Privacy Policy

1. Introduction

Renovize LLC ("we", "our", "us") operates Eliminai (eliminai.ai), an AI-powered customer support platform for e-commerce merchants. This Privacy Policy explains how we collect, use, store, and protect information when you use our service, including data accessed through third-party platform APIs such as Shopify, Meta (Facebook & Instagram), Google (Gmail), Microsoft (Outlook), and Stripe.

By using Eliminai, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

2.1 Information collected through Shopify APIs

When you install our Shopify app or connect your Shopify store, we access the following data through Shopify's Admin API with your explicit authorization:

• Order Data: Order details, order status, fulfillment information, shipping addresses, and tracking numbers to provide accurate customer support responses.
• Customer Data: Customer names and email addresses associated with orders to identify and respond to support requests.
• Product Data: Product titles, descriptions, variants, and inventory information to answer product-related inquiries.

We use Shopify data exclusively to power customer support features. We do not use Shopify data for marketing, advertising, or any purpose beyond the core functionality of our app, in compliance with the Shopify API License and Terms of Use.

2.2 Information collected through Meta Platform (Facebook & Instagram)

When you connect your Facebook Page or Instagram Business Account, we collect the following data through Meta's Graph API with your explicit OAuth authorization:

• Page Information: Facebook Page ID, page name, page category, and page profile picture; Instagram Business Account ID, name, and profile picture.
• Page Access Tokens: Long-lived page access tokens used to read and send messages on your behalf. These are stored encrypted at rest and are never shared with third parties.
• Incoming Messages: Message text, timestamps, attachments (images, videos, files), and sender information (page-scoped user ID, name, and profile picture) from Facebook Messenger and Instagram Direct Messages.
• Permissions Used: We request the following permissions — pages_show_list, pages_messaging, pages_read_engagement, pages_manage_metadata, instagram_basic, instagram_manage_messages, and business_management — solely to receive customer support messages and send replies on your behalf.

We only access data necessary to provide customer support functionality. We do not post to your page, access your followers, or use your social media data for advertising.

2.3 Information collected through Google (Gmail)

• Email Messages: Incoming and outgoing support emails from your connected Gmail account, including message content, sender/recipient addresses, attachments, and thread metadata.
• Account Information: Your Gmail address and profile name for display purposes.
• Permissions Used: We request Gmail API scopes (gmail.modify, gmail.send) solely to read incoming support emails and send replies on your behalf.

Eliminai's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.4 Information collected directly from merchants

• Account Information: Name, email address, and authentication credentials when you create an account via Google OAuth or email login.
• Business Information: Brand name, brand voice settings, support policies, and configuration preferences.
• Knowledge Base Content: Custom support articles and FAQ content you create or sync from your store.

2.5 Information collected from merchants' customers

• Customer Messages: Messages received through connected channels (email, Facebook Messenger, Instagram DMs) for the purpose of providing customer support.
• Customer Contact Information: Email addresses and social media profile names from incoming support messages.
• Attachments: Photos, videos, or files sent by customers as proof for returns or defective item claims. These may be stored in our cloud storage for review.

2.6 Payment dispute data

• Stripe Dispute Data: If you connect your Stripe account, we access dispute and chargeback information (dispute reason, amount, evidence deadlines) to help you manage and respond to payment disputes. We access this data via a restricted API key you provide.

2.7 Automated logs

• Server logs including IP addresses, request timestamps, and API usage for security and debugging purposes.
• Audit logs of actions taken within the platform (ticket status changes, replies sent, configuration changes).

3. How We Use Your Information

• To provide and operate our customer support platform on your behalf.
• To receive, classify, and respond to customer messages using AI-generated drafts.
• To look up order and shipping information for accurate support responses.
• To manage your connected social media, email, and payment channels.
• To improve AI response quality based on your edits and feedback.
• To detect and filter spam and abusive messages.
• To help manage payment disputes and generate dispute evidence.
• To communicate with you about your account and service updates.

We do not use your data for advertising, sell your data to third parties, or use merchant or customer data for any purpose beyond providing our app services. Specifically:

• We do not transfer or sell user data to advertising platforms, data brokers, or information resellers.
• We do not use data for serving ads, including retargeting, personalized, or interest-based advertising.
• We do not use data to determine credit-worthiness or for lending purposes.
• We do not sell, display, or distribute data to any entity conducting surveillance.
• We do not use Meta Platform Data for purposes other than providing and improving customer support functionality within our app.
• Human access to user data is limited to providing customer support, investigating security issues, or complying with legal obligations, and only with your consent or as required by law.

