Privacy Policy

WelloChat is an AI-powered chat assistant for Shopify storefronts. The WelloChat application and website (collectively, the “Service”) are owned and operated by Market Mint LLC(“WelloChat,” “we,” “us,” or “our”).

This Privacy Policy explains what information we collect, how and why we use it, who we share it with, how long we keep it, and the choices and rights you have. It applies to two groups of people:

• Merchants — Shopify store owners and their authorized staff who install and use WelloChat.
• Shoppers— end customers who interact with the WelloChat widget on a merchant’s storefront.

We collect only the information needed to provide and improve the Service. We group it by source:

a. Information collected through Shopify APIs

When a merchant installs WelloChat, we access certain data from the merchant’s Shopify store through Shopify’s official APIs, under the access scopes the merchant approves. This may include:

• Store profile information (store name, domain, currency, plan, timezone, and contact email).
• Product catalog data (titles, descriptions, variants, prices, images, inventory, and collections).
• Store policies and content (shipping, returns, refunds, FAQs, and pages) used to answer shopper questions.
• Order-status information needed to answer an order-tracking or returns request a shopper initiates — limited to non-identifying details such as fulfillment status, tracking, and line items. We use the order number and email a shopper provides in chat only to locate their own order; we do not retrieve customer name, address, or phone number from Shopify.

b. Information provided by merchants

• Account and billing details (name, business email, and the subscription tier selected). Payments are processed by Shopify Billing — we do not collect or store full payment card numbers.
• Configuration you provide (widget appearance, AI personality settings, custom instructions, and support escalation contacts).
• Communications you send us (support requests, feedback, and email correspondence).

c. Information from shoppers (end customers)

• The content of chat conversations, including questions, messages, and any information a shopper voluntarily provides in chat.
• Cart and product interactions made through the widget (items viewed, added, or removed).
• Where a shopper provides it, contact or order-lookup information (such as an email address or order number) needed to answer their request.

d. Information collected automatically

• Technical and usage data such as IP address, browser type, device type, pages where the widget loaded, timestamps, and diagnostic logs.
• A limited set of cookies or local-storage identifiers strictly necessary to keep a chat session active and to remember widget state. See Cookies & Tracking.
• Aggregated analytics about Service performance and conversation outcomes (for example, conversion and resolution rates).

We do not knowingly collect special categories of personal data (such as health, biometric, or financial-account data) and we ask that shoppers not submit such data through the chat widget.

We use the information we collect to:

• Operate the AI chat assistant — answering shopper questions, searching the catalog, managing carts, and initiating checkout.
• Provide order tracking, returns assistance, and human handoff when a conversation requires it.
• Generate analytics and insights for the merchant’s dashboard.
• Maintain, secure, debug, and improve the Service and its AI quality.
• Process subscriptions, prevent fraud and abuse, and enforce our Terms of Service.
• Communicate with merchants about their account, security, and service updates, and respond to support requests.
• Comply with legal obligations and lawful requests.

Legal bases (EEA/UK)

Where the EU/UK GDPR applies, we rely on the following legal bases: performance of a contract (to deliver the Service); legitimate interests (to secure, improve, and analyze the Service in a balanced way); consent (where required, e.g., certain cookies or marketing); and compliance with legal obligations. For shopper personal data processed on a merchant’s behalf, the merchant determines the legal basis as controller.

WelloChat’s AI responses are generated using large language models provided by Google. To deliver the Service, we share the minimum data necessary with a limited set of vetted sub-processors, each bound by contractual data-protection obligations:

• Google (Gemini API)— processes conversation content to generate responses. Conversation data sent to Google via the paid Gemini API is not used to train Google’s foundation models.
• Shopify— the platform through which the app is installed, billed, and connected to store data, under Shopify’s API and Partner terms.
• Cloud hosting and infrastructure providers — used to host the Service, store data securely, and deliver the widget.

A current list of sub-processors is available on request by emailing hello@wellochat.com. We will provide reasonable notice of any new sub-processor that processes personal data.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. We disclose information only in these circumstances:

• With sub-processors who perform services on our behalf, as described above.
• With the merchant whose store a conversation took place on (conversations and analytics are made available to that merchant).
• For legal reasons — to comply with applicable law, a court order, or a lawful government request, or to protect the rights, safety, and security of users, the public, or WelloChat.
• In a business transfer — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy continuing to apply to the transferred data.

We follow Shopify’s Protected Customer Data requirements and the principle of data minimization:

• We request only the Shopify access scopes necessary for the features a merchant uses, and we process only the minimum personal data required to provide those features.
• We tell merchants what personal data we process and why, and we enter into data-processing terms with merchants on request.
• We do not request or store Shopify’s protected customer data fields (such as a customer’s name, address, or phone number), and we maintain access controls over the data we do process.
• We apply retention limits so personal data is not kept longer than needed (see Data Retention).
• We honor applicable consent and opt-out decisions communicated to us or signaled through Shopify’s customer privacy framework.

