Privacy Policy

Last Updated: January 25, 2026

Effective Date: January 25, 2026

Introduction

Fyncall Ltd. ("Fyncall," "we," "us," or "our") operates the Fynchat platform, an AI-powered customer service and conversational commerce solution. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our services, including our Shopify application, WhatsApp integration, chat widget, and related services (collectively, the "Service").

We are committed to protecting the privacy of merchants who use our platform ("Merchants") and their customers ("End Customers"). Please read this Privacy Policy carefully. By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information from Merchants

When Merchants register for and use our Service, we collect:

Account Information:

Business name and contact information
Email address and phone number
Billing and payment information
Login credentials (encrypted)

Store Integration Data:

Shopify store URL and access credentials (encrypted)
API tokens and webhook configurations
Store settings and preferences

Usage Data:

Feature usage and interaction patterns
Support tickets and communications
Analytics and performance metrics

1.2 Information from End Customers

When End Customers interact with Merchants through our Service, we process:

Contact Information:

Name (first and last)
Email address
Phone number (including WhatsApp number)
Shipping and billing addresses

Communication Data:

Chat messages and conversation history
Support inquiries and responses
Widget session information

Transaction Data:

Order history and order status
Product preferences and browsing behavior
Shopping cart contents
Purchase history

Technical Data:

IP address (anonymized where possible)
Browser type and version
Device information
Session identifiers

1.3 Information from Third-Party Integrations

We receive information from integrated platforms:

From Shopify:

Product catalog (names, descriptions, prices, images, inventory)
Customer records (as authorized by Merchant)
Order information (order details, fulfillment status, transactions)
Store analytics and metrics

From WhatsApp/Meta:

Phone numbers and WhatsApp profile information
Message content and delivery status
Media files shared in conversations

2. How We Use Information

2.1 To Provide the Service

We use collected information to:

Enable Customer Service: Power AI-driven responses to End Customer inquiries
Process Communications: Deliver messages between Merchants and End Customers
Facilitate Commerce: Enable product discovery, cart management, and checkout via chat
Sync Store Data: Keep product, customer, and order data synchronized with Shopify
Personalize Experiences: Provide relevant product recommendations and support

2.2 To Improve and Maintain the Service

Monitor and analyze usage patterns and trends
Identify and fix technical issues
Develop new features and functionality
Train and improve AI models (using anonymized/aggregated data only)

2.3 To Communicate

Send service-related notifications
Provide customer support
Share product updates and announcements (with consent)

2.4 To Ensure Security and Compliance

Detect, prevent, and address fraud and abuse
Enforce our Terms of Service
Comply with legal obligations

For users in the European Economic Area (EEA), United Kingdom, and similar jurisdictions, we process personal data based on:

Legal Basis	Examples
Contract Performance	Processing necessary to provide the Service to Merchants
Legitimate Interests	Improving our Service, ensuring security, preventing fraud
Legal Obligation	Complying with applicable laws and regulations
Consent	Marketing communications, optional analytics

4.1 We Do NOT Sell Personal Data

We do not sell, rent, or trade personal information to third parties for their marketing purposes.

4.2 Service Providers

We share information with trusted service providers who assist in operating our Service:

Provider Type	Purpose	Data Shared
Cloud Hosting (Azure)	Infrastructure and storage	All service data (encrypted)
AI/LLM Providers	Powering AI responses	Conversation content (anonymized)
Payment Processors	Billing Merchants	Merchant payment information
Analytics Tools	Service improvement	Anonymized usage data

All service providers are contractually obligated to protect data and use it only for specified purposes.

4.3 Platform Integrations

Data is shared with platforms as necessary for integration:

Shopify: Order updates, customer data synchronization
WhatsApp/Meta: Message delivery
Twilio: SMS and messaging services

4.4 Legal Requirements

We may disclose information if required by law or if we believe disclosure is necessary to:

Comply with legal process or government requests
Protect our rights, privacy, safety, or property
Enforce our Terms of Service
Respond to emergency situations

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections.

