Effective Date: October 20, 2025
Last Updated: October 20, 2025
These Terms of Service govern access to and use of the AgenticCart plugin, website and related cloud services (collectively, the "Service") provided by AgenticCart ("AgenticCart", "we", "our", "us"). By installing, accessing or using the Service, you agree to be bound by these Terms. If you do not agree, you must not use the Service.
The Service is intended for business users only. You represent that you are acting for trade, business or professional purposes and have authority to bind the entity you represent.
1.1 AgenticCart is a plugin and cloud relay that enables Agentic Commerce Protocol ("ACP") compliance for WooCommerce stores by:
1.2 AgenticCart does not act as a merchant of record, payment processor, bank, money transmitter, escrow agent, marketplace, or e-commerce platform. AgenticCart is not affiliated with WooCommerce, WordPress or Automattic Inc. References to these products are descriptive only.
1.3 Commercial transactions and their outcomes remain solely between the Merchant and its End Users. AgenticCart provides only the technical interoperability and routing layer.
3.1 You must be at least 18, have full legal capacity, and have authority to bind the Merchant entity.
3.2 Access to dashboard features requires authentication through Supabase Authentication. You are responsible for safeguarding credentials, API keys and secrets.
4.1 AgenticCart grants you a limited, revocable, non-exclusive, non-transferable license to install and use the plugin on your own WooCommerce site solely to implement ACP functionality in accordance with these Terms.
4.2 You must not copy, sublicense, sell, redistribute, reverse engineer or circumvent the Service; interfere with the routing infrastructure; remove proprietary notices; or use the Service in violation of law or payment network rules.
5.1 Technical flow. When an agent or End User initiates a payment via ACP:
5.2 Scope and limitations. AgenticCart is a technical intermediary for payment initiation and order synchronization only. AgenticCart does not receive, hold, settle or refund funds; does not control authorization or settlement; and does not manage chargebacks, disputes or compliance duties under PSD2, PCI DSS or card network rules.
5.3 Merchant responsibilities. The Merchant is solely responsible for:
5.4 No guarantees. AgenticCart does not guarantee that any payment initiation will succeed or that a corresponding order will be created without error. Failures, delays, duplicates, omissions, or mismatches can occur due to Merchant configuration, third-party APIs, network conditions or agent behavior.
6.1 Summary. AgenticCart uses Supabase for managed Postgres database, object storage and authentication. AgenticCart stores certain Personal Data in Supabase for account, administration and mailing purposes, such as name, company, email address and related metadata.
6.2 Roles under GDPR.
6.3 Categories and purposes. AgenticCart may process the following categories:
6.4 Storage and retention. Personal Data stored in Supabase is encrypted at rest by the platform and transmitted over TLS. AgenticCart retains account-level data for the lifetime of the account and for a reasonable period thereafter for legal, audit and security purposes. Transient routing logs and diagnostics are retained only as necessary for security and troubleshooting, then deleted or anonymized.
6.5 Authentication. Supabase Authentication is used to create and manage user identities and session tokens. Passwords, if used, are stored by Supabase in hashed form. You must protect your credentials and promptly notify AgenticCart of suspected compromise.
6.6 International transfers. Supabase and other subprocessors may process data outside your country. Where transfers occur from the EEA to third countries, AgenticCart relies on appropriate safeguards such as Standard Contractual Clauses and additional technical and organizational measures. Details are provided in the Privacy Policy and Subprocessor List.
6.7 Legal bases. AgenticCart processes Personal Data on the following bases: performance of contract (Article 6(1)(b) GDPR), legitimate interests (Article 6(1)(f)) including security, fraud prevention and service improvement, compliance with legal obligations (Article 6(1)(c)), and consent where required for specific mailings.
6.8 Data subject rights. Data subjects may exercise rights of access, rectification, erasure, restriction, objection and portability under GDPR by contacting AgenticCart at the address in Section 22. For data processed as processor for the Merchant, AgenticCart will support the Merchant in responding to requests as required by law.
6.9 Security measures. AgenticCart implements technical and organizational measures appropriate to risk, including access controls, encryption in transit, secure key management, environment hardening, least-privilege policies, monitoring and logging. No system is completely secure. You are responsible for securing your WordPress, WooCommerce and server environments.
6.10 Data breach notification. In the event of a personal data breach affecting the Service, AgenticCart will notify affected controllers without undue delay after becoming aware, and provide information reasonably available, to support compliance with Articles 33 and 34 GDPR.
6.11 Mailing and communications. AgenticCart may send transactional emails related to account, security and service notices without additional consent. Marketing communications are sent based on consent or legitimate interest, with an unsubscribe option in each message.
6.12 DPA and subprocessors. A Data Processing Addendum incorporating the EU Standard Contractual Clauses is available upon request for Merchants established in the EEA, the UK or Switzerland. AgenticCart maintains a list of subprocessors, which currently includes Supabase (database, auth, storage), Stripe (payment token initiation), cloud hosting and email delivery providers. The list may be updated from time to time. The Merchant may subscribe to change notifications where available.
You must not use the Service to: violate law, infringe rights, misrepresent identity, engage in fraud, circumvent SCA, probe or attack systems, upload malicious code, scrape except as enabled by ACP, process special categories of data unless legally justified and disclosed, or generate deceptive or harmful agent instructions. AgenticCart may suspend or throttle access for abuse, security risk or excessive load.
