Razorpay Agent Studio: Principles, Guardrails, and Merchant Control

Razorpay Agent Studio launched at FTX 2026 as a marketplace of AI agents built on top of Razorpay’s payment infrastructure. Since launch, we’ve received questions from merchants, developers, journalists, and regulators about how these agents behave, who controls them, and what safeguards are in place.

These are the right questions. AI agents that take actions on behalf of a business need clear boundaries, transparent behavior, and real accountability. This post explains how Agent Studio works — in detail.

What is Agent Studio?

Agent Studio is a marketplace inside your Razorpay dashboard where you can install AI agents that handle specific operational work for your business. Think of each agent as a specialist you hire for one job.

The Dispute Expert fights chargebacks the moment they land — gathering evidence from Razorpay, Shopify, Shiprocket, and other connected platforms, scoring win probability, and submitting a response or sending you a ready-to-approve draft. The Subscription Recovery Agent catches failing payments before they churn a customer — calling at-risk subscribers with a personalized conversation in English or Hindi. The Cart Abandonment Recovery Agent follows up with customers who dropped off at checkout — with a voice call matched to why they left, and a payment link to complete the purchase on the spot.

These aren’t dashboards or alerts. They reason through context, decide the right action, and execute within clear guardrails. But “clear guardrails” is a claim that deserves specifics. Here they are.

1. The merchant is always in control

Every agent operates within boundaries the merchant defines. Before activation, the merchant reviews and approves exactly what data the agent can access, what actions it can take, and where it needs human approval before proceeding.

For sensitive actions, agents escalate to the merchant — typically on WhatsApp — rather than acting unilaterally.

Any agent can be configured in review-first mode: the agent does all the work — gathers evidence, drafts a response, builds the case — but holds it for the merchant to review before anything is submitted or sent. The grunt work is handled by the agent. The final call stays with the merchant. This is a good starting point for teams that want to build confidence before turning on full automation.

No agent takes an irreversible action without explicit merchant approval. Actions like large financial transfers or deletions require double confirmation and are never eligible for auto-approval.

The merchant can turn off any agent at any time. One tap. Immediate.

2. Agents don’t set prices or invent discounts

When an agent like the Cart Abandonment Recovery Agent reaches out to a customer, any discount or offer it extends comes from the merchant’s existing discount and coupon configuration on Razorpay. The agent does not create new discounts, modify pricing, or decide independently how much to offer.

The agent does personalize how it engages each customer — what it says, which of the merchant’s pre-approved offers it surfaces, how it frames the conversation based on what’s in the cart and why the customer dropped off. But the set of available offers and the maximum discount limits are defined by the merchant through Razorpay’s existing coupon system.

If a merchant has configured a maximum 10% discount for cart recovery, no agent will offer 15%. The ceiling is the merchant’s ceiling. The agent picks from what the merchant has authorized. It doesn’t make up new deals.

3. Agents work with verified first-party data

Agents on Agent Studio pull data directly from the merchant’s own connected systems — not from web scraping, external inference, or unverified sources.

Razorpay already has established connections with e-commerce platforms and order management systems like Shopify, Shiprocket, Tally, and QuickBooks. When a merchant installs an agent, they provide consent to connect these systems through a standard OAuth flow. The agent then reads product pricing, inventory status, order details, and transaction data from the merchant’s actual platform — the same source of truth the merchant’s own storefront uses.

If a product is priced at ₹999 on the merchant’s Shopify store, that’s what the agent sees. If it’s out of stock, the agent knows from the inventory field, not from guessing. Payment links generated through Razorpay reflect the final transaction amount as configured by the merchant.

Several connectors are pre-enabled from day one with no setup required — Razorpay data, WhatsApp, SMS, email, ElevenLabs, and Shiprocket. Connectors that require access to external accounts — like Shopify and Tally — need a one-time OAuth connection. Once done, they’re available to all the merchant’s agents.

If a merchant needs a connector that doesn’t exist yet, they can request it directly from the Connectors section in the dashboard. New connectors typically take about one week to build and release. For enterprise customers, we support private connectors scoped exclusively to the organization — data is accessible only to that merchant’s own agents and is never shared with other customers or agents outside their environment.

4. Every action is validated before it executes

Beyond working with verified data, every agent action passes through Razorpay’s platform-level validation layer before execution. These checks cover:

• Compliance boundaries — the action must fall within regulatory and policy limits.
• Amount validation — payment amounts, discount values, and financial calculations are verified against the merchant’s configuration.
• PII handling — personal data is processed in accordance with data protection requirements and the merchant’s consent framework.
• Scope checks — if an agent attempts something outside its approved permissions, the action is blocked before it executes.
• Out-of-scope behavior detection — the platform monitors for actions that don’t match the agent’s intended function and blocks them.

This is a two-layer system: agents operate on verified merchant data, and the platform independently validates every action before it goes through. Errors are caught both before and after execution, with repeated mistakes triggering review and correction through our internal evaluation system.

Every single action is logged with a full audit trail. The merchant can see exactly what the agent did, when, and why — at any time from the agent’s performance dashboard.

5. Customer communication follows consent rules

When an agent makes an outbound call, sends a WhatsApp message, or sends an email, consent is verified before any communication is initiated.

For voice calls, telephony consent is validated against the merchant’s customer records. For WhatsApp, WABA compliance rules are enforced. Customers who opt out are permanently suppressed — no exceptions, no “just one more try.”

