Legal
Privacy Policy
Last updated: June 2026
1. Introduction
Chatonbo (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform and services at chatonbo.com.
By using Chatonbo, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our services.
2. Information We Collect
Account Information
When you create an account, we collect your name, email address, company name, and password (stored in hashed form). If you sign up via Google OAuth, we receive basic profile information from Google.
Usage Data
We collect information about how you interact with our platform, including pages visited, features used, bot configurations, conversation logs, and API calls made.
Chat Data
Conversations that take place via your embedded chatbot are stored on our servers. This includes messages, session identifiers, page URLs, and any lead information (name, email, phone) captured during the conversation.
Payment Information
Payment processing is handled by our third-party payment provider. We do not store full credit card numbers. We may store billing-related tokens provided by the payment processor.
3. How We Use Your Information
- To provide, maintain, and improve our services
- To process transactions and send related information
- To send transactional emails (account verification, notifications, weekly digests)
- To respond to support requests and inquiries
- To monitor and analyze usage patterns to improve the platform
- To enforce our Terms of Service and prevent abuse
- To comply with legal obligations
4. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share data with:
- Service providers (e.g., OpenAI for AI processing, cloud infrastructure providers) under data processing agreements
- Payment processors to complete transactions
- Law enforcement or government authorities when required by law
- Successors in the event of a merger or acquisition (you will be notified)
5. Data Security
We implement industry-standard security measures including TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt password hashing, and JWT-based authentication with refresh token rotation. However, no method of transmission over the internet is 100% secure.
6. Connected Stores & Customer Data
When you connect a store or website to Chatonbo (for example via Shopify, WooCommerce, or Wix), our chatbot may process data about your customers and visitors (“Customer Data”) so it can answer their questions and assist them. For this Customer Data, you act as the data controller and Chatonbo acts as your processor, processing it only on your instructions to provide the Service.
Depending on the features you enable, this may include: storefront and product content; order information such as order status, fulfillment, and tracking, looked up by a customer’s email or order number; discount codes; and messages your customers send to the chatbot. On Shopify, access to protected customer data (such as order email) is requested and approved through Shopify’s Protected Customer Data program.
- We use Customer Data only to operate the chatbot for you - answering questions, looking up orders, recommending products, validating discounts, and capturing leads - never to sell it or to train third-party AI models.
- Order and customer information retrieved live from your store is processed transiently to answer a request in real time and is not stored beyond what is needed to provide the Service.
- Customer Data is encrypted in transit (TLS) and at rest; store access tokens are encrypted at rest.
- When you disconnect a store or close your account, associated Customer Data is deleted in line with our retention schedule, and we honor platform-mandated erasure requests (including Shopify GDPR/CCPA data-request and redaction webhooks).
7. Data Retention
We retain your account data for as long as your account is active. Conversation and lead data are retained for 12 months by default on the Free plan, and indefinitely on paid plans. You may request deletion of your data at any time by contacting us or using the account deletion feature in your dashboard settings.
8. Cookies
We use cookies and similar tracking technologies to operate our platform. These include:
- Essential cookies: required for authentication and core functionality
- Analytics cookies: to understand how users interact with our platform (opt-out available)
- Preference cookies: to remember your settings
9. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data (“right to be forgotten”)
- Object to or restrict processing of your data
- Data portability (receive your data in a machine-readable format)
- Withdraw consent at any time
To exercise these rights, contact us at [email protected].
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a prominent notice on our platform at least 14 days before changes take effect. Continued use of our services after changes constitutes acceptance.
12. Contact Us
For any questions or concerns about this Privacy Policy, please contact us:
Email: [email protected]
Support: [email protected]