Privacy Policy

This Privacy Policy explains how goodChatBot collects, uses, stores, shares, and protects information across our website and services.

Last updated:

This Privacy Policy explains how goodChatBot ("goodChatBot," "we," "our," or "us") collects, uses, stores, shares, and protects your information when you access or use our website, products, software, chatbot services, integrations, and related services (collectively, the "Services").

By using our Services, you agree to the practices described in this Privacy Policy.

1. Information We Collect

We may collect the following types of information:

1.1 Information You Provide Directly

You may provide information to us when you contact us through forms, email, or chat, request a demo, quote, or support, sign up for an account or subscribe to our Services, share product data, store data, FAQs, documents, policies, or other content for chatbot setup and training, or communicate with us regarding billing, support, or service customization.

This information may include your name, email address, phone number, company or store name, billing details, account credentials, business information, customer support communications, and any other information you choose to provide.

1.2 Information Collected Automatically

When you use our website or Services, we may automatically collect certain technical and usage information, such as IP address, browser type and version, device type, operating system, referral source, pages viewed, time spent on pages, date and time of visits, clickstream and usage activity, chatbot interaction data, log data, and diagnostic information.

1.3 Information from Integrations and Third Parties

If you connect third-party platforms, apps, APIs, or services to goodChatBot, we may collect and process information made available through those integrations, such as product data, collection data, store content, FAQs and policies, customer communication data, order-related information, platform metadata, and app-related content or settings.

We only use such information as needed to provide and improve the Services.

1.4 End Customer Data (Storefront Chat Users)

When goodChatBot is installed on a merchant's Shopify store, we may collect and process data from end customers (shoppers) who interact with the chat widget. This includes:

- Name and email address (when provided voluntarily during the chat session, or automatically when the customer is logged in to their Shopify store account)

- Chat conversation content and history

- Order information accessed during the chat session to answer customer queries

- IP address and approximate location (country, region, city)

- Cart information during the shopping session

- Page URLs where the chat interaction occurred

- Customer-uploaded media files, such as images, videos, screenshots, or other attachments shared through the chat

goodChatBot acts as a data processor in this context, processing end customer data on behalf of the merchant (the data controller). This data is used solely to provide the chat service and is never used for advertising or marketing purposes.

Customer-uploaded media files

If an end customer shares an image, video, or other attachment through the chat, we store it temporarily in secure cloud storage for the purpose of allowing the merchant/admin team to review and respond to the customer query.

Customer-uploaded media files are stored in private storage, are not publicly accessible, and are encrypted at rest. Access is provided only through time-limited secure URLs generated on demand for authorized users.

By default, customer-uploaded media files are retained for up to 3 days and are then deleted automatically.

We do not maintain separate backups or version history for customer-uploaded media files. These files are deleted according to our retention policy, unless earlier deletion is required by law, merchant request, or applicable privacy request.

2. How We Use Information

We use the information we collect to provide, operate, maintain, secure, and improve the Services.

We aim to collect and process only the information reasonably necessary to provide the Services and to support merchant-requested chatbot, order lookup, admin review, reporting, troubleshooting, security, and related functionality.

We do not collect or process end customer personal information unless it is reasonably necessary to provide the Services, respond to customer queries, support merchant-requested functionality, maintain security, troubleshoot issues, comply with legal obligations, or protect our rights.

We may use your information to set up, configure, train, and customize your chatbot; improve chatbot accuracy, workflows, and customer experience; respond to inquiries, requests, and support needs; process transactions and manage billing; monitor service usage, performance, and security; troubleshoot issues and fix errors; improve our website, features, and service offerings; send service-related communications; send transactional email notifications to merchant staff regarding new customer chat sessions, human assistance requests, and conversation activity, where the merchant has opted in to email notifications; send transactional email replies to end customers on behalf of merchant staff, where the customer has provided their email address voluntarily and the merchant has enabled this feature; send marketing communications where permitted by law; comply with legal obligations; and protect our rights, systems, users, and business.

3. AI and Chat Data

goodChatBot may process chatbot conversations, prompts, responses, support content, store content, and interaction logs in order to deliver chatbot responses, improve chatbot quality and relevance, monitor system performance, identify errors, abuse, or misuse, and support analytics, reporting, and troubleshooting.

