Privacy Policy
Advocate ("we", "our", or "us") operates the Advocate platform at advocatemcp.com. This Privacy Policy explains how we collect, use, share, and protect information about our clients and their business profiles.
1. Information We Collect
We collect the following categories of information:
- Business profile data: business name, category, city/state, services offered, pricing range, availability, differentiators, and contact information you provide during onboarding
- Account data: email address used to create and manage your account
- Payment information: processed by Stripe; we do not store full card numbers
- Query logs: AI queries received at your domain endpoint and the structured responses generated, retained for analytics and improvement purposes
- Analytics data: page views, AI crawler hit counts, crawler type (GPTBot, ClaudeBot, etc.), intent classification labels, and referral click counts
- Technical data: IP addresses (hashed for privacy), browser/crawler User-Agent strings, and request timestamps
2. How We Use Your Information
We use the information we collect to:
- Generate AI agent responses using your business profile as context
- Improve response quality and platform performance
- Process subscription payments and manage your account
- Provide dashboard analytics showing your AI referral activity
- Send service emails including onboarding instructions, billing notices, and policy updates
- Comply with legal obligations
3. Third-Party Services
We work with AI response providers, cloud infrastructure partners, and payment processors to deliver the Advocate service. These providers process your data only as necessary to deliver their respective functions, and each provider's own privacy policy governs their handling of data.
- AI response providers: Your business profile data is processed to generate AI agent responses on your behalf.
- Cloud infrastructure: DNS routing, hosting, and database infrastructure used to operate the platform. Request metadata (IP addresses, User-Agent strings) is processed as part of normal request handling.
- Payment processors: Subscription billing and payment processing. We do not store full card numbers.
We do not sell your personal data to third parties.
4. Data Retention
- Business profile data: retained while your account is active plus 90 days after cancellation, then permanently deleted
- Query logs: retained for 12 months, then deleted
- Payment records: retained per Stripe's data retention policy (typically 7 years for tax and legal compliance)
- Hashed IP addresses: retained for 90 days
5. CCPA 2026 — Automated Decision-Making (ADMT) Disclosure
Advocate uses automated decision-making technology (ADMT) to classify search queries and generate business recommendations. This processing occurs without human review of individual queries.
California residents have the following rights under California Privacy Rights Act (CPRA) as applicable:
- Right to know what personal information is collected and how it is used
- Right to delete personal information (subject to legal retention requirements)
- Right to opt out of ADMT processing (note: opting out will disable your AI agent endpoint)
- Right to correct inaccurate personal information
- Right to non-discrimination for exercising privacy rights
To exercise any of these rights, contact privacy@advocatemcp.com. Advocate does not sell personal data as defined under California law.
6. GDPR — EU/EEA Residents
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal data on the following lawful bases:
- Contract performance: processing necessary to provide the Advocate service you have subscribed to
- Legitimate interests: platform analytics and service improvement, where your interests do not override ours
- Legal compliance: where required by applicable law
EU/EEA residents have the right to access, rectify, erase, restrict processing of, and port their personal data. You also have the right to object to processing based on legitimate interests.
To exercise these rights or to request a Data Processing Agreement (DPA), contact privacy@advocatemcp.com. A DPA template is available at /dpa.
7. EU AI Act Compliance
All AI-generated responses served through the Advocate platform are automatically labeled as AI-generated content in compliance with EU AI Act transparency requirements effective August 2026. Every agent response includes machine-readable fields identifying the content as AI-generated and providing a disclosure statement.
8. Cookies and Tracking
Advocate uses:
- Session cookies: required for dashboard authentication only, expire when you close your browser
- No third-party advertising or tracking cookies
- Platform analytics: privacy-preserving, aggregated traffic analytics with no cross-site tracking
You can disable session cookies in your browser settings, but this will prevent you from accessing the dashboard.
9. Data Processing Agreement (DPA)
A one-page Data Processing Agreement is available for EU clients at /dpa. To request a signed DPA, contact privacy@advocatemcp.com.
10. Contact
- For privacy-related questions, data subject requests, or DPA requests: privacy@advocatemcp.com
- For general support: hello@advocatemcp.com
- Mailing address: Advocate, Austin, TX