4. Third-Party Services and Sub-processors

We use the following third-party services to operate our platform:

• OpenAI: Customer messages and order context are sent to OpenAI's API to generate support reply drafts. Data is processed per OpenAI's API data usage policies and is not used to train their models.
• Meta (Facebook & Instagram): When you connect your Facebook Page or Instagram Business Account, we access page information and messages through Meta's Graph API with your explicit OAuth authorization. We use the permissions pages_messaging, instagram_manage_messages, pages_show_list, pages_read_engagement, pages_manage_metadata, instagram_basic, and business_management solely to receive and send customer support messages on your behalf.
• Google (Gmail): When you connect Gmail, we access your inbox to read and send support emails on your behalf using OAuth with your explicit consent. Our use of Gmail data complies with the Google API Services User Data Policy, including the Limited Use requirements. We only access, use, store, or share Gmail data for providing and improving customer support features visible in our app. We do not use Gmail data for advertising or transfer it to third parties for unrelated purposes.
• Stripe: When you connect Stripe, we access dispute data via your restricted API key to help manage chargebacks.
• Cloudflare R2: Customer-uploaded attachments (photos, videos) are stored securely in Cloudflare R2 cloud storage with encryption at rest.
• Neon (PostgreSQL): Our primary database is hosted on Neon's managed PostgreSQL service in the United States.
• Railway: Our application is hosted on Railway's cloud platform.

We only share data with these services as necessary to provide our app functionality. We do not sell or share your data with any other third parties.

5. Data Storage and Security

• All data is stored in secure cloud infrastructure in the United States.
• Sensitive credentials (access tokens, API keys) are encrypted at rest using AES-256 encryption.
• All connections use HTTPS/TLS encryption in transit.
• Role-based access controls limit who can view and manage data.
• Webhook payloads are verified using cryptographic signatures (HMAC-SHA256).
• Meta Platform Data access tokens are stored encrypted and are never exposed in logs or client-side code.

6. Data Retention and Deletion

We retain your data for as long as your account is active or as needed to provide our services.

Channel Disconnection

When you disconnect a channel from our platform:

• Facebook / Instagram: We immediately revoke and delete the stored page access tokens and connection data. Message history associated with support tickets is retained for your records but no further data is fetched from Meta.
• Gmail: We revoke and delete the stored OAuth tokens and stop accessing your inbox.
• Shopify: When you uninstall our app, we process the shop/redact webhook and remove your Shopify credentials and associated data.
• Stripe: We delete the stored API key and stop accessing dispute data.

Account Deletion

You can request deletion of all your data at any time by contacting us at support@eliminai.ai or by using the account deletion option in your Settings. We will process deletion requests within 30 days in accordance with applicable privacy laws.

Meta Platform Data Deletion

If you remove our app from your Facebook settings, we receive a data deletion callback from Meta and will delete all Meta-related data (page tokens, message data received via Meta APIs) within 30 days. You can also disconnect Facebook/Instagram from our Settings page at any time to immediately remove stored access tokens.

7. Data Subject Requests

We respond to data subject requests as required by GDPR, CCPA/CPRA, and other applicable privacy laws. We handle the following compliance webhooks and requests:

• Customer Data Request: When a customer requests their data, we provide all personal data we hold about them.
• Customer Erasure: When a customer requests deletion, we anonymize all their personal data in our system.
• Shop Erasure: When a merchant uninstalls our app and requests data deletion, we remove all associated merchant and customer data.
• Meta Data Deletion: When a user removes our app from Facebook, we process the deletion callback and remove all associated Meta Platform Data.

8. Your Rights

Depending on your jurisdiction, you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data.
• Object to or restrict processing of your data.
• Withdraw consent for any connected integration at any time by disconnecting the channel in Settings.
• Export your data in a portable format.
• Lodge a complaint with a supervisory authority (for EU/EEA residents).

To exercise any of these rights, contact us at support@eliminai.ai.

9. International Data Transfers

Our service is operated from the United States. If you are accessing our service from outside the US, please be aware that your data will be transferred to, stored, and processed in the United States. By using our service, you consent to this transfer. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy.

10. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, by notifying you via email. Continued use of our service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, wish to exercise your rights, or need to submit a data subject request, contact us at:

Renovize LLC
Email: support@eliminai.ai