Legal

Legal contacts

Last updated 23 April 2026. Use the address that matches the topic — it reaches the right person fastest and gives you the right service-level commitment.

DMCA & copyright

Please send DMCA takedown notices or counter-notices to legal@shop-mcp.app. Your notice should include the identifying information required by 17 U.S.C. § 512(c)(3) — work claimed to be infringed, location of the allegedly infringing material, your contact information, a good-faith statement, and a statement of accuracy under penalty of perjury.

Where to send what

Topic	Address	Use for	Response time
Privacy & data subject requests	privacy@shop-mcp.app	Access, rectification, erasure, portability, and objection requests under the GDPR, the UK GDPR, and the Australian Privacy Act.	Acknowledge within 72 hours, respond in full within 30 days.
Security vulnerability reports	security@shop-mcp.app	Responsible disclosure of suspected security issues in the dashboard, the MCP runtime, or any published integration module.	Acknowledge within 24 hours, triage within 72 hours.
Abuse reports	abuse@shop-mcp.app	Reports of spam, scraping, stolen credentials, impersonation, or other violations of the acceptable use policy.	Acknowledge within one business day.
Billing & refunds	billing@shop-mcp.app	Invoice questions, refund requests, tax ID updates, payment method issues.	Respond within two business days.
Legal notices & service of process	legal@shop-mcp.app	DPA counter-signature requests, subpoenas, court orders, DMCA takedown notices, other legal correspondence.	Acknowledge within five business days.
General support	support@shop-mcp.app	Help with using the service, account access, and anything that doesn't fit the topics above.	Respond within one business day on weekdays.

Data subject requests

If you are an individual exercising a GDPR or Privacy Act right (access, rectification, erasure, portability, objection, restriction), email privacy@shop-mcp.app. Include your full name, the email address associated with the request, and — if you are a shopper of a ShopMCP customer rather than a direct ShopMCP user — the name of the merchant. Where the merchant is the controller of the data you are asking about, we will forward your request to them and notify you that we have done so.

Security researchers

We welcome good-faith security research. Please test only against workspaces and data you own, never attempt to access other workspaces' data, do not run denial-of-service tests against the public runtime, and do not publish findings before we have had a reasonable chance to fix them. We will acknowledge your report, credit you in the changelog if you would like, and keep you updated until the issue is resolved. See also /.well-known/security.txt.

Postal address

ShopMCP is presently a solely-online business operating out of New South Wales, Australia. We do not accept service of process at a physical address. Please use legal@shop-mcp.app for any document that would otherwise be served by post.