ChatCare Privacy Policy

Welcome to ChatCare. We build AI-powered customer support tools designed specifically for Shopify merchants. This policy explains what information we collect, how we use it, how we protect it, and the choices you have. By installing or using ChatCare, you agree to the practices described here.

1. Information We Collect

We only request Shopify scopes that are required to deliver our product experience.

  • Store and account details. Business name, store URL, contact email, plan tier, and Shopify OAuth credentials needed to authenticate your store.
  • Team member data. Names, email addresses, and role metadata for the agents who log into the ChatCare workspace to support access control and audit trails.
  • Customer conversations. Messages exchanged by your customers through Shopify Inbox or other connected channels, including attachments and message metadata. These records may contain Shopify-defined Protected Customer Data such as names, email addresses, phone numbers, delivery addresses, and order numbers.
  • Order and fulfillment data. Order status, line items, tracking details, and refund information that let ChatCare answer order-related questions.
  • Configuration and knowledge base content. Any policies, FAQs, macros, or product data you upload to improve automated replies.
  • Usage analytics and log data. Page views, feature clicks, device/browser type, IP address, timestamps, and diagnostic events so we can monitor performance and stop abuse.

2. How We Use Information

  • Deliver core functionality. Generate automated responses, surface customer context to your team, escalate conversations, and synchronize conversation state back to Shopify.
  • Support and communicate with you. Send onboarding guidance, critical updates, invoices, and provide live support when required.
  • Maintain and improve the service. Debug issues, train and evaluate our models using aggregated or anonymized datasets, and measure product adoption.
  • Comply with legal and platform rules. Meet obligations imposed by Shopify, regulators, and law enforcement.

We do not sell customer data or use it for advertising.

3. Handling Shopify Protected Customer Data

We follow Shopify’s App Requirements Checklist and Protected Customer Data rules:

  • Access is restricted to staff who need it for support or maintenance purposes, and protected by role-based permissions.
  • Production data is encrypted at rest and in transit. Secrets and credentials are stored in managed secret vaults.
  • Protected data is retained for a maximum of 30 days after a conversation is resolved, unless a longer period is legally required or you request a different retention window.
  • When data is exported for debugging, it is anonymized wherever possible and deleted immediately after the issue is resolved.

4. Information Sharing

  • Vetted service providers. We rely on infrastructure, analytics, email delivery, and security vendors who process data under strict confidentiality and data-processing agreements.
  • Legal reasons. We may disclose information if we believe it is reasonably necessary to comply with the law, enforce our agreements, or protect the rights, property, or safety of ChatCare, our users, or the public.
  • Business transfers. If ChatCare is involved in a merger, acquisition, or asset sale, we will ensure your privacy rights continue to be protected and notify you before data is transferred.

We never share data with third parties for their independent marketing or sales purposes.

5. Data Retention

  • Active customer conversation data is stored while the conversation is open plus up to 30 days, after which it is deleted or irreversibly anonymized.
  • Account, billing, and security logs may be retained for up to 7 years to satisfy financial reporting, fraud prevention, and legal requirements.
  • You can request deletion of data at any time; we will process the request within 30 days unless retention is mandated by law.

6. Data Security

We use layered security controls including access logging, least-privilege permissions, network segmentation, transport-layer encryption (TLS 1.2+), and at-rest encryption (AES-256). We monitor our systems for anomalies, conduct regular penetration testing, and maintain an incident response plan.

7. Your Rights and Choices

Depending on where you operate, you may have rights to access, correct, export, restrict, or delete personal data. Merchants can submit requests on behalf of their customers through our support team. We help you respond to Shopify Data Subject Requests (DSRs) in compliance with GDPR, CPRA, and other privacy laws.

You may unsubscribe from non-essential communications by using the opt-out instructions provided in the email or by contacting us.

8. International Data Transfers

We host data in cloud regions located in the United States and Singapore. When transferring personal data from the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

9. Children’s Privacy

ChatCare is not directed to children under 13. We do not knowingly collect personal information from children. If you learn that a child has provided us with personal information, please contact us so we can delete it.

10. Policy Updates

We may update this policy to reflect product changes or legal requirements. When we make material updates, we will notify you through email or in-app messages. The “Last updated” date at the top of this page indicates when the policy was most recently revised.

11. Contact Us

If you have any questions, requests, or complaints about this policy or our handling of personal data, please contact us at:

  • Email: privacy@chatcare.ai
  • Mailing address: ChatCare Pte. Ltd., 68 Circular Road, #02-01, Singapore 049422

We will review and respond to all privacy-related inquiries within 30 days.

Need something else? Visit amymind.com Privacy Policy for a template reference we used while drafting this page.