Privacy
Last updated: 18 July 2026
Petal (mcp.florist) is operated by Leonardo Rignanese, Italy (petal@leorigna.com). This page explains what data the service touches and what happens to it.
Waitlist emails
If you leave your email on the landing page, we store exactly two things: the email address and the time you submitted it. It is used only to tell you when Petal launches or materially changes. No newsletters, no sharing, no selling. Email petal@leorigna.com at any time to have your address deleted.
Orders and payments
- When your AI agent prepares a flower order, the order details (recipient name, delivery address, card message, chosen product) are passed to Florist One, the fulfilment network, which processes the order as the merchant. Their privacy policy applies to the purchase.
- Payment happens on Authorize.net's hosted payment page. Card numbers never touch Petal's servers and are never seen by your AI agent.
- Petal keeps short-lived, in-memory order references only as long as needed to hand you to the payment page.
Analytics
The landing page uses self-hosted, privacy-first analytics (tgram-analytics): no cookies, no fingerprinting, and the browser's Do Not Track setting is honoured. Data collected is aggregate (pageviews, anonymous session, coarse device info) and is not linked to your identity.
MCP endpoint
The /mcp API requires sign-in via an OAuth authorization
server. Authentication tokens are verified and not stored beyond the
request.
Your rights
Under the GDPR you can request access, correction, or deletion of any personal data we hold (for most visitors that is at most a waitlist email). Write to petal@leorigna.com and it will be handled promptly.
Questions? Get in touch.