Skip to main content
ShoperchatShoperchat
Sign InGet Started

Privacy Policy

Last updated: April 29, 2026

This Privacy Policy explains how Shoperchat("we", "our", or "us") collects, uses, stores, and shares information when you use our AI-powered chat commerce and social media management platform, including the website, web applications, embeddable chat widgets, and connected APIs (the "Service").

By creating an account or using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

Account & workspace data

When you sign up, we collect your name, email address, password hash (we never store passwords in plaintext), workspace name, and role assignments. If you sign in with a third-party identity provider such as Google, we receive your email and profile name from that provider.

Channel & integration data

When you connect channels — WhatsApp, Instagram, Messenger, email, SMS — or marketplaces such as Shopify, Walmart, eBay, and Amazon, we receive OAuth tokens, account identifiers, page metadata, product catalogs, inventory, and order data needed to deliver the Service. Tokens are encrypted at rest and used only to call the upstream APIs on your behalf.

Conversations & contacts

We process the messages, attachments, and contact profiles that flow through your connected channels so you can run inboxes, automated flows, drip campaigns, broadcasts, and proactive messaging. You retain ownership of this content; we act as a processor on your behalf.

Content you create

Designs, posts, landing pages, knowledge-base articles, canned responses, brand kits, and media uploaded to the Service are stored to render those features. Media is held in cloud object storage (Amazon S3) under access controls scoped to your workspace.

Billing data

Subscription, invoice, and payment metadata is stored to operate billing. Card numbers and bank details are handled by our payment processor; we do not store full payment instruments on our servers.

Usage & device data

We log requests, feature usage, error reports, IP address, browser, and device type to keep the Service secure and reliable. Audit logs record privileged actions inside your workspace.

2. How we use information

  • Provide, maintain, and improve the Service — including the inbox, flow builder, designer, scheduler, campaigns, marketplace, and analytics.
  • Authenticate sessions, enforce role-based permissions, and protect accounts from abuse.
  • Power AI features such as design generation, brand-voice tuning, conversation suggestions, and reports. Prompts and results may be sent to AI model providers operating under contractual data-protection terms; we do not use your content to train public models.
  • Send transactional emails (verification, password reset, billing receipts, security alerts). Marketing messages from us are sent only with consent and you can unsubscribe at any time.
  • Calculate revenue attribution, CSAT, churn predictions, and other analytics that you have enabled.
  • Comply with legal obligations and enforce our Terms of Service.

3. Sharing & disclosure

We do not sell your personal information. We share data only in these limited situations:

  • Service providers: cloud hosting, databases, object storage, email delivery, payment processing, AI model providers, error monitoring, and analytics — bound by data-processing agreements.
  • Channel & marketplace platforms: Meta (WhatsApp, Instagram, Messenger), Google, Shopify, Walmart, eBay, Amazon, and similar — only the data required to deliver messages, sync products, or fulfill orders you have authorized.
  • Within your team: workspace admins and teammates can see workspace content according to the roles you assign.
  • Legal & safety: when required by law, valid legal process, or to protect rights, safety, and the integrity of the Service.
  • Business transfers: in a merger, acquisition, or sale of assets, with continued obligations to protect your data.

4. Cookies & local storage

We use a small number of cookies and similar technologies. Most are strictly necessary — for example, the t2b_access_token httpOnly cookie that keeps you signed in. Others remember UI preferences such as theme, sidebar state, and selected workspace. We do not use third-party advertising cookies.

5. Data retention

We retain workspace data for as long as your account is active and for a reasonable period thereafter to support recovery, dispute resolution, and legal compliance. You can delete individual contacts, conversations, and content at any time. On account closure, workspace data is scheduled for deletion in line with our internal retention policy, except where longer retention is required by law (for example, billing records).

6. Security

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest for sensitive fields and tokens, hashed passwords, role-based access controls, audit logs, rate limiting, and least-privilege production access. No system is perfectly secure — please use a strong, unique password and enable any available account-protection features.

7. International transfers

The Service may process data in countries other than the one in which you reside. Where required, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) so that your data continues to receive adequate protection.

8. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, to object to certain processing, or to withdraw consent. To exercise any of these rights, contact us using the details below. If your data was provided to us by a workspace admin (for example, you are a contact of one of our customers), please direct your request to that workspace; we will support them in responding.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the Service or by email. The "Last updated" date at the top reflects the most recent revision.

11. Contact us

Questions or requests about this Privacy Policy? Reach out via our contact page and we will respond as quickly as we can.