Privacy Policy

1. Scope & Roles

This Privacy Policy describes how Egentify ("Egentify," "we," or "us") collects, uses, and shares personal information when our customers (the "Customer," typically a Shopify or WooCommerce merchant) use the Egentify Service to provide AI customer service to their end users (the "End Users").

For most data flowing through the Service, the Customer is the data controller (or "business" under California law) and Egentify acts as the data processor (or "service provider"). The Customer is responsible for the lawful basis on which they collect End User data and for honoring End User privacy requests; Egentify processes that data only as instructed under our agreement with the Customer.

For data we collect directly from Customer account holders (e.g., when you create an Egentify account or visit our marketing site), Egentify is the controller, and this Policy applies directly.

2. Information We Collect

We collect the following categories of personal information:

• Account information. Name, email address, phone number, organization name, role, password (hashed), and billing details collected when a Customer registers or pays for the Service.
• Customer Data. Information our Customers and their End Users submit through the Service, including conversation transcripts, customer profile data accessed from the connected commerce platform (orders, products, addresses, payment status), uploaded files, and configuration content (refund policies, FAQ articles).
• Voice call data. Audio recordings, transcripts, caller phone numbers, call durations, and metadata collected when End Users call a phone number connected to the Service.
• Usage data. Logs of feature use, timestamps, IP address, browser and device type, pages viewed, and clickstream within the Egentify dashboard.
• Cookie and tracking data. Cookies, pixels, and similar technologies used on our marketing site and dashboard, as described in Section 14.
• Communications. Messages you send to our support, sales, and legal teams.

We do not knowingly collect health information regulated by HIPAA, financial information regulated by GLBA, or biometric identifiers (including voiceprints) through the Service. If you process such data through Egentify, you do so at your own risk and outside the scope of this Policy.

3. How We Use Information

We use personal information to:

• Provide, maintain, and improve the Service for our Customers and their End Users.
• Process payments, manage subscriptions, and handle billing inquiries.
• Authenticate users and protect the Service against fraud, abuse, and security threats.
• Communicate with Customers about service updates, security notices, billing matters, and (where opted in) product news.
• Generate aggregated, de-identified analytics about Service performance.
• Comply with legal obligations and enforce our Terms.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

4. AI Processing

The Service uses third-party AI providers (currently including OpenAI) to process conversation content and generate responses. Inputs sent to these providers are processed under a data-retention opt-out: the providers do not retain prompts and outputs beyond what is necessary to deliver the response, and they do not use Customer Data to train their general-purpose models.

Egentify does not train AI models on Customer Data. We may use de-identified, aggregated metadata about Service performance (such as latency, error rates, and tool-use patterns) to improve the Service. We do not use the content of conversations, voice recordings, or End User personal information to train any model.

5. Voice AI & Call Data

When End Users call a phone number connected to the Service, the call is handled by a third-party voice infrastructure provider (currently Retell) on the Customer's behalf. By default, calls are recorded for quality assurance, transcript generation, and AI improvement, and a recording-consent disclosure is announced at the start of each call.

Voice call data we process includes: audio recordings, transcripts, caller phone number, call duration, dialed number, and call metadata. We do not generate voiceprints or other biometric identifiers from call audio. The Customer determines retention periods for call data within the dashboard, subject to our default retention described in Section 9.

Customers using Voice AI are responsible for ensuring End Users have given any consent required for recording in their jurisdiction, including under federal and state two-party-consent laws.

6. How We Share Information

We share personal information only as described below:

• With our Customer (the merchant). End User data is shared with the Customer who deployed the Service, as that Customer is the controller of the End User relationship.
• With sub-processors. We share data with the categories of sub-processors listed in Section 7 strictly to deliver the Service.
• With your connected commerce platforms. Data is exchanged with Shopify, WooCommerce, or other platforms you connect, in accordance with the integration you authorize.
• For legal compliance. We may disclose information if required by law, subpoena, court order, or to protect rights, property, or safety.
• In connection with a business transaction. If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction, subject to standard confidentiality protections.

We do not sell personal information for monetary or other valuable consideration.

