Privacy Policy
Last updated: May 12, 2026. This policy describes how Key AI Chatbot handles merchant data and end-customer messages across the storefront widget, WhatsApp Business, and Instagram channels.
1. Information We Collect
We collect only the information needed to deliver the chatbot service. The exact set depends on which channel a customer uses to reach the merchant.
Key Takeaway
We never sell merchant or customer data. Information is used to answer chats, attribute orders, and surface analytics — nothing else.
From merchants: Shopify shop domain, billing tier, configured bot persona / FAQs / knowledge base, encrypted access tokens for connected channels (WhatsApp, Instagram, email).
From end customers (storefront widget): an anonymous visitor ID stored in a first-party cookie, page URLs viewed, messages sent to the bot, products shown, and orders attributed to the conversation.
From end customers (WhatsApp): phone number in E.164 format (used as a channel identifier), message contents, and Meta-issued message metadata.
From end customers (Instagram): Instagram-scoped user ID (IGSID), username when shared by Meta, and message contents.
We also log technical information — IP addresses, user-agent strings, request timestamps — to operate and secure the service.
2. Usage of Data
Data is used only to:
- Answer customer questions and recommend products from the merchant's own catalog.
- Look up orders, process cancellation requests, and send order-status replies when the merchant has enabled those features.
- Attribute orders to chat conversations and produce per-channel analytics for the merchant dashboard.
- Alert the merchant when the bot detects a knowledge gap and a customer is awaiting a reply.
- Bill the merchant accurately based on monthly message usage.
We do not train our own AI models on merchant or customer data. Messages sent to third-party AI providers (see Sub-processors) are processed under their respective no-training data policies.
3. Sub-processors
To operate Key AI Chatbot we rely on the following third-party processors. Each has a published Data Processing Addendum (DPA) and is committed to GDPR / CCPA compliance.
| Entity | Purpose | Location |
|---|---|---|
| Amazon Web Services, Inc. | Application hosting and PostgreSQL database | EU (eu-north-1, Stockholm) |
| Anthropic, PBC | Claude AI inference for chat responses | United States |
| OpenAI, L.L.C. | GPT-4o inference for tool-use and intent classification | United States |
| Voyage AI Innovations Inc. | Semantic search reranking | United States |
| Meta Platforms, Inc. | WhatsApp Business API and Instagram Messaging | United States / Ireland |
| Resend, Inc. | Transactional and notification email delivery | United States |
| Cloudflare, Inc. | DNS, CDN, and inbound email routing | Global edge (data may transit US / EU) |
| Shopify Inc. | Authentication, billing, and merchant data access | Canada |
We update this list before adding any new processor that handles personal data. Material changes are communicated via the merchant dashboard.
4. Your Rights
Depending on your location, you may have specific rights regarding your personal data. These typically include the right to access, correct, or delete your information, as well as the right to data portability.
To exercise any of these rights, email [email protected] with your shop domain. We respond within 14 days and may ask for additional verification before acting on requests that involve sensitive data.
5. Contact Us
Have questions or concerns about this Privacy Policy? Our dedicated data protection team is here to assist you.
Office
Bursa, Türkiye