As a Shopify App Store app, WelloChat subscribes to Shopify’s mandatory compliance webhooks and acts on the requests they deliver:

• customers/data_request— when a shopper asks a merchant for the data we hold about them, we respond to the request. Because WelloChat does not request or store Shopify’s protected customer data fields, there is generally no Shopify-keyed personal data for us to return; where a shopper voluntarily entered details in chat, we assist the merchant in locating them.
• customers/redact — when a shopper requests deletion, we delete the personal data we hold that is associated with the request. As we do not store Shopify protected customer data, any details a shopper entered in chat are removed in line with the conversation-retention schedule below (subject to legal retention requirements).
• shop/redact— 48 hours after a merchant uninstalls WelloChat, Shopify sends this request and we delete the store’s data on the schedule described below.

Shoppers should direct privacy requests to the merchant whose store they used (the controller of that data). Merchants and individuals may also contact us directly at hello@wellochat.com and we will assist.

• Conversation data (chat messages and anything entered in chat) is automatically deleted 90 days after the conversation's last activity, and is also deleted when a merchant uninstalls WelloChat.
• Customer authentication tokens are deleted within 30 days.
• Store and account data is retained while the app is installed. After an uninstall we promptly delete the store's conversation and customer data, and any remaining account/installation records within 30 days. When Shopify sends a shop/redact request (~48 hours after uninstall), we permanently delete any remaining store data.
• Shopper data subject to a redaction request is erased promptly on receipt, and within the timeframe required by applicable law.
• We may retain limited records longer where necessary for legal, tax, accounting, or security obligations, in de-identified or aggregated form where possible.

We use technical and organizational measures designed to protect personal data, including:

• Encryption of data in transit (TLS) and at rest.
• Access controls that restrict access to data to authorized personnel on a need-to-know basis.
• Use of reputable cloud infrastructure providers and Shopify’s official, scoped APIs.
• Periodic review of our security practices.

No method of transmission or storage is completely secure. While we work hard to protect your data, we cannot guarantee absolute security. If we become aware of a personal-data breach affecting you, we will notify affected parties as required by applicable law.

WelloChat is operated from the United States, and our service providers may process data in the United States and other countries. If you access the Service from the European Economic Area, the United Kingdom, or another region with data-transfer restrictions, your information may be transferred to and processed in countries whose data-protection laws differ from your own.

Where required, we rely on appropriate safeguards for such transfers, such as the European Commission’s Standard Contractual Clauses (and the UK Addendum), together with supplementary measures. You may request more information about these safeguards by contacting us.

Depending on where you live, you may have some or all of the following rights regarding your personal data:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete (erase) your personal data.
• Restrict or object to certain processing, and withdraw consent where processing is based on consent.
• Data portability — receive your data in a portable format.
• Opt out of the “sale” or “sharing” of personal data and of targeted advertising. WelloChat does not sell or share personal data for these purposes.
• Not be subject to unlawful discrimination for exercising your rights.

EEA / UK (GDPR)

If you are in the EEA or UK, you may lodge a complaint with your local supervisory authority. Because we often act as a processor for merchants, we will refer requests about shopper data to the relevant merchant and assist them in responding.

California (CCPA/CPRA) and other U.S. states

California, and a growing number of U.S. states, grant residents rights to know, delete, correct, and opt out as described above. We do not sell personal information or use it for cross-context behavioral advertising.

To exercise any right, email hello@wellochat.com. We will verify your request and respond within the timeframe required by law. You may use an authorized agent where permitted.

The WelloChat widget uses a minimal set of strictly necessary cookies and/or browser local-storage entries to keep a chat session active, remember the open/closed state of the widget, and prevent abuse. These are required for the widget to function.

We do not use the widget to place advertising or cross-site tracking cookies. Where consent is required for any non-essential cookie, we will obtain it. Merchants are responsible for surfacing the widget’s cookie use within their store’s own cookie banner and consent tooling as applicable.

When a merchant uses WelloChat, the merchant is the controller of its customers’ personal data. As a merchant, you agree to:

• Maintain your own privacy notice that accurately discloses your use of WelloChat and AI-assisted chat to your shoppers.
• Obtain any consents required by law before enabling features that process shopper personal data.
• Only configure the app to process personal data for lawful, disclosed purposes.
• Promptly relay or honor data subject requests you receive from your shoppers.

The Service is not directed to children under the age of 16, and we do not knowingly collect personal data from children. If you believe a child has provided us personal data, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify merchants by email or through the app. Your continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.

If you have questions about this Privacy Policy or how we handle your data, contact us:

• Email: hello@wellochat.com
• Market Mint LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA