Shop MCPLegal

Legal

Cookie policy

Effective 4 May 2026. ShopMCP uses a deliberately short list of cookies and similar storage mechanisms. This page names each one and explains why we set it.

No advertising cookies

We do not run Google Analytics, Facebook Pixel, LinkedIn Insight Tag, Hotjar, or any other advertising script on the marketing site, the dashboard, or the legal hub. Server-side request logs are retained for operational purposes only — see the privacy policy for the full list.

The cookies we set

NamePurposeCategoryRetention
better-auth.session_tokenSigns a logged-in session. Without it, the dashboard cannot remember who you are between requests.Strictly necessarySession, renewed for up to 30 days
better-auth.csrf_tokenCross-site request forgery defence. Pairs with the session cookie so we can reject requests that did not originate from the dashboard.Strictly necessarySession
shopmcp.active_workspaceRemembers which workspace you last selected when your account belongs to more than one. Purely a convenience — the active workspace is still authenticated server-side on every request.Functional30 days
shopmcp.themeRemembers the dashboard's light / dark / system preference across visits.Functional365 days
Smallchat / Firebase storagePowers the support chat bubble and keeps the chat conversation available while visitors use the app.FunctionalControlled by Smallchat and Firebase
__stripe_mid / __stripe_sidSet by Stripe on the billing and checkout pages for fraud prevention. Only present while you are on a Stripe-rendered page; we do not set them ourselves.Strictly necessary__stripe_mid 365 days, __stripe_sid 30 min

How to refuse non-essential cookies

Strictly necessary cookies cannot be refused without breaking the service — you cannot sign in without a session cookie. Functional cookies can be declined by clearing them in your browser at any time; the dashboard will fall back to defaults (the first workspace in alphabetical order, system-default theme) on the next visit.

Most browsers let you block or purge cookies per site from the site-info panel next to the address bar. We show a lightweight notice rather than a granular consent banner because the current non-essential storage is limited to preferences and support chat.

Third parties

The third-party cookies or browser storage you may encounter while using ShopMCP are set by Smallchat for support chat and by Stripe on pages that render Stripe's billing or checkout elements. See Smallchat's privacy policy and Stripe's privacy policy.

Changes to this policy

If we add a cookie we will update the table in the same release and, where consent is required, show a banner asking for it before the cookie is set. Material changes will be emailed to workspace owners.

Questions

Email privacy@shop-mcp.app if anything on this page is unclear.