The Gist

This is the privacy policy for Chat2Act (“The App”). If you have any issues, please contact us at support@chat2act.com and we’ll do our best to resolve them quickly and fairly.

The App provides AI-powered query and reporting functionality (“the Service”) to merchants who use Shopify to power their stores. This Privacy Policy explains how personal information is collected, used, and shared when you install or use the App in connection with your Shopify-supported store.

Personal Information the App Collects

When you install the App, we automatically access certain types of information from your Shopify account, including:

• Access to store data needed for reporting (e.g., orders, products, and customers)

• Webhooks that provide updates about store information such as shop name, email, preferred currency, and store location

• Order and product data updates

• Basic billing information for the Shopify merchant

Additionally, we collect the following types of personal information once the App is installed:

• Merchant information (name, email, phone, business address, and billing details)

• Information about individuals who purchase from your store (e.g., order details, IP address, browser details, and time zone)

OpenAI API Usage

To generate AI-powered insights, Chat2Act securely sends relevant prompts and schema-related data to OpenAI’s API. This is done strictly for query generation and analysis. Data is handled securely and never used to train models outside of this purpose.

Data Protection and Security

We take the privacy and security of your data seriously. Measures we employ include:

• Encryption: All personal data is encrypted in transit (TLS/SSL) and at rest (AES-256).

• Access Control: Only authorized personnel can access sensitive data, with role-based permissions.

• Data Minimization: We only collect the data necessary to provide the Service.

• Anonymization: When possible, customer data (e.g., IPs, order details) is anonymized or masked.

• Audit Logging: All access is logged and monitored for suspicious activity.

• GDPR & CCPA Compliance: We provide rights to view, correct, delete, or restrict processing of your personal data.

Sensitive Data Handling

The App does not collect sensitive data (such as health or government-issued IDs). If such data is ever required by law, we apply enhanced security measures.

Cookies

The App itself does not set cookies directly, but may rely on Shopify’s and standard web technologies (“cookies,” “log files,” “pixels”) for functionality. You can learn more about cookies at allaboutcookies.org.

How We Use Personal Information

We use collected information to:

• Provide the Service and operate the App

• Improve and optimize the App experience

• Communicate with you about updates or support

• Comply with applicable legal obligations

We do not sell or share your personal information with third parties, except as required by law or for integration with OpenAI as explained above.

Your Rights

If you are a European resident, you have the right to access personal information we hold about you and ask for it to be corrected, updated, or deleted. To exercise this right, please contact us.

Please note your information may be transferred outside Europe, including to the United States.

Data Retention

We keep your store and order information for as long as you use the App. You can request deletion by contacting us at support@chat2act.com.

Changes

We may update this Privacy Policy from time to time to reflect changes to our practices or for legal/regulatory reasons. Updates will be posted here with a revised “last updated” date.