Privacy Policy

ChatRely ("ChatRely," "we," "us") provides software that helps merchants deploy AI support agents on their websites and Shopify stores. This Privacy Policy describes how we handle personal information when you visit our marketing site, create an account, use the dashboard or playground, embed our widget, or otherwise interact with the Service.

If you operate a store using ChatRely, you are generally the data controller for information about your shoppers and visitors. We process that information on your behalf as a service provider. This policy covers both our relationship with account holders and how visitor data flows through the platform.

Account and workspace data. When you sign up, we collect details such as your name, email address, authentication identifiers from Supabase Auth (including Google sign-in when you choose it), workspace and agent settings, billing status, timezone, notification preferences, and other settings you configure in the product.

Agent and knowledge data.You may upload or connect knowledge sources (files such as PDF or DOCX, text snippets, website URLs, and Q&A pairs), configure agent behavior and appearance, and enable integrations such as Shopify. We store this content to operate your agents and generate search embeddings for retrieval.

Conversation data. When end users chat with your agent in the widget, playground, or preview, we store messages, metadata (timestamps, channel, agent and conversation identifiers, browser locale when available), tool activity, escalation signals, and related support tickets you or the agent create. If a visitor provides contact details during escalation, we store the name and email they submit. On Pro plans, optional visitor thumbs feedback on assistant messages may also be stored.

Widget and visitor identifiers.The embeddable widget stores a visitor identifier and recent conversation state in the visitor's browser local storage so chats can resume on the same device. The widget does not set first-party cookies. When a chat request is sent, the widget may include the visitor identifier, conversation identifier, and browser locale.

Integration data.If you connect Shopify on a paid plan that includes Shopify actions, we store your shop domain, encrypted access tokens, granted OAuth scopes, and data returned through Shopify's APIs (for example products, inventory, orders, fulfillments, and customer records) only as needed to fulfill the tool calls you enable.

Payment data. Paid subscriptions are processed by Stripe. We receive subscription identifiers, plan status, and limited billing metadata from Stripe, not full payment card numbers, which Stripe handles directly.

Technical and usage data. We collect logs and diagnostics (such as IP address for rate limiting and security, browser or device type, API requests, error reports, feature usage, token counts, and approximate performance metrics) to secure and improve the Service. IP addresses are used for abuse prevention and may appear in server logs; we do not maintain a separate persistent visitor profile keyed only by IP address.

• Provide, maintain, and improve the Service, including AI replies, knowledge retrieval, and optional Shopify tools.
• Authenticate users, enforce plan limits, prevent abuse, and protect the security of accounts and embed keys.
• Process subscriptions and usage-based plan enforcement through Stripe.
• Send service-related communications (for example account verification, security alerts, or billing notices).
• Analyze aggregated usage to improve accuracy, latency, and reliability.
• Comply with law, respond to lawful requests, and enforce our Terms of Service.

We do not sell personal information. We do not use merchant or visitor conversation content to train general-purpose models for unrelated products. OpenAI processes prompts and embeddings on our behalf under its own terms as a subprocessor (see below).

We use trusted third parties to run ChatRely. They access personal information only to perform services on our behalf and under contractual obligations:

• Supabase: authentication, PostgreSQL database hosting, and related infrastructure.
• Stripe: subscription billing and the customer billing portal.
• OpenAI: language models for chat replies and embedding models for knowledge search.
• Shopify: when you connect a store, per Shopify's API and the scopes you grant.
• Vercel: hosting for our marketing site and dashboard frontend.
• Google: optional Google sign-in for accounts; the widget may load Google Fonts or favicon assets when configured.
• Mailjet: optional transactional email delivery for escalations and notifications when enabled.
• Application hosting providers that run our API and background workers.

We may add or change subprocessors as the product evolves; material changes will be reflected in this policy.

Our marketing pages do not load third-party analytics or advertising trackers by default. We may embed the ChatRely widget on our own site for product support; when enabled, visitor chat data is handled the same way as for merchant embeds described above.

If you embed ChatRely on your storefront, you are responsible for informing your visitors, obtaining any required consents, and honoring data subject requests for visitor data you control. You should publish your own store privacy notice that describes your use of chat and AI tools, including ChatRely where appropriate.

Do not submit sensitive categories of data (health, financial account numbers, government IDs, etc.) through chat unless you have a lawful basis and appropriate safeguards.

We retain account and conversation data for as long as your workspace is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. You can delete knowledge sources, disconnect Shopify, and update or close conversations from the dashboard where those features are available. Permanent deletion of an entire workspace or account is handled manually on request to avoid accidental data loss; contact support@chatrely.com.

Idle widget conversations may be closed automatically after a period of inactivity based on your agent settings.

We use industry-standard measures including encryption in transit, access controls, and separation between customer workspaces. Shopify access tokens and similar secrets are stored encrypted. You are responsible for safeguarding dashboard credentials, API keys, widget embed keys, and integration tokens. Report suspected security issues promptly to support@chatrely.com.

No method of transmission or storage is completely secure; we cannot guarantee absolute security.

We may process and store information in the United States and other countries where we or our subprocessors operate. By using the Service, you acknowledge that data may be transferred to jurisdictions that may have different data protection laws than your own.

Depending on where you live, you may have rights to access, correct, delete, or export personal information, or to object to or restrict certain processing. Account holders can update profile details in the dashboard and contact us for other requests. We will verify your identity before fulfilling requests.

You may opt out of non-essential marketing emails by using unsubscribe links or contacting us. Service-related messages may still be sent.

ChatRely is not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided us data, contact us and we will take appropriate steps to delete it.

We may update this Privacy Policy from time to time. We will post the revised version with a new "Last updated" date. Material changes may also be communicated through the product or by email where appropriate. Continued use after changes take effect constitutes acceptance of the updated policy.

See also our Terms of Service.