MMySupportAgent.ai

How verified lookups protect customers

You want to understand the security model behind order (and product) lookups.

The agent can only reveal a customer's order to that customer — by design, not by good behavior.

How it works

  • Order data requires a two-factor match. A shopper must provide both the order number and the email on the order. The match is deterministic server code, not an AI decision, so the agent can't be persuaded to skip it.
  • Customers only ever see their own information. Without a matching email, no order data is returned — and the agent doesn't reveal which part didn't match.
  • Product lookups read only public catalog data. Hidden, not-for-sale, and internal fields are excluded.

This is why order lookups always ask for two pieces of information — it's the boundary that keeps one shopper from seeing another's order.

Related articles
Order Status & Tracking
How order lookup works
Security & Privacy
What we store and never store
Security & Privacy
Where your credentials live