Because AI systems may require data processing to function effectively, you should avoid providing sensitive or regulated personal information through the Services unless you have appropriate legal permission and safeguards in place.

3.1 End Customer Chat Processing

End customer data described in Section 1.4 is processed exclusively to provide the chat service to the merchant. This includes generating AI responses, maintaining conversation history, enabling merchant staff to review and respond to conversations, and supporting order lookup and account-related queries.

We do not use end customer data for advertising, marketing, or any purpose beyond providing the chat service to the merchant.

3.2 AI Sub-processor

Chat conversation content is transmitted to OpenAI, to generate responses. OpenAI processes this data solely as a sub-processor and is not permitted to use it for model training or any purpose beyond generating the requested response. For details, please review https://openai.com/en-GB/policies/row-privacy-policy/

3.3 Anonymous and Guest Chat

Merchants may configure goodChatBot to allow anonymous (guest) chat sessions. In this mode, customers are not required to log in or identify themselves upfront.

However, if a guest customer requests order-related information during the chat (such as order status or history), they may be asked to provide their email address and order number to retrieve that information. Upon providing their email, the customer's previous chat history is loaded in the chat interface, and merchant staff with access to the admin dashboard may view the customer's associated conversation history and order information. This data is used solely to provide continuity of service and to assist the customer effectively.

If a merchant disables guest mode, customers are required to be logged in to their store account or share name and email in a form before the chat session begins, and identity is established via their Shopify customer account.

3.4 End Customer Rights

End customers whose data is processed through the goodChatBot widget have the following rights depending on their location and applicable law:

- Access — the right to know what personal data has been collected during their chat interactions

- Deletion — the right to request removal of their chat history and associated personal data

- Correction — the right to request correction of inaccurate personal data

End customers should direct privacy requests to the merchant whose store they interacted with, as the merchant is the data controller responsible for handling such requests. goodChatBot, acting as data processor, will support merchants in fulfilling these requests.

Where goodChatBot receives a deletion request via Shopify's GDPR mechanisms, the relevant customer data will be deleted within 30 days.

For privacy concerns that cannot be resolved with the merchant, end customers may contact us directly at info@automatikly.com.

4. Cookies and Similar Technologies

We may use cookies, pixels, local storage, scripts, and similar technologies to operate and secure the website, remember preferences, analyze traffic and usage, improve performance, and support marketing and advertising.

Please review our Cookie Policy for more information.

5. How We Share Information

We do not sell end customer personal data or share it for cross-context behavioral advertising. We may share information in the following circumstances:

5.1 Service Providers and Sub-processors

We may share personal information and end customer data with trusted third-party service providers and sub-processors who help us operate, maintain, secure, and improve the Services.

These service providers may include, without limitation, cloud hosting providers, cloud storage providers, database providers, AI processing providers, email and communication providers, analytics providers, payment processors, monitoring and security providers, and other technical service providers required to deliver the Services.

These service providers and sub-processors are permitted to process personal information only as necessary to provide services to us or to support the functionality requested by merchants. We do not permit our service providers to use end customer data for their own advertising or marketing purposes.

Where applicable, we use contractual, technical, and organizational safeguards designed to protect personal information processed by our service providers and sub-processors.

For AI-related processing, please see Section 3.2.

5.2 Third-Party Integrations

If you choose to connect third-party apps, platforms, or services, information may be shared as necessary to enable those integrations and related functionality.

5.3 Legal and Compliance Reasons

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to comply with legal obligations, enforce our terms and agreements, protect our rights or property, prevent fraud, abuse, or security threats, or protect the safety of users or the public.

5.4 Business Transfers

If goodChatBot is involved in a merger, acquisition, restructuring, financing, sale of assets, or similar transaction, information may be transferred as part of that transaction, subject to applicable law.

5.5 Merchant Access

End customer chat data described in Section 1.4 is accessible to the merchant whose store the customer interacted with. Merchants may view conversation history, customer identity (where provided), and associated order information through the goodChatBot admin dashboard. Merchants are responsible for ensuring their access to and use of this data complies with applicable privacy law.

6. Data Retention

We retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal, tax, accounting, or reporting obligations, resolve disputes, and enforce our agreements.

