Politique de Confidentialite

1. Data Controller

The data controller for personal data is TokoChat, reachable at the email address [email protected].

2. Data Collected

We collect the following categories of personal data:

2.1 Data provided by the user

• Registration data: name, email address, company name, password (stored in encrypted form)
• Payment data: processed directly by Stripe Inc. — TokoChat does not store credit card data
• WooCommerce credentials: Consumer Key and Consumer Secret of your store, used exclusively for product catalog synchronization
• Custom content: FAQs, AI instructions, imported web pages, and documents uploaded by the user

2.2 Automatically collected data

• Chatbot conversations: messages exchanged between your store visitors and the AI chatbot, including recommended and clicked products
• Usage data: number of messages, conversations, product clicks, and aggregate metrics for analytics
• Technical data: IP address, browser type, and browser language of visitors who interact with the widget

3. Purposes of Processing

Personal data is processed for the following purposes:

• Service delivery: operation of the AI chatbot, product synchronization, store and conversation management
• Account management: registration, authentication, subscription management, and billing
• Analytics: providing aggregate statistics on chatbot usage (recommended products, frequently asked questions, click-through rate)
• Service communications: emails related to account verification, password reset, service or subscription changes
• Service improvement: aggregate and anonymized analysis to improve the quality of responses and features

4. Legal Basis for Processing

The processing of personal data is based on:

• Performance of a contract (Art. 6.1.b GDPR): for the delivery of the service requested by the user
• Consent (Art. 6.1.a GDPR): for the use of non-essential cookies and marketing communications, where applicable
• Legitimate interest (Art. 6.1.f GDPR): for platform security, abuse prevention, and service improvement
• Legal obligation (Art. 6.1.c GDPR): for compliance with tax and regulatory obligations

5. Data Isolation and Security

TokoChat adopts a complete isolation architecture: each store's data is completely separated from others. Conversations, products, and configurations of each store are accessible exclusively to the store owner.

Passwords are stored in encrypted form. Communications between the widget, visitors' browsers, and our servers occur through encrypted connections (HTTPS/TLS).

6. Data Sharing with Third Parties

Personal data may be shared with the following categories of third parties, exclusively for the purposes indicated:

• Stripe Inc. — for payment processing and subscription management
• AI model providers (Anthropic, OpenAI, DeepSeek, Mistral) — conversation messages are sent to AI providers to generate responses. These providers act as data processors and do not use the data for their own purposes
• Meta Platforms — only if the user activates the WhatsApp Business integration, for message delivery via WhatsApp Cloud APIs

TokoChat does not sell, rent, or transfer personal data to third parties for marketing purposes.

7. Data Transfers

Data is hosted on European infrastructure. Some sub-processors (AI providers, Stripe) may process data outside the European Economic Area, in compliance with GDPR safeguards (standard contractual clauses, adequacy decisions).

8. Data Retention

• Account data: retained for the duration of the account and deleted within 30 days of a deletion request
• Chatbot conversations: retained for the duration of the store's active subscription
• Billing data: retained for 10 years as required by tax regulations
• Technical logs: retained for a maximum of 90 days

9. Data Subject Rights

In accordance with Regulation (EU) 2016/679 (GDPR), you have the right to:

• Access: obtain confirmation of the existence of data concerning you and access its content
• Rectification: request the correction of inaccurate or incomplete data
• Erasure: request the deletion of your personal data (right to be forgotten)
• Restriction: request restriction of processing under certain circumstances
• Portability: receive your data in a structured, machine-readable format
• Objection: object to the processing of your data on legitimate grounds

To exercise your rights, you can contact us at [email protected].

You can also independently delete your account and all associated data from the Settings → Delete account section of the dashboard. Deletion is immediate and irreversible.

10. Cookies

The tokochat.app website uses technical cookies necessary for the platform to function and analytical cookies to understand how the service is used. The chatbot widget uses the browser's sessionStorage to maintain conversation state during the browsing session — no profiling cookies are installed through the widget.

On first visit to the site, a banner is displayed allowing you to accept or reject non-essential cookies, in compliance with European regulations.

11. Store Visitor Data

When a visitor interacts with the TokoChat widget installed on a WooCommerce store, responsibility for processing visitor data is shared:

• The store owner is the data controller for data collected through the chatbot on their site
• TokoChat acts as the data processor, processing data on behalf of the store owner

We recommend that store owners update their privacy policy to include a reference to the use of TokoChat as an AI support tool.

12. Changes to This Policy

We reserve the right to update this privacy policy at any time. In the event of material changes, we will notify you via email or through a notice on the platform. The date of the last update is indicated at the top of this page.

13. Contact

For any questions regarding this privacy policy or the processing of your personal data, you can contact us at [email protected].