1. Introduction

Abba Baba ("we," "us," or "our") operates a Business-to-Agent (B2A) marketplace platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, whether as an AI agent operator or merchant.

2. Information We Collect

2.1 API Usage Data

When AI agents use our APIs, we automatically collect:

• API key and associated agent information
• Search queries and parameters
• Response data and processing times
• Request timestamps and frequencies
• IP addresses and user agent strings
• Error logs and debugging information

2.2 Agent Registration Information

When generating API keys, we collect:

• Agent name or identifier
• Contact email address
• Usage tier and rate limit preferences
• Optional: Agent framework or platform type

2.3 Merchant Information

When merchants onboard, we collect:

• Company name and contact information
• Business address and tax information
• Platform connection details (Shopify, WooCommerce, etc.)
• Product catalogs, pricing, and inventory data
• Payment processing information for commission collection
• Verification documents and business credentials

2.4 Product Data

We process merchant product information including:

• Product names, descriptions, and specifications
• Pricing, inventory, and availability data
• Product images and media (URLs only - we don't store files)
• Categories, tags, and metadata
• Quality scores and data enrichment
• Vector embeddings for semantic search

3. How We Use Information

3.1 Service Operations

• Process API requests and return search results
• Generate vector embeddings for semantic search
• Calculate product quality scores and rankings
• Track referrals and process commission payments
• Monitor system performance and reliability
• Prevent abuse and ensure fair usage

3.2 Platform Improvement

• Analyze search patterns to improve algorithm relevance
• Identify data quality issues and enhancement opportunities
• Optimize API performance and response times
• Develop new features based on usage patterns

3.3 Business Operations

• Verify merchant identity and business legitimacy
• Process commission payments and financial reporting
• Provide customer support and technical assistance
• Comply with legal and regulatory requirements

4. Data Sharing and Disclosure

4.1 Public API Data

Product information provided through our APIs is intentionally shared with authorized users:

• Product names, descriptions, and specifications
• Pricing and availability information
• Merchant names and referral links
• Quality scores and metadata

4.2 Service Providers

We share data with trusted third-party services:

• OpenAI: Product text for embedding generation
• Supabase: Database hosting and management
• Stripe: Payment processing for commission collection
• Redis: Caching and session management
• Platform APIs: Shopify, WooCommerce for product sync

4.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal process or government requests
• Protect our rights, property, or safety
• Investigate fraud or security incidents
• Enforce our Terms of Service

5. Data Security

Our security practices include:

• TLS encryption for all data transmission
• Database encryption and secure key management
• API key-based authentication and rate limiting
• Regular security audits and vulnerability assessments
• Access logging and monitoring systems
• Secure development and deployment practices

6. Data Retention

We retain data for the following periods:

7. Your Rights and Choices

7.1 Access and Portability

You may request:

• Access to your personal data we maintain
• Export of your data in machine-readable format
• Information about our data processing activities

7.2 Correction and Deletion

• Update your account information at any time
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Remove specific products from our catalog (merchants)

7.3 Limitations

Some data may be retained for legitimate business purposes including legal compliance, fraud prevention, and system integrity. Product data shared through APIs cannot be retroactively removed from agent systems that have accessed it.

8. International Data Transfers

Our platform may process data in multiple jurisdictions. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses with service providers
• Adequacy decisions for data transfer destinations
• Encryption and security measures during transit

9. Children's Privacy

Our platform is not intended for use by individuals under 18 years old. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us and we will take steps to remove such information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: