Coupons

1) Scope

This policy explains how we process data through the Coupons App when it is used inside ChatGPT. The App displays a read-only, interactive list of coupon offers that can be expanded, copied, or opened externally from the chat. This policy covers Spheric Admin Ltd's processing through the App, its MCP server, and related hosting, logging, and analytics services. It does not replace OpenAI's policies for ChatGPT platform processing.

Important: Our current MCP server configuration logs full MCP request bodies to the server console and sends HTTP and MCP request telemetry to Mixpanel using Mixpanel's EU endpoint. For this App, that can include the full coupons array passed to the tool, JSON-RPC request IDs, MCP method names, IP address, user agent, and, for tool calls, an OpenAI subject identifier if the platform provides one.

2) Current tool contract and app behavior covered by this policy

• Tool input field: coupons, an array of coupon objects.
• Each coupon object can include code (optional), name, description, notes (optional), and url (optional).
• Structured tool output field returned by our MCP server: coupons, containing the same coupon array that was supplied to the tool.
• Tool response metadata: timestamp (ISO datetime).
• Assistant-facing tool response text: a confirmation such as Displayed 2 coupons. plus a JSON string containing the structured output.
• In-widget state: the widget stores expandedCouponIndex in temporary ChatGPT widget state so it can remember which coupon row is open during the session.
• Local browser/device action: if a coupon has a code, the widget can copy that code to your device clipboard.
• External-link action: if a coupon has a url, the widget can ask ChatGPT or the host environment to open that source page externally.

The App is a presentation tool. It does not search the web, verify coupon freshness, rank offers, or call a third-party coupon API. It renders the coupon list it is given and returns that same list in structured form.

3) Data categories, purposes, recipients, retention, and controls

3.1 Tool invocation data and returned coupon content

What: The coupons tool input array, the coupon-object fields within it (code, name, description, notes, url), the returned structured coupons output, the assistant-facing confirmation and JSON text, and response metadata timestamp.
Why: To validate the tool request, render the coupons widget, return the structured tool result, and let the assistant know how many coupons were displayed.
Recipients: Our MCP server and OpenAI/ChatGPT as part of the tool invocation flow. Under the current server configuration described in Section 3.4, request parameters can also appear in server console logs and Mixpanel telemetry.
Retention by us: We do not use a separate app database to keep a persistent coupon history. However, the current hosted server configuration logs full MCP request bodies and sends MCP request parameters to Mixpanel telemetry, so the coupon data passed into the tool may be retained in those systems for the periods described in Section 3.4.
Your controls: You can choose whether to use the App and can avoid placing personal or sensitive information inside coupon names, descriptions, notes, codes, URLs, or surrounding prompts.

3.2 In-session widget state

What: Temporary widget state indicating which coupon row is expanded, stored as expandedCouponIndex inside ChatGPT widget state.
Why: To keep the widget responsive and preserve the open or closed row view while you interact with the coupon list during the session.
Recipients: OpenAI/ChatGPT and its widget runtime. The current widget code does not call our server again when you expand or collapse rows.
Retention by us: We do not intentionally store this widget state in our own application database. It is intended to be temporary and handled mainly by the ChatGPT/OpenAI platform during the active session.
Your controls: You can choose whether to interact with the widget and can manage ChatGPT conversation data through OpenAI controls.

3.3 Clipboard and external source-link actions

What: If a coupon includes a code, you can copy that code to your device clipboard. If a coupon includes a source url, you can open that page externally from the widget.
Why: To let you use a coupon code more easily and review the source page associated with an offer.
Recipients: Your browser or device clipboard for copy actions. For external-link actions, ChatGPT or the host environment handling the open request, plus the destination website and its service providers, may receive standard request data such as the requested URL, IP address, and user agent when the page opens.
Retention by us: We do not intentionally store clipboard contents in our own systems. We do not receive the external site's response content through this widget, although standard technical request data related to App delivery and MCP requests is handled as described in Section 3.4.
Your controls: You decide whether to copy a code or open a source page.

3.4 Technical delivery data, server logs, and analytics telemetry

What: Technical data generated when the App is delivered or invoked, including HTTP method, request path and original URL, IP address, user agent, response status, response time, JSON-RPC request ID, MCP method, and MCP request params. Under the current server code, console logs record full MCP request bodies, and Mixpanel telemetry can include request params and, for tool calls, an OpenAI subject identifier if supplied in request metadata.
Why: Security, abuse prevention, reliability, debugging, performance monitoring, and understanding how the App is being used.
Recipients: Our hosting, CDN, and infrastructure providers, personnel who need access for operations or security, and Mixpanel using its EU endpoint for server-side analytics telemetry.
Retention: We aim to minimize operational logs and generally retain them for no longer than 30 days unless a longer period is reasonably necessary for security investigations, abuse prevention, or legal obligations. Mixpanel telemetry is retained in our analytics workspace until deleted by us or until any applicable Mixpanel or account retention setting removes it.
Your controls: You can avoid submitting unnecessary data through the App, choose not to use the App, and contact us with privacy requests or questions.

3.5 Contact data if you email us

What: Your email address and the contents of your message.
Why: To respond to privacy, support, or legal requests and maintain a record of the request.
Recipients: Spheric Admin Ltd and our email or service providers acting on our behalf.
Retention: Up to 24 months after final resolution unless a longer period is required by law or reasonably needed to establish, exercise, or defend legal claims.

4) What we do not do

• No account creation or sign-in through this App.
• No payment card processing, checkout handling, or purchase fulfillment through this App.
• No advertising SDKs or ad-personalization profiling through the widget.
• No sale of personal information.
• No third-party coupon-search, coupon-verification, or coupon-freshness API calls by the App itself; the widget only displays the coupon list it receives.

5) Cookies and similar technologies

We do not intentionally set advertising or analytics cookies through the Coupons widget. ChatGPT/OpenAI, your browser, destination sites you choose to open, and our hosting providers may use their own cookies or similar technologies for platform operation, security, or delivery, and those practices are governed by their own policies.

6) Sharing and disclosure

We do not sell personal information. We share data only when needed to:

• Operate, host, monitor, analyze, and secure the App through service providers such as hosting, CDN, logging, analytics, and email providers.
• Open a source page you choose to visit through the host environment or your browser.
• Comply with law, regulation, legal process, or enforceable government request.
• Protect the rights, safety, and security of users, us, and the service.

7) User rights and controls

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of personal data we hold.

To exercise rights or ask questions, contact privacy.widgets@olutely.com. We may need to verify your identity before fulfilling a request.

Because the App runs inside ChatGPT, you can also manage conversation and account data through OpenAI controls. OpenAI's privacy policy: https://openai.com/policies/privacy-policy.

8) International transfers

The App may be accessed globally and processed in countries where we or our service providers operate. Where required, we use appropriate safeguards for international data transfers.

9) Security

We implement reasonable technical and organizational safeguards designed to protect data processed through the App. No system is guaranteed to be completely secure.

10) Children's privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children through this App.

11) ChatGPT / OpenAI platform notice

ChatGPT/OpenAI independently processes chat content, account information, in-session widget state, and platform telemetry under OpenAI's own terms and privacy practices. This policy does not replace OpenAI's policies; it describes Spheric Admin Ltd's processing through this App.

12) Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date above and ensure the policy continues to reflect the App's current tool inputs, outputs, logging, analytics, and other disclosed data uses.

13) Contact

Questions about this policy or App privacy practices: privacy.widgets@olutely.com (Spheric Admin Ltd).