The Service depends on third-party systems including WordPress, WooCommerce, Stripe and ACP-compliant agents. AgenticCart does not control these systems and is not responsible for their availability, changes, errors or security practices. You must maintain compatible versions and configurations.
AgenticCart strives for high availability but does not guarantee uninterrupted or error-free operation. Maintenance windows, feature changes and emergency security work may occur without prior notice. Updates may be required for continued operation. Optional support plans, if any, are provided as described in your plan terms.
If the Service is offered on a paid basis, fees, billing cycles and taxes will be set out at the point of subscription or order. Prices may change upon notice. You are responsible for all applicable taxes, except those based on AgenticCart's income.
The Service may include or interface with open source components. To the extent required, open source licenses govern those components in addition to these Terms. Copies of applicable licenses are available on request or in the package.
You are solely responsible for compliance applicable to your store and business, including consumer law, VAT and invoicing, product and marketing rules, data protection, financial services rules, sanctions and export control. AgenticCart does not provide legal, tax or compliance advice.
The Service is provided "as is" and "as available". To the maximum extent permitted by law, AgenticCart disclaims all warranties, whether express, implied or statutory, including warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, availability and that the Service will meet your requirements or operate without interruption or error.
To the maximum extent permitted by law, AgenticCart, its owners, employees and affiliates are not liable for indirect, incidental, special, consequential or punitive damages, loss of profits, revenues, goodwill, data or business interruption, or for transaction failures, order mismatches, duplicate or missing orders, API downtime, configuration errors or agent-driven anomalies.
The total aggregate liability of AgenticCart arising out of or related to the Service or these Terms will not exceed the amounts paid by you to AgenticCart for the Service in the twelve months preceding the event giving rise to liability. Nothing in these Terms limits liability that cannot be limited under applicable law.
You will defend, indemnify and hold harmless AgenticCart, its owners, employees and affiliates from and against all claims, damages, liabilities, costs and expenses, including reasonable legal fees, arising from or related to: a) your use or misuse of the Service, b) your Customer Content or products, c) your breach of these Terms, d) your violation of law or third-party rights, or e) disputes with End Users, agents, Stripe, WooCommerce or other third parties.
These Terms apply from first access and continue until terminated. AgenticCart may suspend or terminate access immediately if you breach these Terms, create security or legal risk, or if required by law. You may terminate by uninstalling the plugin and ceasing all use. Upon termination, your license ends and you must stop using the Service. Sections that by nature should survive will survive termination.
From time to time AgenticCart may offer beta or experimental features. These are provided for evaluation, may be changed or withdrawn at any time, may be less stable or secure and are provided without warranties.
Each party may access the other's non-public information that is identified as confidential or should reasonably be considered confidential. The receiving party will protect such information with at least the care it uses to protect its own similar information and will not disclose it except to personnel and subprocessors with a need to know who are bound by confidentiality obligations.
You must comply with all applicable export control, sanctions and anti-boycott laws. You represent that you, your owners and your End Users are not on any restricted list and will not use the Service in any embargoed or prohibited jurisdiction.
You may not assign or transfer these Terms without AgenticCart's prior written consent. AgenticCart may assign these Terms in connection with a merger, acquisition, corporate reorganization or sale of assets.
AgenticCart may modify these Terms. The updated Terms will be posted at https://agenticcart.ai/terms with a new "Last Updated" date. Material changes will be notified through reasonable means. Continued use after changes constitutes acceptance.
Legal and contractual notices, including GDPR data requests and security notifications, may be sent to: legal@agenticcart.ai
If you are located in the EEA, you may also contact your local supervisory authority. For faster handling of data subject requests, please include your account email and sufficient detail to locate the data.
These Terms are governed by the laws of Austria, excluding conflict-of-laws rules. The courts of Vienna, Austria have exclusive jurisdiction over disputes, subject to mandatory consumer venue rules if applicable. The UN Convention on Contracts for the International Sale of Goods does not apply.
If any provision is found unenforceable, it will be enforced to the maximum extent permissible and the remainder will remain in effect. These Terms constitute the entire agreement regarding the Service and supersede prior or contemporaneous agreements on the same subject. Failure to enforce a provision is not a waiver.
These Terms are provided in English. If these Terms are translated, the English version controls in case of conflict.
This Annex summarizes key data processing points for convenience and does not replace the Privacy Policy or any Data Processing Addendum.
A1. Controllers and processors. AgenticCart is controller for account and Service data it collects. AgenticCart is processor for limited pass-through End User data routed on behalf of the Merchant. The Merchant is controller for End User data in its WooCommerce store.
A2. Subprocessors. AgenticCart uses reputable providers including Supabase (database, storage, authentication), Stripe (delegated payment token initiation), cloud hosting and email delivery. The up-to-date list is available on request and may be updated.
A3. Data location and transfers. Data may be processed in the EEA and outside the EEA. AgenticCart uses appropriate safeguards for international transfers including Standard Contractual Clauses and supplementary measures.
A4. Security. Encryption in transit, encryption at rest as provided by Supabase, access controls, audit logging, key management, vulnerability management and least-privilege controls.
A5. Retention. Account data retained for the life of the account and for legal retention periods. Routing logs retained only as required for security and diagnostics, then deleted or anonymized.
A6. Data subject rights. Requests can be submitted to legal@agenticcart.ai. AgenticCart will assist the Merchant to honor End User rights where AgenticCart acts as processor.
A7. Breach notification. AgenticCart will notify affected controllers without undue delay after becoming aware of a personal data breach affecting the Service and provide information reasonably available.