Merchant account, billing, and administrative information may be retained for as long as the merchant account remains active and for a reasonable period thereafter as required for legal, tax, accounting, reporting, dispute resolution, and contractual purposes.

End customer chat data is retained for as long as the merchant's account remains active with goodChatBot, unless the merchant configures a shorter retention period or requests deletion earlier.

Customer-uploaded media files, including images, videos, screenshots, and attachments shared through chat, are retained for up to 3 days and then deleted automatically.

Upon merchant account termination or app uninstall, associated end customer personal data is deleted or anonymized within 30 days, unless retention is required by law or necessary for security, fraud prevention, dispute resolution, or compliance purposes.

Individual end customer data deletion requests are processed within 30 days of receipt via Shopify's privacy mechanisms, merchant request, or direct request to info@automatikly.com

7. Data Security

We use administrative, technical, and organizational safeguards designed to protect personal information and protected customer data against unauthorized access, loss, misuse, alteration, or disclosure.

These safeguards may include encryption in transit, encryption at rest, private storage for customer-uploaded media files, role-based access controls, limited staff access to protected customer data, access logging, secure authentication practices, environment separation between production and testing systems, and monitoring for security issues.

Customer-uploaded media files are stored in private cloud storage and are accessed only through time-limited secure URLs generated for authorized users.

Where backups containing personal data are maintained, such backups are encrypted.

However, no system or method of transmission over the internet is completely secure. We cannot guarantee absolute security.

7.1 Security Incidents and Breach Notification

In the event of a security incident or data breach affecting personal data we process, we will take immediate steps to contain and assess the incident. Where the breach is likely to result in a risk to your rights and freedoms, we will notify affected merchants within 72 hours of becoming aware of the incident. Where required by applicable law (including GDPR), we will notify relevant supervisory authorities within the legally required timeframe. We maintain an internal incident response procedure to ensure breaches are identified, contained, and addressed promptly.

8. Your Rights and Choices

Depending on your location and applicable law, you may have rights regarding your personal information, including the right to access personal information we hold about you, request correction of inaccurate information, request deletion of your information, object to or restrict certain processing, withdraw consent where processing is based on consent, request a copy of your data where applicable, and opt out of marketing communications.

To exercise these rights, please contact us using the contact details below.

8.1 Merchant Responsibilities

Merchants who install or use goodChatBot are responsible for:

- Informing their customers that a third-party AI chat service is used on their store.

- Providing any privacy notices, disclosures, or consent mechanisms required by applicable law in their jurisdiction before or during customer interactions.

- Handling end customer data rights requests, including access, correction, deletion, portability, or objection requests, received from their customers.

- Configuring the app in compliance with their own privacy, security, and data protection obligations.

Where a merchant enables consent notices, disclaimers, guest chat, or other privacy-related settings in goodChatBot, we will apply those settings as configured by the merchant.

goodChatBot provides tools to support privacy-related deletion requests, including deletion through Shopify's privacy webhook mechanisms where applicable.

For merchants using goodChatBot, this Privacy Policy, together with our Terms of Use and any applicable Data Processing Addendum or service agreement, describes the roles, responsibilities, scope of processing, retention practices, and safeguards applicable to personal data processed through the Services.

8.2 Automated Decision-Making

goodChatBot uses AI to generate chat responses but does not make any automated decisions with legal or significant effects on customers. AI-generated responses are informational in nature and do not determine eligibility, pricing, access to services, or any other consequential outcomes for end customers.

9. Third-Party Links and Services

Our website or Services may contain links to third-party websites, services, or tools. We are not responsible for the privacy practices, security, or content of those third parties. Your use of third-party services is subject to their own policies and terms.

10. Children's Privacy

Our Services are not intended for children, and we do not knowingly collect personal information from children under the age required by applicable law. If we become aware that we have collected such information unlawfully, we will take reasonable steps to delete it.

11. International Data Processing

Your information may be processed and stored in countries other than your own, where data protection laws may differ. By using the Services, you understand and agree that your information may be transferred to and processed in such locations, subject to applicable legal safeguards where required.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page and update the "Last updated" date.

Your continued use of the Services after any changes become effective constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, requests, or concerns about this Privacy Policy, please contact us at info@automatikly.com.