Privacy policy.

What Instagram Data We Access

• —Instagram Business account profile information (username, account ID, profile picture) via instagram_business_basic
• —Instagram Direct Messages received from your customers via webhooks via instagram_business_manage_messages

How We Use This Data

• —Profile information is displayed in your Chatmount dashboard to confirm which Instagram account is connected
• —Incoming DMs are processed through your AI chatbot to generate AI-assisted replies on your behalf
• —DM content is sent to our AI provider (OpenAI) solely to generate a response — OpenAI does not use API inputs to train its models

What We Do Not Do

• —We do not store Instagram DM content permanently — messages are processed in real-time to generate a response
• —We do not sell or share Instagram user data with any third parties
• —We do not use Instagram data for advertising or marketing purposes
• —We do not access media, stories, posts, or follower data — only Direct Messages and basic profile information

Data Retention

• —Instagram access tokens are encrypted and stored only for as long as the integration is active
• —When you disconnect Instagram, your access token is immediately and permanently deleted from our systems
• —Message content may be briefly retained in memory during an active chat session for conversation context, but is not written to long-term storage

Your Control

• —You can disconnect your Instagram account at any time from the Integrations dashboard inside Chatmount
• —Disconnecting immediately revokes all of our access to your Instagram data
• —If you delete your Chatmount account, all Instagram-related data (profile information, encrypted access tokens, and any logged conversations) is permanently deleted from our systems within 30 days

What WhatsApp Data We Access

• —The WhatsApp Business phone number you connect, its display name, WhatsApp Business Account (WABA) ID, and quality rating — used to identify, register, and manage the connected number via whatsapp_business_management
• —Messages your customers send to your WhatsApp Business number (text and interactive button / list replies), received in real time via webhooks, via whatsapp_business_messaging
• —The sender's WhatsApp phone number and WhatsApp profile name — used to route the conversation and personalise replies
• —The message templates on your WhatsApp Business Account, which we can list, create, and submit to Meta for approval on your behalf, via whatsapp_business_management

How We Use This Data

• —Account and phone-number details are shown in your Chatmount dashboard to confirm which WhatsApp Business number is connected and its health status
• —Incoming messages are processed through your AI chatbot to generate AI-assisted replies that are sent back to the customer on WhatsApp on your behalf
• —A human teammate in your workspace can also read the conversation and reply manually (human handover) from the Chatmount dashboard
• —Message content is sent to our AI provider (OpenAI) solely to generate a response — OpenAI does not use API inputs to train its models
• —Message templates you create are submitted to Meta for approval and sent only when you or your configured automations trigger them

What We Do Not Do

• —We do not use WhatsApp data for advertising or marketing purposes
• —We do not sell or share WhatsApp message content or contact details with any third party
• —We do not access any WhatsApp data beyond messaging and account management for the business number you connect
• —We do not send unsolicited or bulk marketing messages. We send free-form replies only inside WhatsApp's 24-hour customer service window, and otherwise only the message templates you have configured and Meta has approved — in line with the WhatsApp Business Messaging Policy

Data Retention & Revocation

• —Your WhatsApp access token is AES-256-GCM encrypted at rest and stored only while the integration is connected
• —Conversation messages are stored to provide conversation history, analytics, and human handover inside your dashboard, and are deleted on the schedule described in “Data Retention” below (within 30 days of deleting the agent or your account)
• —When you disconnect WhatsApp from the Integrations dashboard, we immediately revoke our access and permanently delete the stored access token
• —If you remove Chatmount from your Meta account settings, our Deauthorize and Data Deletion callbacks automatically disconnect the affected number(s) and revoke the stored credentials

Google Data We Access

• —Your Google account email address and OpenID identifier (via openid and userinfo.email). Used to sign you in and to confirm which Google account is connected to an integration.
• —Specific Google Drive files you select via Google Drive Picker (via drive.file). We can only read and write the exact spreadsheet(s) you pick. We cannot see, read, or modify any other file in your Drive.
• —Permission to create calendar events on the calendar you select (via calendar.events). We only create events through this scope; we do not modify or delete events we did not create.
• —Free/busy time ranges on the calendar you select (via calendar.readonly). We only read whether a time range is busy — we do not read event titles, descriptions, attendees, or any other event details.

