How Cartograph handles your data.

• Publicly available commerce surfaces — product pages, structured data, sitemaps, robots, policies, and selected checkout surfaces.
• Information you provide in the scan form: storefront URL, work email, company name, and any optional context you choose to share.

• Access to your admin or backoffice systems.
• Access to your payment account, processor, or PSP.
• Customer data, order data, or any personally identifiable information about your shoppers.
• Production credentials, API keys, or webhook secrets.

We use the information you submit and the data we collect during the scan to produce your Agent Readiness Report and to follow up about it. We do not sell merchant data, and we do not share individual merchant reports with third parties without permission.

Aggregate, anonymized benchmarks may be published to show the state of agent readiness across the industry. Individual merchants are never identifiable in those benchmarks.

Scan inputs and reports are retained while your account is active. You can request deletion of your data at any time by emailing hello@cartograph.ai.

For security reports or questions about how Cartograph processes data, contact hello@cartograph.ai.