Privacy Policy

Transparency in how we handle your data

Last updated: January 29, 2025

Privacy at a Glance

AES-256 Encryption

All sensitive data including API keys are encrypted using military-grade AES-256 encryption

No Data Selling

We never sell your data to third parties. Your information stays private.

GDPR Compliant

Full control over your data with deletion, export, and access rights

Table of Contents

1. Overview 2. Data We Collect 3. How We Use Data 4. Data Storage & Security 5. Third-Party Services 6. Your Privacy Rights 7. Data Retention 8. Children's Privacy 9. Policy Changes 10. Contact Us

1. Overview

Chatembed ("we", "us", "our") provides AI-powered chatbot services for Shopify stores. This Privacy Policy explains how we collect, use, store, and protect your information when you use our dashboard, chatbot widgets, and related services.

By using Chatembed, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data responsibly.

2. Data We Collect

Account & Authentication Data

  • User ID, email address, Shopify store domain
  • Access tokens (encrypted)
  • Subscription status (plan type, trial information)
  • Session data with secure cookies

Bot Configuration Data

  • Gemini API Key (AES-256 encrypted)
  • Bot appearance (name, avatar, colors)
  • Welcome messages and system prompts
  • Personality settings

Shopify Store Data

  • Products (titles, descriptions, prices, images)
  • Variants and inventory data
  • Store currency
  • Limited order data (for order tracking coupon only)

Chat & Conversation Data

  • Full conversation history
  • Customer messages and AI responses
  • Lead collection (emails and names)
  • Product searches and recommendations

3. How We Use Your Data

AI Chatbot Operations

  • Process messages through Google Gemini API
  • Generate contextual responses using conversation history
  • Perform product searches and recommendations
  • Execute special commands (cart, orders, reviews)

Product Catalog Management

  • Sync products every 6 hours via Shopify GraphQL API
  • Store products locally for fast retrieval
  • Filter and display active products only

Analytics & Reporting

  • Track leads collected via chat
  • Monitor coupon redemptions
  • Calculate conversations
  • Display dashboard metrics

Security & Fraud Prevention

  • Rate limiting (30 requests per 60 seconds)
  • CORS validation and authentication
  • Input validation and SQL injection prevention

4. Data Storage & Security

Encryption Implementation

  • AES-256-CBC encryption for sensitive data
  • Secure encryption keys stored separately
  • TLS 1.3 for all data transmission
  • Prepared SQL statements to prevent injection

Application Security

  • Prepared SQL statements
  • Input sanitization
  • CSRF protection
  • XSS prevention
  • Rate limiting

Network Security

  • HTTPS/TLS encryption
  • CORS validation
  • Secure cookies (httponly)
  • Session regeneration
  • API timeouts

5. Third-Party Services

Google Gemini AI

Powers all AI chatbot responses using gemini-2.5-flash model

  • Data shared: Customer messages, conversation history, system prompts
  • Configuration: Max 1000 tokens, temperature 0.7, 20s timeout
  • Your API key is encrypted in our database

Shopify Platform

  • API version: 2024-07 GraphQL API
  • Sync frequency: Every 6 hours
  • Data accessed: Products, variants, images, orders (limited)

Judge.me (Very soon)

  • Fetches product reviews to enhance responses
  • Only active if you configure API key
  • Circuit breaker protection (skips after failures)

We Never Sell Your Data: Chatembed does not sell, rent, or trade your personal information to third parties.

6. Your Privacy Rights

Right to Access

View and download all personal data we have about you via dashboard or email request.

Right to Correction

Update your information directly in the dashboard or contact support.

Right to Deletion

Delete your account and all associated data. Contact privacy@chatembed.io

Timeline: Within 30 days of verified request

Right to Data Portability

Export your data in JSON or CSV format. Request via privacy@chatembed.io

How to Exercise Your Rights

  • Email: support@chatembed.io
  • Include: Your name, email, shop domain, and specific request
  • Response: Within 30 days (typically 5-7 business days)

7. Data Retention

Active Account Data

Retained while account is active + 90 days after cancellation

Chat Conversations

Full logs retained for 2 years for AI training, then anonymized

Product Data

Refreshed every 6 hours; sync logs kept for 30 days

Security Logs

Error logs: 1 year | Performance metrics: 90 days

8. Children's Privacy

Age Restriction: 18+

Chatembed is intended for adults operating commercial Shopify stores. We do not knowingly collect information from children under 18.

If we learn of child data collection, we will delete it immediately and notify the account owner.

9. Changes to This Privacy Policy

Material Changes

  • Email notification to all users
  • Dashboard notification banner
  • 30-day advance notice
  • Option to delete account

Minor Updates

  • Updated date at top of policy
  • Dashboard announcement
  • Change log available on request
  • No email required

10. Contact Us

Privacy Inquiries

privacy@chatembed.io

General Support

support@chatembed.io

Data Protection Officer

privacy@chatembed.io