5. Data Retention

5.1 Retention Periods

Data Type	Retention Period
Merchant Account Data	Duration of account + 2 years
End Customer Data	Duration of Merchant's account or until deletion request
Conversation History	2 years or as configured by Merchant
Transaction Records	7 years (legal/accounting requirements)
Usage Analytics	2 years (anonymized thereafter)

5.2 Deletion Upon Uninstall

When a Merchant uninstalls our Shopify app:

Within 48 hours: All store data, customer data, orders, products, and conversations are permanently deleted
Exception: Anonymized, aggregated analytics may be retained for service improvement

6. Data Security

We implement robust security measures to protect personal data:

6.1 Technical Safeguards

Encryption in Transit: All data transmitted via TLS 1.3/HTTPS
Encryption at Rest: AES-256 encryption for stored data
Database Security: Encrypted database connections, parameterized queries
Access Controls: Role-based access, multi-factor authentication for staff

6.2 Organizational Safeguards

Tenant Isolation: Strict separation of Merchant data in multi-tenant architecture
Access Logging: All access to personal data is logged and monitored
Employee Training: Regular security awareness training
Incident Response: Documented procedures for security incidents

6.3 Infrastructure Security

Cloud Security: Hosted on Microsoft Azure with enterprise-grade security
Backup Encryption: All backups are encrypted
Regular Audits: Periodic security assessments and penetration testing

7. Your Rights

7.1 For End Customers

End Customers may exercise their rights by contacting the Merchant directly or by contacting us at privacy@fyncall.com:

Right	Description
Access	Request a copy of your personal data
Rectification	Request correction of inaccurate data
Erasure	Request deletion of your personal data
Portability	Receive your data in a portable format
Restriction	Request limitation of processing
Objection	Object to processing based on legitimate interests
Withdraw Consent	Withdraw consent where processing is consent-based

7.2 For Merchants

Merchants can:

Access and export their data via the Fyncall dashboard
Update account information at any time
Delete their account and all associated data
Configure data retention settings

7.3 Response Timeline

We respond to all data subject requests within:

30 days for standard requests
48 hours for urgent deletion requests (shop/redact)

8. International Data Transfers

8.1 Data Location

Primary data processing occurs in:

Microsoft Azure West Europe (EU data)
Microsoft Azure East US (US data)

8.2 Transfer Mechanisms

For transfers outside the EEA, we rely on:

Standard Contractual Clauses (SCCs)
Data Processing Agreements with recipients
Adequacy decisions where applicable

9. Automated Decision-Making

9.1 AI-Powered Responses

Our Service uses AI to generate responses to End Customer inquiries. This AI:

Does NOT make decisions with legal or similarly significant effects
Does NOT determine eligibility for services or credit
Does provide automated customer support responses
Does offer product recommendations

9.2 Human Oversight

Merchants can enable "human takeover" for complex inquiries
End Customers can request to speak with a human agent
AI responses are logged and auditable

10. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Cookies and Tracking

Our chat widget uses limited local storage:

Storage Item	Purpose	Duration
`fynchat_session`	Maintain conversation session	Session
`fynchat_visitor_id`	Identify returning visitors	1 year

12.2 Dashboard Cookies

Our Merchant dashboard uses:

Authentication cookies (essential)
Preference cookies (functionality)
Analytics cookies (with consent)

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

Posting the updated policy on our website
Sending email notification to Merchants
Displaying in-app notifications

The "Last Updated" date at the top indicates when changes were made.

14. Contact Us

For privacy-related inquiries, data subject requests, or complaints:

Fyncall Ltd.

Email: privacy@fyncall.com
Data Protection Officer: dpo@fyncall.com

For EU residents, you have the right to lodge a complaint with your local supervisory authority.

15. California Privacy Rights (CCPA)

California residents have additional rights:

Right to Know: What personal information we collect and how it's used
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We will not discriminate for exercising privacy rights

To exercise these rights, contact us at privacy@fyncall.com.

By using our Service, you acknowledge that you have read and understood this Privacy Policy.

Introduction​

1. Information We Collect​

1.1 Information from Merchants​

1.2 Information from End Customers​

1.3 Information from Third-Party Integrations​

2. How We Use Information​

2.1 To Provide the Service​

2.2 To Improve and Maintain the Service​

2.3 To Communicate​

2.4 To Ensure Security and Compliance​

3. Legal Basis for Processing (GDPR)​

4. Data Sharing and Disclosure​

4.1 We Do NOT Sell Personal Data​

4.2 Service Providers​

4.3 Platform Integrations​

4.4 Legal Requirements​

4.5 Business Transfers​

5. Data Retention​

5.1 Retention Periods​

5.2 Deletion Upon Uninstall​

6. Data Security​

6.1 Technical Safeguards​

6.2 Organizational Safeguards​

6.3 Infrastructure Security​

7. Your Rights​

7.1 For End Customers​

7.2 For Merchants​

7.3 Response Timeline​

8. International Data Transfers​

8.1 Data Location​

8.2 Transfer Mechanisms​

9. Automated Decision-Making​

9.1 AI-Powered Responses​

9.2 Human Oversight​

10. Children's Privacy​

11. Third-Party Links​

12. Cookies and Tracking​

12.1 Widget Cookies​

12.2 Dashboard Cookies​

13. Changes to This Policy​

14. Contact Us​

15. California Privacy Rights (CCPA)​