Privacy Policy — Gehalfe

1. Who We Are

Gehalfe provides an AI-powered chatbot platform for e-commerce stores built on WooCommerce and Shopify. We are the data processor — the store owners who install our widget are the data controllersresponsible for their customers' personal data under applicable laws including GDPR.

Contact: privacy@gehalfe.com

2. Data We Collect

2a. Dashboard Users (Store Owners)

Name, email address, phone number (at signup)
WooCommerce/Shopify API credentials (AES-256 encrypted)
Payment proof images (for manual billing)
Usage data: number of conversations, store activity

2b. End-Customer Widget Data

Chat messages (text only, stored per session)
Session ID (random, stored in browser sessionStorage — deleted on tab close)
IP address (for rate limiting only, not stored long-term)
Email and phone (only if provided via WooCommerce cart webhook for cart recovery)

3. How We Use Data

Purpose	Legal Basis (GDPR)
Providing chatbot AI responses	Legitimate interest / Contract performance
Product sync from your store	Contract performance
Cart recovery emails/WhatsApp	Legitimate interest (must be disclosed by store owner to customers)
Analytics (conversation counts)	Legitimate interest
Authentication & security	Contract performance
Billing & invoicing	Legal obligation

4. Third-Party Services

Anthropic Claude

AI chat responses — messages are processed by Anthropic's API

OpenAI

Product text embeddings — product names/descriptions only

Pinecone

Vector database for product search — no personal data stored

Meta (WhatsApp/Instagram)

Optional cart recovery messages — only when store owner enables it

Cloudflare

Network security, DDoS protection

5. Data Retention

Chat messages: 90 days, then automatically deleted

Cart recovery data (email/phone): 30 days after abandonment event

Account data: Retained while account is active + 30 days after deletion request

API credentials: Deleted immediately on store deletion

Analytics (aggregated counts): 12 months

6. Your Rights (GDPR / CCPA)

Right to Access

Request a copy of your personal data

Right to Erasure

Request deletion of your data ('right to be forgotten')

Right to Rectification

Correct inaccurate personal data

Right to Portability

Receive your data in a machine-readable format

Right to Object

Object to processing based on legitimate interests

Right to Restrict

Limit how we process your data

To exercise any of these rights, email us at privacy@gehalfe.com. We will respond within 30 days.

7. Cookies & Storage

Our chatbot widget uses sessionStorage (not cookies) to maintain the conversation session. This data is automatically cleared when the browser tab is closed and is never sent to our servers independently. Our dashboard uses a session cookie for authentication which expires in 24 hours.

For store owners: If your customers are in the EU/UK, you are responsible for disclosing the use of our AI chatbot in your privacy policy and cookie consent banner, as chat messages are processed by our servers.

8. Data Security

All data transmitted over TLS 1.2+ encryption
API credentials encrypted at rest using AES-256 (Fernet)
Database access restricted to backend services only
No plaintext storage of sensitive credentials
Rate limiting on all public endpoints

9. Store Owners' Obligations

As a store owner using Gehalfe, you are the data controller for your customers. You must:

Disclose use of AI chatbot in your website's privacy policy
Inform EU customers that chat messages are processed by Anthropic's Claude AI
Obtain appropriate consent before using cart recovery (email/WhatsApp)
Maintain your own privacy policy covering your data collection practices

10. Changes to This Policy

We may update this policy occasionally. We will notify registered users via email of material changes. Continued use of Gehalfe after changes constitutes acceptance.

11. Contact & Complaints

Email: privacy@gehalfe.com
If you are in the EU and unsatisfied with our response, you may lodge a complaint with your local Data Protection Authority.