Privacy Policy

This policy explains how personal data is collected and used when you visit mandategate.com or submit the early-access form. Agent Gateway is a product operated by Made in Graphic Ltd, a company registered in the United Kingdom (the “Controller”, “we”, “us”). We are committed to handling your data lawfully and transparently under the UK GDPR and the Data Protection Act 2018.

1. What we collect

When you submit the early-access form, we collect the information you provide:

• Store URL — your store's web address.
• Platform — e.g. WooCommerce, Shopify, custom.
• Work email — used to contact you about your pilot.
• Monthly order band — an approximate range, for sizing the pilot.
• Optional note — anything you choose to tell us.

We also process limited technical data needed to deliver the site and prevent abuse — for example, an anti-bot challenge token from Cloudflare Turnstile and standard request metadata (such as IP address) seen by our infrastructure.

We do not use advertising or tracking cookies on this site. The only cookie-like storage is the functional Cloudflare Turnstile challenge used to tell humans from bots on the form.

2. Why we use it & our lawful basis

Purpose	Lawful basis (UK GDPR)
Respond to your early-access request and set up a pilot	Legitimate interests (Art. 6(1)(f)) — handling a business enquiry you initiated
Prevent spam and automated abuse of the form	Legitimate interests (Art. 6(1)(f)) — securing our service
Send service and pilot-related email about your request	Legitimate interests (Art. 6(1)(f)); you may opt out at any time

We do not sell your data and we do not use it for unrelated marketing.

3. Who processes it (sub-processors)

We use a small number of trusted providers to operate the form and contact you. Each acts as a processor under our instructions:

• Cloudflare — anti-bot challenge (Turnstile) protecting the form.
• Self-hosted automation — our own server receives and stores the submission to manage your request.
• Resend — delivers the notification email to our team.
• Telegram — internal operational notification to our team.

Some providers may process data outside the UK. Where they do, transfers are protected by appropriate safeguards (such as UK adequacy or standard contractual clauses).

4. The verification service (for merchants)

Separately from this website, our verification API processes data on behalf of merchants who install Agent Gateway — such as merchant identifiers, cart amounts, and cryptographic mandate metadata used to verify AI-agent checkouts. In that context the merchant is the controller and we act as a processor. Agent Gateway is designed to verify the buying agent's authorization; it is not intended to identify individual human shoppers, and human checkout traffic is not processed by the verification flow.

5. How long we keep it

We keep early-access submissions for as long as needed to evaluate and run your pilot, and for a reasonable period afterwards for our records. If your request does not proceed, we delete or anonymise the data once it is no longer needed. You can ask us to delete it sooner (see your rights below).

6. Your rights

Under UK data protection law you have the right to:

• access the personal data we hold about you;
• have inaccurate data corrected;
• have your data erased;
• restrict or object to our processing;
• receive your data in a portable format.

To exercise any of these, email info@madeingraphic.co.uk. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Security

The site is served over HTTPS, the form is protected by an anti-bot challenge, and submissions are transmitted over encrypted connections to our own infrastructure. No method of transmission or storage is perfectly secure, but we take reasonable measures to protect your data.

8. Changes

We may update this policy as the product develops. Material changes will be reflected by the “Last updated” date above.

Terms of Service →