7. Sub-Processors

We use the following categories of sub-processors to deliver the Service:

• Cloud hosting and database (e.g., Vercel, Supabase) — application hosting, database storage, file storage.
• AI model providers (e.g., OpenAI) — generating AI responses; data-retention opt-out applied.
• Voice infrastructure (e.g., Retell) — telephony, voice generation, call recording.
• Email delivery (e.g., Resend) — transactional and notification email.
• Payment processors (e.g., Stripe, Shopify Billing) — subscription billing and payment method storage.
• Customer support and analytics tools — diagnostic and operational support.

Each sub-processor is bound by appropriate data-protection and confidentiality obligations. A current named list is available on request to privacy@egentify.com. We will provide reasonable notice of material changes.

8. International Transfers

Egentify is based in the United States and our infrastructure is hosted in U.S. regions. If you access the Service from outside the United States, personal information will be transferred to and processed in the United States, which may have different data-protection standards than your home jurisdiction.

Where required by applicable law, we rely on Standard Contractual Clauses or other approved transfer mechanisms for cross-border transfers of personal information.

9. Data Retention

We retain personal information only as long as necessary to provide the Service and meet our legal and operational obligations:

• Account information. Retained while the account is active and for a reasonable period after closure to handle billing, audit, and legal compliance.
• Customer Data (conversations, customer records). Retained for the duration of the Customer's subscription. After termination, Customer Data is preserved for 45 days to allow export, then deleted from production systems. Backups are purged within 90 days.
• Voice call data. Default retention follows the Customer's subscription unless the Customer configures shorter retention. Recordings can be deleted on request.
• Usage and log data. Retained for up to 12 months for security, debugging, and analytics, then deleted or de-identified.
• Information required by law. May be retained for longer periods as required by tax, audit, or other legal obligations.

10. Your Privacy Rights

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate personal information.
• Delete your personal information, subject to legal exceptions.
• Receive a portable copy of your personal information.
• Object to or restrict certain processing.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with a data protection authority.

If you are an End User of one of our Customers (a Shopify or WooCommerce shopper, for example), please direct privacy requests to that Customer first; they are the controller of your data. We will support our Customers in honoring valid requests. To exercise rights against Egentify directly, email privacy@egentify.com. We may need to verify your identity before fulfilling requests.

11. California Residents

California residents have rights under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), including the right to know, delete, correct, and opt out of the sale or sharing of personal information, and the right to limit the use of sensitive personal information.

We do not sell personal information for monetary consideration. We do not share personal information for cross-context behavioral advertising. We do not knowingly process sensitive personal information beyond what is necessary to provide the Service.

The categories of personal information collected, the purposes for which we use it, and the categories of recipients are described in Sections 2, 3, and 6. We retain personal information for the periods described in Section 9.

To exercise California privacy rights, email privacy@egentify.com. You may also designate an authorized agent to make a request on your behalf. We will not discriminate against you for exercising your rights.

12. Other U.S. State Residents

Residents of states with comprehensive privacy laws — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Iowa, Florida, Tennessee, Montana, Nevada, and others — have rights similar to those described above, including the right to access, correct, delete, and obtain a copy of their personal information, and the right to opt out of targeted advertising and the sale of personal information.

To exercise these rights, contact privacy@egentify.com. We will respond within the timeframe required by the applicable law.

13. Security

We implement administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. These include encryption at rest and in transit, access controls, audit logging, and tenant isolation enforced at the database layer. More detail is available on our Security page.

No security program is perfect, however, and we cannot guarantee absolute security. If we become aware of a security incident affecting your personal information, we will notify you and the relevant authorities as required by law.

14. Cookies & Tracking

We use cookies and similar technologies on our marketing site and dashboard for the following purposes:

• Strictly necessary. Authentication, session management, and security. These cannot be disabled.
• Functional. Remembering preferences such as theme (light/dark mode) and recently viewed items.
• Analytics. Aggregated usage analytics to improve the Service. We do not use third-party advertising trackers.

Most browsers allow you to control cookies through your settings. The chat widget on Customer storefronts supports cookie-free guest sessions and respects Do Not Track signals where the Customer has enabled that mode.

15. Children's Privacy

The Service is not directed to children under 13 (or under 16 in jurisdictions where that is the applicable age). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@egentify.com and we will delete it.

16. Changes & Contact

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we will provide reasonable notice by email or in-product notification.

Questions or requests can be sent to privacy@egentify.com.