Privacy Policy

At Webracle, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI shopping assistant service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address, name, and password when you create an account
• Store Information: When you connect your e-commerce store (Shopify, etc.), we collect store URL, product catalog, and order data necessary to provide our service
• Payment Information: Billing details processed securely through our payment processor (we do not store full credit card numbers)
• Communications: Information you provide when you contact our support team

1.2 Information Automatically Collected

• Conversation Data: Customer conversations with your AI assistant for service improvement and analytics
• Usage Data: How you interact with our service, including features used and time spent
• Technical Data: IP address, browser type, device information, and operating system
• Analytics: We use privacy-focused analytics (Plausible.io) that doesn't use cookies or track personal data

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our AI shopping assistant service
• Process your transactions and send related information
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze usage patterns to improve our service
• Detect, prevent, and address technical issues and fraudulent activity
• Comply with legal obligations

3. How We Share Your Information

We may share your information with:

3.1 Service Providers

• LLM Providers: If you use our managed LLM service, conversation data is sent to AI providers (OpenAI, Anthropic, etc.) to generate responses. If you bring your own API key (BYOK), data goes directly to your chosen provider.
• Payment Processors: Stripe or similar services for billing
• Analytics Services: Plausible.io for privacy-focused analytics
• Infrastructure Providers: Cloud hosting services for data storage and processing

3.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent fraud or other illegal activity
• Protect the safety of our users or the public

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Security

We implement appropriate technical and organizational security measures to protect your information, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of sensitive data at rest
• Regular security audits and updates
• Access controls and authentication requirements
• Secure data centers with physical security measures

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. Specifically:

• Account Data: Retained until you delete your account, then deleted within 90 days
• Conversation Data: Retained for service improvement and analytics, deleted 90 days after account deletion
• Billing Data: Retained for 7 years for legal and tax compliance purposes
• Backup Data: May persist in backups for up to 90 days after deletion

6. Your Rights (GDPR & CCPA)

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Data Portability: Request your data in a machine-readable format
• Restriction: Request limitation of processing your data
• Objection: Object to processing of your data
• Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

7. Cookies and Tracking

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and service functionality
• Analytics: Plausible.io for privacy-friendly analytics (no cookies, no personal data tracking)
• Security: Cloudflare Turnstile for bot protection (replaces CAPTCHA)

We do not use advertising cookies or sell your data to third parties.

8. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Privacy Shield Framework (where applicable)
• Other legally-approved transfer mechanisms

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

• Posting the new policy on this page with a new "Last Updated" date
• Sending you an email notification if the changes materially affect your rights

Your continued use of the service after changes become effective constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at [email protected].