication.
Regular Backups
Maintain regular backups of your WooCommerce database and files. Test restoration procedures periodically.
Monitor Activity
Monitor orders for unusual patterns or fraud indicators. Use WooCommerce fraud detection tools.
Protect License Key
Keep your license key confidential. Never commit it to public repositories or share it publicly.
Security Plugins
Consider using WordPress security plugins for additional protection, firewall, and malware scanning.
Built for Security
AgenticCart is architected with security as a foundational principle, not an afterthought. Every component - from API authentication to payment processing - follows industry best practices and security standards.
By leveraging proven platforms like Stripe for payments and implementing defense-in-depth security measures, AgenticCart provides enterprise-grade protection for your store and customers.