This Privacy Policy explains how [COMPANY LEGAL NAME] (“we”, “us”) collects, uses, and protects information when you use the WooAI Assistant website and the WooAI Assistant plugin (“Service”). WooAI Assistant is self-hosted: the plugin runs on your own WordPress server and we do not operate a multi-tenant cloud that stores your store data.
1. Who we are
Data controller: [COMPANY LEGAL NAME, ADDRESS]. Contact: [PRIVACY CONTACT EMAIL].
2. Information we collect
- Marketing site: contact details you submit (name, email, message), and standard server/analytics logs.
- Plugin (self-hosted): the plugin processes shopper messages and catalog data on your server to answer questions. This data stays on your infrastructure. Where you configure a third-party AI provider, message content is sent to that provider under their terms.
- Booking: if you book a call, scheduling data is processed by our scheduling provider [SCHEDULING PROVIDER].
3. How we use information
- To provide, secure, and improve the Service;
- To respond to enquiries and provide onboarding/support;
- To meet legal and accounting obligations.
4. Legal bases (GDPR)
We rely on: performance of a contract, your consent (where applicable), and our legitimate interests in operating and improving the Service. For shopper data processed by the self-hosted plugin, you (the store operator) are the controller and we are not a processor of that data unless separately agreed in a Data Processing Agreement.
5. Sharing and sub-processors
We do not sell personal data. We share data only with service providers necessary to run the marketing site and booking (hosting, scheduling, email). Your configured AI provider is selected and controlled by you.
6. Retention
We keep enquiry and booking data for [RETENTION PERIOD] unless a longer period is required by law.
7. Your rights
Subject to applicable law (incl. GDPR / Israeli Privacy Protection Law), you may request access, correction, deletion, restriction, portability, or object to processing. Contact [PRIVACY CONTACT EMAIL]. You may also lodge a complaint with your supervisory authority.
8. International transfers
Where data is transferred outside the EEA/your jurisdiction (e.g., a US-based AI or scheduling provider you select), appropriate safeguards such as Standard Contractual Clauses apply.
9. Changes
We may update this policy; the “last updated” date reflects the latest revision.
This template is provided for convenience and is not legal advice. [COMPANY] should have it reviewed by qualified counsel before launch.