Razorpay does not initiate any agent-driven communication to a customer without a valid consent signal.

If a customer says no, that’s it. The agent stops. There is no escalation loop where the agent keeps trying with bigger offers or more urgent language. A no is a no.

Merchants can also bring their own WhatsApp Business Account provider, so they retain their existing number and provider relationship and aren’t locked into a single communication channel.

6. No false urgency, no manufactured pressure

We’ve seen questions about whether AI agents could create artificial urgency — countdown timers, “this offer expires in 24 hours” language, or escalating discounts designed to pressure a purchase.

Our position is clear: agents on Agent Studio must not employ dark patterns as defined under India’s Guidelines for Prevention and Regulation of Dark Patterns, 2023. This includes false urgency, confirm shaming, bait and switch, drip pricing, and subscription traps.

If a merchant has configured a genuinely time-bound offer — a real flash sale that actually ends at midnight — the agent can communicate that truthfully. But the agent will not fabricate urgency that doesn’t exist or manufacture scarcity to pressure a purchase.

Our agent certification pipeline includes automated screening for communication patterns that could constitute dark patterns — and agents that don’t meet this standard are not approved for the marketplace.

7. Pricing is transparent and per-agent

Each agent on the marketplace has its own pricing, set by the agent provider. Depending on the agent, this could be:

• Usage-based — pay per action (e.g., per dispute handled)
• Subscription-based — flat monthly fee
• Outcome-based — pay only when the agent delivers a measurable result

The pricing model for each agent is clearly displayed before the merchant installs it. No hidden fees. No surprise charges.

For early partners, Agent Studio is available on a free 30-day trial with a set credit limit — enough to run agents on real transactions and see actual outcomes before spending anything. If credits are exhausted during the trial, the merchant sees an “Agent requires action” prompt in the dashboard so they’re never caught off guard.

For outbound actions like voice calls, SMS, or email, there is an additional cost on top of the base agent fee to cover underlying communication costs (voice minutes, message delivery). These costs are shown transparently before the merchant activates an agent that uses them. Commercial relationships with third-party providers like ElevenLabs are handled by Razorpay — the merchant doesn’t need a separate account or contract.

As the platform matures, the commercial model will evolve — but the principle stays the same: pricing is transparent and clearly visible to the merchant before they commit to anything.

8. Agent certification and accountability

Every agent published to the Agent Studio marketplace goes through Razorpay’s validation process before it becomes available to merchants. We review:

• The agent’s logic and decision-making approach
• Data access scope — what it can see and what it can’t
• Available actions — what it can do and the boundaries around those actions
• Compliance posture — adherence to data protection, dark pattern guidelines, and Razorpay’s platform standards
• Communication patterns — automated screening for language and behavior that could constitute dark patterns, including false urgency, confirm shaming, escalating pressure tactics, and manufactured scarcity

Agents that don’t pass this certification are not approved for the marketplace. This isn’t a one-time check — it’s continuous. Agent communication patterns are monitored post-launch as well, and agents that develop problematic patterns after certification are flagged for review and can be removed.

Agent performance is measured continuously using Razorpay’s internal evaluation system. Metrics, outcome rates, and error patterns are tracked. Underperforming agents are identified and improved. For third-party agents, this data is part of ongoing marketplace certification.

On accountability: the developer or provider of each agent carries responsibility for its behavior. Razorpay maintains platform-level guardrails — amount checks, compliance validations, action boundaries — that prevent the most serious classes of errors from occurring. But the agent provider is accountable for the logic and outcomes of their agent.

Any merchant or developer will be able to build agents and publish them to the marketplace. Every publicly published agent goes through the validation process described above. The builder platform launches on May 9th with a Build Day event in Bangalore.

9. Data privacy, security, and compliance

All agents run entirely within Razorpay’s infrastructure. Merchant data never leaves Razorpay’s systems. Agents only access data scoped to the specific merchant account — no data is shared with other merchants, other agents, or third parties outside the merchant’s authorized connectors.

Agent Studio is built on Razorpay’s existing compliance infrastructure, which adheres to applicable data protection laws including India’s Digital Personal Data Protection Act (DPDPA). Customer data used by agents — including contact information for voice calls or WhatsApp outreach — is processed only under the consent frameworks and data handling policies already in place through the merchant’s Razorpay integration.

Razorpay is SOC 2 certified and maintains PCI DSS compliance as a payment infrastructure provider. Agent Studio inherits these certifications — agents operate within the same secure, audited environment that processes payments. Enterprise customers can request documentation on Razorpay’s security posture and data handling practices directly.

For enterprise deployments with private connectors, data access is restricted to the organization’s own environment. No cross-customer data exposure.

What’s next?

We believe AI agents can do genuinely useful work for businesses — work that currently either gets done manually at significant cost, or doesn’t get done at all and costs revenue directly. Fighting a chargeback shouldn’t take 3 hours. A failing subscription shouldn’t silently lose a customer. An abandoned cart shouldn’t just be a statistic.

But useful doesn’t mean uncontrolled. Every agent on this platform operates within boundaries set by the merchant, validated by the platform, logged with an audit trail, and certified before it reaches the marketplace.

If you have questions about how any of this works, reach out to us at agentstudio@razorpay.com or talk to your Razorpay account manager.

Agent Studio is currently available in early access with a free 30-day trial for early partners. Visit razorpay.com/agent-studio to learn more.