Privacy Policy

Last updated: May 2026

INGRID (“we”, “our”, “us”), operated by INGRID SRL, is committed to protecting your privacy. This policy explains how we collect, use, store, and safeguard your information when you use our AI-powered customer support platform at chatingrid.com and the INGRID chat widget embedded on merchant websites.

1. What Data We Collect

Account Data: When you create a merchant account, we collect your name, email address, business name, website URL, and Shopify store domain (if applicable).

Conversation Logs: We store messages exchanged between end customers and the INGRID AI assistant, including timestamps, customer identifiers (email or anonymous ID), and escalation status.

Usage Analytics: We collect aggregated usage data including conversation counts, escalation counts, and AI token usage for billing and service improvement.

Shopify Store Data: If you connect your Shopify store, we access order information, product catalog data, and customer details as authorized by the scopes you grant during installation. This data is used exclusively to provide AI-powered customer support features.

Payment Data:Payment information is processed directly by Stripe. We store only your Stripe customer ID and subscription status — never your card details.

Customer Profiles: When memory features are enabled, we store returning customer preferences and key facts to personalize support interactions.

2. How We Use Your Information

We use your information to:

  • Provide and operate the INGRID customer support service
  • Process AI-powered responses to customer inquiries
  • Track order status and product information via Shopify
  • Manage your account and subscription billing
  • Send escalation alerts to merchants via WhatsApp
  • Improve our AI models and service quality
  • Comply with legal obligations

3. Legal Basis for Processing

We process your data based on:

  • Contract performance: Processing necessary to provide the INGRID service you subscribed to.
  • Legitimate interest: Analytics and service improvement, fraud prevention, and security monitoring.
  • Consent: Where required, such as for optional features like cross-session memory and cookie usage.
  • Legal obligation: Compliance with applicable laws, including GDPR and Shopify App Store requirements.

4. Data Retention

  • Conversation data: Retained for 12 months from creation, then automatically deleted.
  • Account data: Retained while your account is active. Deleted within 30 days of account closure.
  • AI cache data: Retained for up to 90 days to optimize response times.
  • Analytics data: Retained for 24 months in aggregated form.

5. Third-Party Processors

We use the following third-party services to operate INGRID. Each processes data in accordance with their own privacy policies:

  • Supabase— Database hosting and authentication (EU/US)
  • Vercel— Application hosting and serverless functions (global CDN)
  • Stripe— Payment processing (PCI DSS compliant)
  • Twilio— WhatsApp escalation messaging
  • xAI (Grok)— AI language model for generating customer support responses

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights:

  • Right of access: Request a copy of all personal data we hold about you.
  • Right to rectification: Request correction of inaccurate personal data.
  • Right to erasure: Request deletion of your personal data. Merchants can delete all customer data from the Settings page in the dashboard.
  • Right to portability: Request your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interest.
  • Right to restrict processing: Request limitation of processing in certain circumstances.

7. How to Exercise Your Rights

To exercise any of these rights, contact us at support@chatingrid.com. We will respond within 30 days of receiving your request. You may also lodge a complaint with your local data protection authority.

8. Cookies

We use the following cookies:

  • Authentication cookies: Essential cookies for maintaining your login session on the INGRID dashboard. These are strictly necessary.
  • Widget identifier cookie (ingrid_uid): A unique anonymous identifier stored for 90 days to enable returning customer recognition in the chat widget. This cookie is set on the merchant's domain.
  • Admin session cookie: HttpOnly secure cookie for admin panel authentication, expires after 8 hours.

9. Data Security

We implement industry-standard security measures including encryption in transit (TLS), encrypted storage, secure webhook verification (HMAC), rate limiting, and input sanitization. Access to production data is restricted to authorized personnel only.

10. Contact

For privacy inquiries, data requests, or complaints:

Email: support@chatingrid.com

INGRID SRL
Romania

← Back to home