This page is the canonical privacy disclosure for the Agentic Commerce for WooCommerce WordPress plugin. It documents every byte the plugin sends off your server, when it sends it, and how to turn each path off.
When you click Connect store and complete the handshake, you grant xpay a WooCommerce REST API key. xpay's backend uses it to fetch your public product catalog — the same fields a buyer sees on your shop page — and republish them at agent-feed.xpay.sh/catalog/<your-slug>.json so AI shoppers can read them.
Per product: name, description, price, currency, stock state, image URLs, categories, SKU. No customer data. No order data.
How to stop it: click Disconnect under Settings → xpay. The catalog feed is removed from xpay's CDN within minutes. You can also revoke the WooCommerce REST API key under WooCommerce → Settings → Advanced → REST API.
On first activation we ask once, via a blue admin notice: "May we send anonymous lifecycle events to help us catch broken onboarding flows?" If you click Enable anonymous telemetry, the plugin starts sending events. If you click No thanks, it sends nothing — ever.
Each event payload contains exactly:
| Field | Example | Why |
|---|---|---|
event | plugin_activated | Lifecycle stage |
site_url | https://yourstore.com | So we can group your events |
plugin_version | 0.1.4 | Detect bugs by version |
wp_version | 6.7 | Detect WP-version-specific bugs |
wc_version | 9.4 | Detect WC-version-specific bugs |
php_version | 8.1.27 | Detect PHP-version-specific bugs |
locale | en_US | Translation prioritisation |
ts | unix timestamp | Ordering |
props | {first_time: true} | Event-specific context (always small, primitives only) |
The 14 event names: plugin_activated, plugin_deactivated, settings_viewed, connect_clicked, finalize_received, finalize_success, finalize_error, audit_rerun_clicked, audit_rerun_success, audit_rerun_error, disconnected, resync_success, resync_error, connect_screen_viewed. Any payload with an unknown event name is rejected at the backend.
How to stop it:
define( 'XPAY_WC_TELEMETRY', false ); to wp-config.php. This overrides any UI choice.Retention: 90 days, then auto-deleted by DynamoDB TTL. No copies, no exports.
When an AI agent (ChatGPT, Claude, Gemini, Perplexity) decides to send a buyer to your store, the xpay backend mints a short-lived signed token containing the items the agent wants to add to the cart. The buyer's browser lands on your store at ?xpay_cart=<token>. The plugin verifies the token, populates WC()->cart with the requested items, and redirects to your existing wc_get_checkout_url().
From here on, your existing checkout is in charge. xpay sees nothing. We never know if the buyer completed the purchase, what they paid, who they are, or whether they refunded.
What we briefly hold: only the items in the signed token, for at most 15 minutes (token expiry). No buyer info.
xpay-wc-events-prod, 90-day TTL.Email privacy@xpay.sh from the admin address attached to your merchant slug, with the slug in the subject line. We process deletion within 7 business days and reply with confirmation. Includes: merchant row in DynamoDB, catalog feed in S3, every event row in the telemetry table.
Every byte described here corresponds to specific files in the plugin source. Verify yourself:
backend/wc-plugin-setup/src/resync.tsincludes/class-xpay-telemetry.phpincludes/class-xpay-client.php :: verify_jwt()includes/class-xpay-cart.phpMaterial changes will be announced in the plugin CHANGELOG with at least 14 days' notice before they take effect. The "Effective" date at the top of this page is updated on every change.