We believe privacy is a right, not an afterthought. This policy explains exactly what data we collect, why we need it, and how we protect it.
ChatPadi ("we", "us", or "our") is a global conversational commerce platform that enables sellers to create AI-powered storefronts accessible via a shareable link. Customers browse products and interact with Ama, our AI sales agent, to place orders and make payments.
When you use ChatPadi, whether as a seller managing a store or a customer shopping through a store link, we act as the data controller for the information you provide to us directly. For customer data collected through a seller's storefront, the seller is also a data controller for their own business purposes.
When you register as a seller, we collect:
When a customer interacts with a seller's storefront, we may collect:
We automatically collect limited technical data when you use our service:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide and operate the platform | Account info, store config, order & payment data | Contract performance |
| Run the AI sales agent (Ama) | Chat messages, product catalog, cart state | Contract performance |
| Process and track orders | Customer name, address, order items, payment proof | Contract performance |
| Send transactional notifications | Seller & customer email addresses, order details | Contract performance |
| Verify payment submissions | Payment screenshots, order references | Contract performance |
| Detect abuse and maintain security | IP addresses, error logs, usage patterns | Legitimate interest |
| Improve our service | Aggregate, anonymised usage statistics | Legitimate interest |
| Comply with legal obligations | Transactional records as required by law | Legal obligation |
We do not sell your personal data. We do not use your data for advertising. We do not train AI models on your personal data or your customers' conversation history.
Running ChatPadi requires integrating with carefully selected third-party providers. Each integration is limited to the minimum data necessary.
Customer chat messages and store product data are sent to Anthropic to power the Ama AI agent. Anthropic processes these messages to generate responses. We use Anthropic's API under their data processing agreement. Chat content is not used to train Anthropic's models under our agreement. See Anthropic's Privacy Policy.
Sellers may optionally enable online payment gateways. When enabled, ChatPadi redirects customers to the relevant gateway's hosted checkout. We do not process or store card numbers or bank account credentials.
If a seller connects their WhatsApp Business number, incoming and outgoing WhatsApp messages pass through the Meta Cloud API. Meta processes these messages under their own terms. See WhatsApp's Privacy Policy. Sellers are responsible for informing their WhatsApp customers that an AI agent is handling responses.
Transactional emails (order confirmations, payment notifications) are sent via Resend or Gmail depending on configuration. These providers process sender and recipient email addresses. See Resend's Privacy Policy.
Product images and payment proof screenshots are stored in cloud object storage (Replit Object Storage). Access to private objects (payment screenshots) is restricted to authenticated sellers who own the relevant store.
During store setup, we make a single request to ipapi.co to automatically detect the seller's country for currency pre-selection. No data is retained from this request.
We share personal data only in the following circumstances:
We do not sell, rent, or trade personal data to third parties for marketing or any other commercial purpose.
Data is stored on servers hosted in the United States via Replit's infrastructure. We retain data for as long as necessary to provide the service and meet legal obligations:
| Data Type | Retention Period |
|---|---|
| Seller account and store data | For the lifetime of the account, plus 90 days after deletion request |
| Order and payment records | 7 years (standard accounting/legal requirement) |
| Customer conversation history | 2 years from last interaction, or until the seller's store is deleted |
| Payment proof screenshots | 1 year after the order is fulfilled or cancelled |
| Server logs and diagnostic data | 30 days rolling |
When you delete your account, we initiate deletion of your personal data within 30 days, subject to the retention requirements above for financial records.
We take security seriously and implement the following measures:
No system is 100% secure. If you discover a security vulnerability, please report it responsibly to security@chatpadi.com. We will acknowledge your report within 48 hours.
Depending on your location, you may have the following rights regarding your personal data:
If you are a customer who shopped through a seller's store and wish to access or delete your data, please contact the seller directly. They control the customer relationship. You may also contact us at the address below and we will help facilitate your request.
If you are in the European Union or United Kingdom, you have the rights listed above under the GDPR / UK GDPR. You also have the right to lodge a complaint with your local supervisory authority.
California residents have the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.
To exercise any of these rights, contact us at privacy@chatpadi.com. We will respond within 30 days.
ChatPadi is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us at privacy@chatpadi.com and we will delete it promptly.
ChatPadi is operated from infrastructure hosted in the United States. If you are accessing the service from the European Union, United Kingdom, or other regions with data protection laws that differ from US law, please be aware that your data may be transferred to, stored, and processed in the United States.
Where required by applicable law, we implement appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) with our data processors.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Your continued use of ChatPadi after the effective date of a revised policy constitutes your acceptance of the changes. If you do not agree with any changes, you may close your account before the effective date.
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please reach out:
We aim to respond to all privacy-related requests within 30 days.