This Privacy Policy explains how ShopiBot, a Shopify chatbot application developed by Welcome Middle East FZ-LLC ("ShopiBot", "we", "our", or "us"), collects, processes, and protects personal data when merchants ("Clients") and their customers ("End-Users") use our chatbot and related services ("Services").
1. Scope
This Policy applies to:
- Merchants who install ShopiBot on their Shopify store.
- End-Users (customers) who interact with the chatbot integrated on a merchant's store.
It does not apply to:
- The merchant's own privacy or data practices.
- Shopify's independent data processing activities.
2. Information We Process
a. Merchant Data
- We collect basic store information through Shopify's installation API.
- Payment and subscription details are securely processed by Stripe.
- Configuration preferences and chat settings are stored via Shopify and Prisma to enable app functionality.
- No other merchant personal information is collected or retained by ShopiBot.
b. End-User Data
ShopiBot temporarily processes and stores limited data strictly for chatbot functionality and merchant support:
- Conversations & Messages: Stored in the merchant's Shopify database for customer service purposes.
- Customer Emails: Collected only when provided by the user for support or personalized recommendations.
- Photo/Image Analysis: Images uploaded for AI analysis are processed temporarily. Only extracted results (e.g., "dry skin," "normal skin," etc.) are stored. The original image is auto-deleted immediately after analysis.
No data is sold, shared, or used for marketing or profiling.
3. Data Retention
- Chat data and extracted photo analysis results remain in the merchant's Shopify database until the merchant deletes them.
- ShopiBot does not permanently store chat history or image data on its servers.
- Temporary processing occurs through Fly.io and Prisma, after which all temporary data is automatically erased.
- Stripe may retain billing information as required by financial regulations.
4. Purpose of Processing
We process data solely to:
- Deliver chatbot functionality and photo analysis results.
- Enable merchants to receive and manage customer interactions.
- Provide AI-powered analysis and personalized recommendations.
- Process subscription payments securely via Stripe.
We do not use data for advertising, tracking, or resale purposes.
5. Legal Basis
For merchants and customers in the EEA or UK, we rely on:
- Article 6(1)(b) GDPR – Processing necessary for contract performance (chat and analysis functions).
- Article 6(1)(f) GDPR – Legitimate interest (to ensure chatbot functionality and support).
For California residents, ShopiBot complies with CCPA/CPRA regarding transparency, access, and deletion rights.
6. Third-Party Services (Sub-Processors)
We work with secure, GDPR-compliant partners:
- Shopify Inc. – Merchant & customer data storage
- Stripe Inc. – Secure payment processing
- Fly.io – Application hosting
- Prisma ORM – Temporary structured data management
All sub-processors are bound by strong confidentiality, data protection, and encryption agreements.
7. International Data Transfers
Data may be processed in or transferred to countries where Shopify, Stripe, or Fly.io operate. These transfers comply with:
- Standard Contractual Clauses (SCCs)
- EU-U.S. Data Privacy Framework (where applicable)
- CCPA/CPRA for U.S. users
8. Security Measures
We apply industry-standard safeguards, including:
- End-to-end encryption (TLS/HTTPS)
- Role-based access controls
- Regular infrastructure monitoring and audits
- Auto-deletion of processed images and session data
We do not permanently store or re-use customer chat data.
9. Your Rights
- Merchants can access, modify, or delete customer data at any time through their Shopify dashboard.
- End-Users should contact the merchant directly to exercise data rights (access, rectification, deletion).
- ShopiBot assists merchants with fulfilling such requests upon verification.
For any privacy-related inquiries, you may contact us at: 📧 privacy@welcomeme.ae
10. Children's Privacy
ShopiBot is not intended for children under 16. We do not knowingly collect or process children's data.
11. Business Transfers
If ShopiBot undergoes a merger, acquisition, or sale, relevant data may be transferred in compliance with this Policy and applicable data protection laws.
12. Governing Law
This Policy is governed by the laws of the United Arab Emirates. For EU and UK users, GDPR rights apply in addition to local law.