How We Use This Data

• —Sign-in: to authenticate you into Chatmount and create or load your account.
• —Google Sheets lead export: each new lead captured by your chatbot is appended as a new row to the spreadsheet you picked. When possible the data is mapped to your existing column headers; if the sheet is empty we write a default header row once.
• —Calendar bookings: when a visitor picks a slot in your chat widget, we create a calendar event on the calendar you chose with the visitor's name and email as an attendee plus an auto-generated Google Meet link. The event description contains only the information the visitor submitted in the lead form.
• —Free/busy lookups: we query free/busy ranges on demand to generate the list of available time slots shown to visitors. This data is used in-memory and never stored.

What We Do Not Do

• —We do not sell, rent, or share your Google data with any third party.
• —We do not use your Google data for advertising, marketing, or to train AI or machine-learning models.
• —We do not access any Google services, APIs, or data beyond the scopes listed above.
• —We do not read or store Google Drive files other than the spreadsheet you explicitly picked.
• —We do not read Google Calendar event details (titles, descriptions, attendees, locations) — only free/busy time ranges.
• —We do not allow humans to read your Google data except as required for security investigations, to comply with law, or with your explicit consent.

Data Retention & Revocation

• —Your Google OAuth refresh token is encrypted at rest and stored only while the integration is connected.
• —The IDs of the spreadsheet and calendar you selected are stored as configuration. We do not store file contents — we only write to them.
• —Disconnecting an integration from the Chatmount dashboard immediately and permanently deletes the encrypted tokens from our systems.
• —You can also revoke Chatmount's access at any time from myaccount.google.com/permissions.

Shopify Data We Access

• —Product catalog (title, description, variants, prices, images, inventory state) via read_products. Indexed into your AI agent so it can answer product questions.
• —Themes (list of themes, theme metadata) via read_themes. Used only to populate the theme picker in the Chatmount dashboard so you can choose where to enable the App Embed Block.
• —Logged-in customer identity (Shopify customer.id, name, email, phone) from the storefront when a customer is signed in. Stamped onto the chat session via the Theme App Extension so subsequent actions target the right customer.
• —Order details (order number, totals, financial and fulfillment status, tracking URL) via read_orders. Fetched at chat time to answer "where's my order?".
• —Customer profile and addresses via read_customers and write_customers. Read and updated only when the customer explicitly asks the AI to do so during a conversation.
• —Cart contents read from your storefront's public /cart.jsendpoint by the widget running in the visitor's browser. No Shopify Admin scope is required for cart access.

How We Use This Data

• —Product knowledge: your product catalog is embedded into your AI agent's knowledge base so it can recommend products and answer product questions accurately.
• —Live order, profile, and address actions: when a customer asks about their order or asks to update their account, the AI fetches the data from Shopify at chat time. The data is held in process memory for the duration of one chat turn and then discarded.
• —Customer identity persistence: when a logged-in customer chats, we persist their Shopify customer ID and email on the chat session row so the AI doesn't have to re-ask in future conversations.
• —LLM prompts: we do not send identifiable Shopify customer data to our AI provider. Names and emails are replaced with placeholder tokens before prompts are constructed.

What We Do Not Do

• —We do not sell, rent, or share Shopify data with any third party.
• —We do not use Shopify data for marketing, advertising, or to train AI or machine-learning models.
• —We do not access Shopify scopes beyond those listed above. Profile and address writes are scoped to the currently logged-in storefront customer only — never another customer in the store.
• —We do not initiate emails, SMS, or marketing communications using the customer's contact details obtained from Shopify.

GDPR & CCPA Compliance Webhooks

We implement Shopify's mandated compliance webhooks end-to-end:

• —customers/data_request — we log the request and surface what we have for that customer on that shop.
• —customers/redact— we immediately null the Shopify customer identifier, email, name, and IP on every chat session tied to that customer on that shop. The chat session record itself is retained because it represents the merchant's business data, but is permanently disconnected from the customer's identity.
• —shop/redact (fired 48 hours after a shop uninstalls the Chatmount app) — we delete the entire Shopify connection record, all product knowledge imported from that shop, and pseudonymise every chat session originating from the shop. The process completes synchronously within the webhook handler.

Data Retention & Revocation

• —Shopify access tokens are AES-256-GCM encrypted at rest and stored only while the integration is connected.
• —Customer identifiers on chat sessions are retained for the lifetime of the merchant's Chatmount workspace or until a customers/redact webhook fires for that customer — whichever comes first.
• —Order, profile, and address data fetched at chat time is never persisted — it lives in process memory for one chat turn and is then discarded.
• —You can disconnect Shopify at any time from the Deploy page in your Chatmount dashboard. Disconnect deletes the access token, removes webhooks, and purges product knowledge from your AI agent. You may also uninstall the Chatmount app from your Shopify admin, which triggers a full purge via the shop/redact webhook.