Privacy Policy

Your privacy is our priority

Last updated: January 15, 2025

Privacy at a Glance

Data Protection

We encrypt and secure all your data with industry standards

No Selling

We never sell your personal information to third parties

Data Control

Delete your data anytime through your dashboard

Table of Contents

1. Information We Collect 2. How We Use Your Information 3. Data Sharing & Third Parties 4. Data Security 5. Your Rights & Controls 6. Cookies & Tracking 7. Data Retention 8. International Transfers 9. Contact Us

Chatembed provides AI-powered chatbot services integrated with Shopify stores. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service, including our dashboard, chatbot widgets, and related features.

By using Chatembed, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data responsibly.

1. Information We Collect

Account & Configuration Data

  • User account information (email, user ID, authentication tokens)
  • Shopify store details and access credentials
  • Bot configuration settings (name, avatar, colors, welcome messages)
  • System prompts and personality settings
  • Custom links and integration settings (Judge.me API keys, etc.)
  • Subscription plan information and trial status
  • Coupon codes and discount preferences

Shopify Store Data

  • Product catalog information (names, descriptions, prices, images)
  • Order data and transaction history
  • Customer information (for chat context and lead generation)
  • Inventory levels and product availability
  • Store analytics and performance metrics

Chat & Interaction Data

  • All chat conversations between customers and your chatbot
  • Customer email addresses collected through chat (leads)
  • Product recommendations and search queries
  • User feedback and ratings
  • Chat session metadata (timestamps, IP addresses, user agents)

Technical & Usage Data

  • Website analytics and user behavior on our dashboard
  • API usage statistics and performance metrics
  • Error logs and debugging information
  • Device information, browser type, and IP addresses
  • Session data and authentication tokens

2. How We Use Your Information

Service Delivery & Operations

  • Power AI chatbot responses and product recommendations
  • Sync and display your Shopify store products
  • Process customer inquiries and generate leads
  • Provide analytics and performance insights
  • Manage your subscription and billing

AI Model Training & Improvement

  • Analyze chat patterns to improve response quality
  • Train AI models on anonymized conversation data
  • Optimize product recommendation algorithms
  • Enhance natural language understanding capabilities

Analytics & Business Intelligence

  • Generate conversion and engagement reports
  • Track coupon usage and discount effectiveness
  • Monitor system performance and uptime
  • Identify usage trends and feature adoption

Communication & Support

  • Send service updates and feature announcements
  • Provide technical support and troubleshooting
  • Process billing inquiries and subscription changes
  • Deliver security alerts and important notices

3. Data Sharing & Third Parties

We Never Sell Your Data

Chatembed does not sell, trade, or rent your personal information to marketers or data brokers.

Authorized Third-Party Services

Google Gemini AI

Chat conversations are processed by Google's Gemini API to generate AI responses. Your API keys are encrypted and stored securely.

Shopify

We access your store data through Shopify's official API with your explicit authorization during app installation.

Judge.me (Optional)

If you configure Judge.me integration, we access your product reviews to enhance chatbot responses.

Payment Processing

Subscription payments are processed through secure third-party payment providers. We don't store full payment details.

Cloud Hosting & Analytics

We use reputable cloud services for hosting, database storage, and basic website analytics.

Legal & Safety Requirements

We may disclose information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Protect our rights, property, or safety
  • Investigate fraud or security incidents
  • Enforce our Terms of Service

4. Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • TLS 1.3 encryption for all data transmission
  • AES-256 encryption for sensitive data at rest
  • Secure API key storage with encryption
  • Regular automated security backups
  • Multi-factor authentication for admin access
  • SQL injection and XSS protection

Operational Safeguards

  • Role-based access controls
  • Regular security audits and penetration testing
  • Employee privacy training and confidentiality agreements
  • Incident response and breach notification procedures
  • Continuous monitoring for suspicious activity
  • Secure development lifecycle practices

Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours of discovery.

5. Your Rights & Controls

You have comprehensive control over your personal data:

Data Access

View and download all personal data we have about you through your dashboard or by request.

Data Correction

Update your account information, bot configurations, and preferences directly in your dashboard.

Data Deletion

Delete your account and all associated data. This action is irreversible and includes chat histories, leads, and configurations.

Data Portability

Export your chat data, leads, and analytics in machine-readable formats (JSON, CSV).

Processing Restriction

Temporarily limit how we process your data while maintaining essential service functionality.

Opt-out Rights

Unsubscribe from marketing communications and disable certain data processing features.

How to Exercise Your Rights

Self-Service: Most actions can be performed directly in your dashboard under Account Settings.

Email Request: Contact privacy@chatembed.io for assistance or complex requests.

Response Time: We respond to all privacy requests within 30 days, typically much faster.

6. Cookies & Tracking

Chatembed uses cookies and similar technologies for:

Essential Cookies

Authentication, session management, security, and basic functionality. These cannot be disabled.

Analytics Cookies

Understanding user behavior, feature usage, and performance optimization. You can opt-out in your dashboard.

Preference Cookies

Remember your settings, theme preferences, and customization choices.

Third-Party Cookies

Shopify app authentication, payment processing, and integrated services.

Cookie Management: Control cookie preferences through your browser settings or our dashboard. Note that disabling essential cookies may affect functionality.

7. Automated Processing & Data Retention

Automated Decision-Making

Chatembed uses automated processing for various functions. You have rights regarding these automated decisions:

Product Recommendations

AI algorithms analyze search queries, cart contents, and conversation history to suggest relevant products. You can request manual assistance anytime.

Rate Limiting & Spam Detection

Automated systems limit requests to 30 per minute per user and detect abusive behavior patterns. Contact support if you believe you were incorrectly limited.

Conversation Context Management

System automatically maintains last 10 message exchanges for context while discarding older messages for performance and privacy.

Data Synchronization

Product catalogs are automatically synced every 6 hours. Failed syncs trigger retry mechanisms with circuit breaker protection.

Data Retention Periods

We retain your data only as long as necessary for service delivery and legal compliance:

Active Account Data & Configuration

Bot settings, API keys, and user preferences stored while account is active and for 90 days after subscription cancellation.

Chat Conversations & History

Complete conversation logs retained for 2 years for AI training and service improvement, then anonymized. Live conversation context limited to last 10 exchanges.

Product & Inventory Data

Shopify product catalogs, variants, and images refreshed every 6 hours. Sync status and error logs kept for 30 days for troubleshooting.

Performance & Security Logs

API response times, rate limiting data, and error logs kept for 1 year for system optimization and security monitoring.

Legal & Compliance Data

Some data may be retained longer if required by law, litigation holds, or regulatory compliance (typically 7 years maximum).

Early Deletion: You can request immediate deletion of your data at any time through your dashboard or by contacting support, subject to legal and safety requirements.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your residence:

  • Primary Hosting: Secure cloud infrastructure in the United States
  • AI Processing: Google Gemini API (global infrastructure with privacy protections)
  • Shopify Integration: Data flows through Shopify's global network
  • Backup Storage: Encrypted backups in multiple geographic regions

Transfer Safeguards: All international transfers are protected by appropriate safeguards including Standard Contractual Clauses, adequacy decisions, or other approved mechanisms under applicable privacy laws.

9. Contact Us

Questions about this Privacy Policy or our privacy practices?

Privacy Inquiries

privacy@chatembed.io

General Support

support@chatembed.io

Response Time

Within 48 hours

Data Protection Officer

For EU/UK residents with specific privacy concerns, you may also contact our Data Protection Officer at dpo@chatembed.io

Policy Updates & Changes

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

How We Handle Updates

Material Changes

  • • Email notification to all users
  • • Dashboard notification banner
  • • 30-day advance notice when possible

Minor Updates

  • • Updated "Last modified" date
  • • Dashboard announcement
  • • Change log available upon request

Your Options: If you disagree with policy changes, you may delete your account before the changes take effect. Continued use after changes constitutes acceptance.