Privacy Policy

ChatifAI ("we," "our," or "us") operates the ChatifAI platform, a Shopify application that provides AI-powered live chat, customer support, and sales assistance for e-commerce stores. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our services.

By installing or using ChatifAI, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our services.

We use the information we collect for the following purposes:

• Providing our services: Powering the AI chatbot, product recommendations, order tracking, and live chat functionality
• AI training: Using your product catalog, FAQs, and policies to train the AI assistant specific to your store
• Abandoned cart recovery: Detecting abandoned carts and displaying recovery reminders to shoppers
• Subscription management: Processing billing, managing usage limits, and handling plan changes through Shopify's Billing API
• Communication: Sending account-related notifications, OTP verification emails, and support messages
• Product improvement: Analyzing aggregated usage patterns to improve our platform
• Security: Protecting against unauthorized access and ensuring platform integrity

We do not sell your personal information. We may share data with the following third parties only as necessary to provide our services:

• Shopify: For app installation, authentication, billing, and webhook processing
• OpenAI: Chat messages are sent to OpenAI's API to generate AI responses. OpenAI processes this data according to their API data usage policy and does not use it for training
• Pinecone: Product and knowledge base embeddings are stored in Pinecone for AI-powered search and recommendations
• Database hosting provider: Your data is stored securely on our managed database infrastructure
• Email service provider: For sending transactional emails (OTP codes, notifications)

We may also disclose information if required by law, legal process, or governmental request.

We implement industry-standard security measures to protect your data:

• All Shopify access tokens are encrypted at rest using AES-256 encryption
• All data is transmitted over HTTPS/TLS encrypted connections
• Webhook payloads are verified using HMAC-SHA256 signatures
• User passwords are securely hashed and never stored in plain text
• JWT-based authentication with HttpOnly cookies for session management
• Role-based access controls to prevent unauthorized data access

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

We retain your data for as long as your account is active or as needed to provide our services:

• Account data: Retained while your account is active. Deleted upon account closure or app uninstallation
• Chat conversations: Retained for the duration of your subscription to provide conversation history
• Product data: Synced in real-time and removed when you uninstall the app or delete products
• AI embeddings: Removed from our vector database when the app is uninstalled
• Billing records: Retained as required for accounting and legal compliance

When you uninstall ChatifAI from your Shopify store, we mark your store as inactive, invalidate access tokens, cancel active subscriptions, and disable all widget functionality.

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate personal data
• Right to erasure: Request deletion of your personal data
• Right to data portability: Request transfer of your data in a structured format
• Right to object: Object to the processing of your personal data
• Right to restrict processing: Request limitation of data processing

To exercise any of these rights, please contact us at support@chatifai.eu. We will respond to your request within 30 days.

ChatifAI is developed in Europe and complies with the General Data Protection Regulation (GDPR). We act as a data processor on behalf of merchants (data controllers) for customer data, and as a data controller for merchant account data.

We handle the following GDPR-mandated Shopify webhooks:

• Customer data request: We provide all data held about a specific customer upon request
• Customer erasure: We delete all personal data associated with a specific customer
• Shop erasure: We delete all data associated with a store upon app uninstallation

ChatifAI uses minimal cookies and tracking:

• Authentication cookies: HttpOnly session cookies to keep merchants logged in securely
• Local storage: Used on the storefront widget to maintain chat session continuity and cart tracking

We do not use third-party advertising trackers or sell browsing data. The chat widget does not place any cookies that track users across websites.

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.