Privacy Policy

Wismo

Last updated: January 15, 2025

Overview

Wismo is a Shopify app that provides AI-powered customer support through an automated chat widget on your storefront. We are committed to protecting your privacy and being transparent about how we handle data. This policy explains what data we collect, how we use it, and your rights regarding your information.

Data We Collect

Store Information

• Shop name, domain, and myshopify domain
• Store timezone and currency settings
• Store owner email (from app installation)
• Subscription plan and billing information
• App usage statistics and conversation limits

Conversation Data

• Customer messages and AI responses
• Conversation timestamps and session duration
• Customer email (only if voluntarily provided during chat)
• Order numbers referenced in conversations
• Conversation resolution status and outcomes

Support Ticket Data

• Ticket subject and description
• Customer contact information (if provided)
• Ticket status, priority, and resolution notes
• Linked conversation history

Product & Order Information

• Product titles, descriptions, and availability (for AI responses)
• Order status and tracking information (when customers inquire)
• We only access order data when a customer asks about a specific order

App Configuration Data

• Chat widget appearance settings (colors, position)
• AI response tone preferences
• FAQ entries and custom responses
• Store policies and business information

How We Use Your Data

Primary Purposes

• AI Responses: Generate relevant, helpful answers to customer questions
• Order Lookups: Retrieve order status when customers ask about their orders
• Ticket Management: Create and manage support tickets when AI cannot resolve issues
• Analytics: Provide insights into customer inquiries and support trends
• Plan Management: Monitor usage limits and enforce plan restrictions

AI & Machine Learning

• Our AI uses your FAQs, store policies, and product information to generate accurate responses
• Conversation data is analyzed to identify common customer pain points and topics
• AI insights help you understand what customers ask about most frequently
• Customer conversations are not used to train external AI models

Data Security & Protection

Security Measures

• All data transmitted via encrypted HTTPS/TLS connections
• Data stored in secure, encrypted PostgreSQL databases
• Authentication required for all app access via Shopify OAuth
• Webhook signature verification (HMAC) for all incoming data
• Regular security monitoring and audit logs

Infrastructure

• Hosted on Railway.app with enterprise-grade infrastructure
• Database backups performed automatically
• Secure environment variable management for API keys and secrets

Access Controls

• Limited staff access to data on strict need-to-know basis
• Two-factor authentication required for development team
• Access logging for all administrative operations

Data Sharing & Third Parties

No Data Sales

• We never sell, rent, or lease your data to third parties
• We do not share data with advertisers or marketers
• Customer conversation data is only used to provide support services

Service Providers We Use

• Railway.app: Cloud hosting and database services (data processing agreement in place)
• OpenAI: AI language model for generating customer responses (data not used for training)
• Shopify: OAuth authentication and webhook data (governed by Shopify's data processing terms)

All third-party services are bound by strict confidentiality agreements and GDPR-compliant data processing terms.

Data Retention & Deletion

Retention Periods

• Active store data: Retained while app is installed and active
• Conversation records: Retained for 90 days for analytics and support continuity
• Support tickets: Retained until resolved, then for 12 months for reference
• Usage/billing data: Retained for current billing cycle plus 12 months for accounting compliance

Automatic Deletion (GDPR Compliance)

Wismo implements Shopify's mandatory GDPR compliance webhooks:

• Customer Data Request: When a customer requests their data from your store, we provide all conversation and ticket data associated with their email address
• Customer Redaction: When a customer requests data deletion, we immediately and permanently delete all conversations, tickets, and associated records for that customer
• Shop Redaction: When you uninstall the app, all shop data is automatically deleted within 48 hours, including:
  • All conversation records
  • All support tickets
  • All FAQs and custom responses
  • All shop configuration and settings
  • All session and authentication data

Your Deletion Rights

• Request immediate data deletion at any time via email to contact@matriks.io
• Uninstall the app to trigger automatic deletion within 48 hours
• Request deletion of specific customer data via GDPR compliance requests
• Data portability available - request your data in JSON format

Your Rights & Choices

Access & Control

• Right to Access: View all data we have about your store through the app dashboard or request a data export
• Right to Correction: Update inaccurate data through app settings or request corrections
• Right to Portability: Download your data in portable JSON format
• Right to Deletion: Delete your data at any time by uninstalling or requesting deletion
• Right to Object: Object to specific data processing activities

Consent & Opt-Out

• By installing Wismo, you consent to data collection as described in this policy
• You can revoke consent by uninstalling the app
• Disable specific features through app settings

Cookies & Tracking

App Usage

• Shopify OAuth session cookies (required for authentication)
• No tracking cookies or analytics in the app interface itself

Chat Widget

• Session identifier to maintain conversation continuity
• No personal tracking or cross-site cookies

Legal Compliance

Privacy Regulations

Wismo complies with:

• GDPR (European Union) - Full compliance including mandatory GDPR webhooks
• CCPA (California) - Consumer privacy rights supported
• PIPEDA (Canada) - Privacy principles implemented
• Shopify App Requirements - All mandatory compliance features implemented

Data Processing Locations

• Data processed and stored in secure US-based data centers (Railway.app infrastructure)
• Standard contractual clauses in place for international data transfers
• GDPR-compliant data processing agreements with all service providers

Legal Requests

• We may disclose data if required by law or valid legal process
• We will notify you of legal requests unless prohibited by law
• We challenge overbroad or invalid requests when possible

Children's Privacy

Wismo is intended for business use only and does not knowingly collect data from individuals under 16 years of age. If we become aware of data collected from children, we will delete it immediately.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices, legal requirements, or app features. We will notify you of significant changes via:

• Email notification to the store owner email on file
• In-app banner notification on your dashboard
• Updated "Last updated" date at the top of this policy

Your continued use of Wismo after policy updates constitutes acceptance of the new terms.

Contact Us