Zipchat AI Privacy Policy

1. Introduction

Zipchat Inc. (“Zipchat,” “we,” “our,” or “us”) values and respects your privacy. This Privacy Policy describes how we collect, use, share, and safeguard your personal data when you use our websites, applications, integrations, products and services (collectively, the “Services”).

We comply with applicable privacy laws, including:

General Data Protection Regulation (EU) 2016/679 (GDPR)
UK GDPR & Data Protection Act 2018
California Consumer Privacy Act (CCPA) as amended by CPRA
Brazilian General Data Protection Law (LGPD)
Canadian Personal Information Protection and Electronic Documents Act (PIPEDA)
Australian Privacy Act 1988
Other global privacy regulations where we operate

By using our Services, you agree to the practices described in this Policy.

2. Data Privacy Framework (DPF) Compliance

Zipchat Inc. complies with the EU‑U.S. Data Privacy Framework (EU‑U.S. DPF), the UK Extension to the EU‑U.S. DPF, and the Swiss‑U.S. Data Privacy Framework (Swiss‑U.S. DPF) as set forth by the U.S. Department of Commerce. Zipchat Inc. has certified to the U.S. Department of Commerce that it adheres to the EU‑U.S. Data Privacy Framework Principles (EU‑U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU‑U.S. DPF and the UK Extension to the EU‑U.S. DPF. Zipchat Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss‑U.S. Data Privacy Framework Principles (Swiss‑U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss‑U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU‑U.S. DPF Principles and/or the Swiss‑U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

3. Information We Collect

Information you provide

Name, surname, job title and company information
Email address, phone number and contact preferences
Billing and payment details (processed by trusted third‑party providers)
Store addresses and e‑commerce platform data (Shopify, WooCommerce, Magento, etc.)

Information collected automatically

Log data (IP address, browser, operating system, device identifiers)
Usage data (clickstream, time spent, pages viewed, referral links)
Chat transcripts and interaction data (used for AI improvement and analytics)
Approximate geolocation (derived from IP address)
Advertising identifiers (cookies, pixels, UTM parameters)

Information from third parties

E‑commerce platforms connected to your account
Marketing platforms (Google, Meta, LinkedIn, TikTok, etc.)
Analytics and CRM providers
Partners and resellers

4. How We Use Your Information

We use data for the following purposes under lawful bases of contract performance, legitimate interest, consent and legal obligation:

Service provision – to deliver, operate and maintain our Services.
Account management – to onboard customers, verify identity and provide customer support.
AI training and improvement – to analyze conversations and store interactions to improve Zipchat AI performance.
Analytics and insights – to understand usage patterns, trends and performance.
Advertising and marketing – to deliver personalized content, email campaigns, retargeting and measure ad effectiveness.
Compliance and security – to detect fraud, enforce Terms of Service and comply with legal obligations.
Research and development – to develop new features and enhance user experience.

5. Cookies and Tracking

We use cookies, pixels, tags and similar technologies for:

Conversion tracking and campaign optimization
Website performance and session management
Analytics (Google Analytics, Mixpanel, Amplitude)
Advertising and retargeting (Google Ads, Meta Pixel, LinkedIn Ads, TikTok Ads)

You can manage cookie settings via your browser or through our Cookie Preferences Tool. For EU/UK users, no non‑essential cookies are deployed without consent.

6. Sharing of Information and Onward Transfer Liability

We do not sell personal data. We share limited data with trusted providers, including:

Cloud infrastructure: Amazon Web Services (AWS), Google Cloud
Analytics: Google Analytics, Mixpanel, Amplitude
Advertising: Meta, Google Ads, LinkedIn, TikTok
CRM/Marketing: HubSpot, Intercom, Customer.io
Automation: Zapier, Segment
Payments: Stripe, PayPal and other processors
Compliance & Security: Anti‑fraud and security monitoring tools

Each third‑party provider is bound by confidentiality and data processing agreements. When transferring personal data to a third party acting as our agent, Zipchat Inc. remains responsible under the DPF Principles if that agent processes such personal data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

7. International Data Transfers

As a U.S.-based company, data may be transferred internationally.

