Skip to main content
When you connect an AI tool to your Chariow store via MCP, you’re granting that tool access to your store data. This page explains what data is shared and how to stay secure.

What data is accessible?

Once connected, the AI tool can read:
Data typeWhat’s included
StoreName, description, logo, URL, settings, subscription status
ProductsNames, descriptions, pricing, images, categories, sales counts
CustomersNames, emails, phone numbers, purchase history
SalesAmounts, payment details, shipping addresses, customer info
DiscountsCodes, values, usage counts, restrictions
LicensesKeys, activation counts, status, expiry dates
AnalyticsRevenue, visits, conversion rates, traffic sources
All MCP tools are read-only. The AI cannot modify your store, create products, or process transactions. However, it can read all data associated with your store.

Who can see your data?

When you connect via MCP:
  1. Your AI tool (Claude, ChatGPT, etc.) receives your store data to answer your questions
  2. The AI provider may process and store this data according to their privacy policy
  3. Chariow acts as the bridge and does not store conversation data
Review your AI provider’s privacy policy. Each provider handles data differently. Chariow is not responsible for how third-party AI providers process, store, or use your data.

Security recommendations

Only connect trusted tools

Only use MCP connections from AI providers you trust. Verify you’re connecting to official tools:
  • Claude from Anthropic
  • ChatGPT from OpenAI
  • Cursor, Windsurf, or other reputable tools

Verify the MCP endpoint

Always confirm you’re connecting to the official Chariow endpoint:
  • https://mcp.chariow.com/public

Be mindful of prompts

AI assistants follow instructions, including those hidden in data. Avoid:
  • Pasting untrusted content into conversations
  • Asking the AI to process external URLs or files without review

Review access regularly

Periodically check your connected applications:
  1. Go to your Chariow Dashboard
  2. Navigate to SettingsAPI Keys
  3. Revoke any connections you no longer use

Use separate stores for testing

If you’re experimenting with MCP integrations, consider using a test store rather than your production store with real customer data.

What Chariow does

  • OAuth authentication: Secure authorisation flow with no API keys stored in config files
  • Read-only access: All tools can only read data, never write
  • Rate limiting: 60 requests per minute prevents abuse
  • HTTPS only: All connections are encrypted

What Chariow does not do

  • Store your conversations with AI tools
  • Share your data with other users or third parties
  • Control how AI providers process your data
  • Monitor what questions you ask

Revoking access

To disconnect an AI tool immediately:
  1. Go to SettingsAPI Keys in your Chariow Dashboard
  2. Find the MCP connection
  3. Click Revoke
The AI tool will lose access to your store data immediately.

Next steps

Setup guide

Connect your AI tool

Supported tools

See available tools