SellBot App Privacy Policy
Last updated: April 15, 2026
Quick Summary
What We Collect
- Your Shopify store domain and OAuth access token
- Your product catalog (title, price, inventory, description, images, variants) — used for AI recommendations
- Conversation messages between shoppers and the AI
- An anonymous visitor ID (random UUID) per chat session
- Shopper email — only if the shopper voluntarily enters one (waitlist / agent-timeout fallback)
- Paid-order webhook metadata — for sales attribution only, no personal details
What We DON'T Collect
- Credit card data — checkout runs entirely on Shopify
- Customer PII beyond what shoppers voluntarily type in chat
- Browsing history outside the SellBot chat widget
- Store owner banking or payout information
How We Use Data
- Generate AI chat responses via your chosen provider (Claude, GPT, or Gemini)
- Recommend products from your own catalog (never invented products)
- Power analytics — conversations, ratings, estimated revenue
- Send back-in-stock emails only when shoppers explicitly opt in
What We Never Do
- Sell data to third parties or advertisers
- Train third-party AI models on your store's data
- Track shoppers across unrelated websites
- Store credit card numbers or payment credentials
This Privacy Policy explains how CurrencyWiki Technologies LLC ("we", "us", or "SellBot") collects, uses, and protects information when you install our SellBot app on your Shopify store. By installing the app, you agree to this policy. We designed SellBot to request the minimum Shopify permissions necessary to run an AI chat widget — we do not request customer data, order history, or owner contact details.
1. Data We Collect From Merchants
When you install SellBot we collect the following through the Shopify OAuth flow:
| Data Type | Purpose |
|---|---|
| Store Domain (mystore.myshopify.com) | Identify your store and scope data |
| Shopify OAuth Access Token | Read product catalog and receive webhooks |
| Product Catalog (read_products) | Ground AI answers in your real inventory |
| Store Locale (read_locales) | Auto-detect the store's default language |
| Orders/paid webhook payload | Attribute sales to chat conversations (aggregate only) |
| Chatbot configuration | Save your design, triggers, and feature toggles |
2. Data We Collect From Shoppers
When a shopper interacts with the SellBot widget on your storefront we collect:
Anonymous Visitor ID (UUID)
A random identifier generated per chat session. Not linked to IP, name, email, or address. Used to group messages within a single conversation.
Conversation Messages
Both shopper and AI messages are stored so merchants can review them in the Inbox and correct bad AI answers. Retained while your subscription is active.
Cart Snapshot (per message)
A snapshot of the shopper's cart at the moment of a message, so the AI can give relevant answers. Not persisted long-term once the conversation ends.
Shopper Email (optional, opt-in)
Only stored if the shopper voluntarily enters it — to join the back-in-stock waitlist or to receive a follow-up when no agent was online. Never required to use chat.
Customer Satisfaction Rating
A thumbs up/down the shopper may tap at the end of a chat. Used for aggregate quality metrics.
We do not collect shopper names, addresses, phone numbers, or payment information. Any PII a shopper voluntarily types into chat is stored in the conversation log so merchants can respond — nothing more.
3. Third-Party Services & Sub-Processors
SellBot integrates with the following sub-processors to deliver the service. Messages sent to AI providers are sent per-conversation and are not used to train their public models.
| Provider | Purpose | Data Shared |
|---|---|---|
| Shopify | OAuth, billing, webhooks | Store domain, access token, order webhooks |
| Anthropic (Claude) | AI responses (if selected) | Conversation messages, product context |
| OpenAI (GPT) | AI responses (if selected) | Conversation messages, product context |
| Google (Gemini) | AI responses (if selected) | Conversation messages, product context |
| Resend | Transactional email (waitlist, agent handoff) | Shopper email (opt-in only), merchant email |
| Railway | Application hosting | All app data in transit |
| Neon | Database hosting (Postgres) | All app data at rest |
Merchants on the Unlimited plan use their own API keys, so AI requests flow directly from SellBot to the provider chosen by the merchant — we never route them through a shared key or third party.
4. Data Retention
We retain your data according to the following policies:
- Active subscription: Store settings, conversations, and catalog cache retained while subscription is active.
- Conversations older than 180 days are automatically archived and only accessible on export request.
- Shopper email (waitlist): retained until the merchant deletes it or the shopper unsubscribes.
- After uninstall: all merchant data deleted within 30 days via Shopify's customers_redact and shop_redact webhooks.
- Aggregate analytics (counts, not content) may be retained anonymously for product improvement.
5. Security
We follow modern security practices to protect merchant and shopper data:
- Merchant API keys (Unlimited plan) encrypted at rest with AES-256-GCM; decryption key never leaves the application server.
- All traffic served over HTTPS (TLS 1.2+).
- Shopify session storage uses the official Prisma session adapter with signed cookies.
- Database backups encrypted and geo-redundant.
- Least-privilege access controls for engineers — audit logs retained for 90 days.
6. GDPR & CCPA Compliance
For EU / UK Users (GDPR)
We process data under the legitimate interest and contract bases (providing the app you installed). You may request access, rectification, erasure, or portability at any time. We are the data processor for merchant data and a joint controller for shopper data you choose to collect.
For California Users (CCPA)
We do not sell personal information. California residents may request disclosure of data collected and request deletion. Exercise these rights via the email below.
Right to Access
Request an export of all data SellBot holds about your store or a specific conversation.
Right to Delete
Request complete deletion of merchant or shopper data (also triggered automatically on uninstall).
Right to Portability
Export conversations and settings as JSON.
Right to Object
Disable analytics, live agent features, or AI model providers in the app settings at any time.
We honour Shopify's GDPR webhooks (customers/data_request, customers/redact, shop/redact) automatically — no merchant action required.
7. Contact Us
If you have questions about this privacy policy or want to exercise your data rights:
Company
CurrencyWiki Technologies LLC