For EU/EEA/UK customers, transfers are based on Standard Contractual Clauses (SCCs) and UK Addendum where applicable.
For Swiss customers, transfers follow the Swiss Federal Act on Data Protection (FADP).
For other jurisdictions, we apply equivalent safeguards.

8. Data Retention

We keep data only as long as necessary for the purposes outlined in this Policy:

Account and billing data: retained for 7 years (legal obligation).
Chat logs and AI training data: anonymized or deleted within a defined period unless longer retention is required for security, legal or operational needs.
Marketing data: retained until you opt out or withdraw consent.

9. Data Security

We implement industry‑leading security measures:

Encryption (in transit and at rest)
Role‑based access control
Multi‑factor authentication for internal systems
Regular audits, monitoring and penetration testing

While no system is 100% secure, we continuously improve safeguards.

10. Your Privacy Rights and Choices

Depending on your jurisdiction, you may have the following rights:

Right of access – to obtain a copy of your personal data and information about how we process it.
Right to correction or deletion – to have inaccurate information corrected or deleted when permitted by law.
Right to restriction – to limit processing under certain circumstances.
Right to portability – to request a copy of your personal data in a structured, machine‑readable format.
Right to object or withdraw consent – to object to processing based on legitimate interests or withdraw consent at any time where consent is the legal basis.

Rights under the Data Privacy Framework:

Individuals have the right to access their personal data and to correct, amend or delete information where it is inaccurate or processed in violation of the DPF Principles.
Individuals also have the right to opt out of:
- The disclosure of their personal data to third parties, or
- The use of their data for purposes materially different from those for which it was originally collected or subsequently authorized.

Under the CCPA/CPRA (California), LGPD (Brazil) and PIPEDA (Canada) you may have additional rights such as the right to know what data we collect and share, the right to non‑discrimination for exercising privacy rights and the right to challenge compliance. To exercise any of these rights, please contact us at support@zipchat.ai.

11. Complaints and Inquiries

In compliance with the EU‑U.S. DPF, the UK Extension to the EU‑U.S. DPF and the Swiss‑U.S. DPF, Zipchat Inc. commits to resolve DPF Principles‑related complaints about our collection and use of your personal information. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on these frameworks should first contact us at:

Email: support@zipchat.ai

12. Independent Recourse Mechanism

In compliance with the EU‑U.S. DPF, the UK Extension to the EU‑U.S. DPF and the Swiss‑U.S. DPF, Zipchat Inc. commits to cooperate and comply with the advice of the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the DPF. This recourse is provided free of charge to the individual.

13. Investigatory and Enforcement Powers

Zipchat Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

14. Binding Arbitration

Under certain conditions, and after exhausting other available remedies, individuals may invoke binding arbitration for complaints regarding DPF compliance that are not resolved by other DPF mechanisms. Zipchat Inc. is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that the individual has invoked binding arbitration by delivering notice to Zipchat Inc. and following the procedures and conditions described in Annex I. For more information, please visit:

15. Legal Compliance and Disclosure to Authorities

We may disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also may disclose data when required by law, regulation, court order or to enforce our Terms of Service.

16. Children’s Privacy

Our Services are not intended for individuals under 16. We do not knowingly collect personal data from minors. If we discover such data, we will delete it immediately.

17. Third‑Party Links

Our Services may contain links to external websites. We are not responsible for the privacy practices of third parties.

18. Automated Decision‑Making & Profiling

We may use automated tools, including AI algorithms, to personalize recommendations, trigger marketing campaigns and assess engagement. Significant decisions impacting individuals are subject to human oversight where required by law.

19. Do Not Track & Opt‑Out Mechanisms

We honor Do Not Track (DNT) signals where legally required. You can opt out of targeted advertising via the Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA) opt‑out pages.

20. Changes to This Policy

We may update this Policy periodically. Major updates will be communicated via email or in‑app notifications.

21. Contact Us

Zipchat Inc.

407 East Ayre Street

Wilmington, DE 19804, USA

Email: support@zipchat.ai

‍