Privacy Policy

1. Introduction

Welcome to shaka.chat. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our real-time chat service for Shopify stores.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, username, password (encrypted), and profile avatar selection
• Chat Messages: Text content of messages you send through the Service
• Store Information: For merchants, your Shopify store URL and related shop data

2.2 Automatically Collected Information

• Connection Data: IP addresses, WebSocket connection information, and session data
• Usage Data: Timestamps of messages, chat room activity, and feature usage
• Device Information: Browser type, device type, and operating system

2.3 Shopify Integration Data

When you authenticate through Shopify, we may receive:

• Customer name and email (for customer users)
• Store configuration and settings (for merchants)
• OAuth tokens for authentication purposes

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide real-time chat functionality and deliver messages between users
• Authentication: To verify your identity and manage your account
• Store Isolation: To ensure messages are only visible within the correct Shopify store
• Moderation: To enable store administrators to manage chat content and user behavior
• Notifications: To send email notifications (e.g., ban/unban notices)
• Service Improvement: To analyze usage patterns and improve our features
• Security: To detect and prevent abuse, spam, and unauthorized access
• Legal Compliance: To comply with applicable laws and regulations

4. Data Storage and Security

4.1 Data Storage

Your data is stored using:

• Cloudflare Durable Objects: Chat messages, user profiles, and chat room data are stored in isolated SQLite databases per store
• Cloudflare KV: Session tokens and temporary authentication data
• Data Isolation: Each Shopify store's data is completely isolated from other stores

4.2 Security Measures

• JWT-based authentication with secure token management
• Encrypted WebSocket connections (WSS)
• Password hashing using industry-standard algorithms
• Regular security audits and updates
• Access controls and permission management

5. Data Sharing and Disclosure

5.1 With Store Administrators

Store administrators (merchants) can access and manage:

• All messages sent in their store's chat rooms
• User profiles and activity within their store
• Reported content and moderation actions

5.2 Third-Party Services

We use the following third-party services:

• Cloudflare: Infrastructure and data storage
• Mailgun: Email notification delivery
• Shopify: Authentication and store integration

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights or prevent illegal activity.

6. Data Retention

We retain your information for as long as necessary to provide the Service:

• Chat Messages: Stored indefinitely unless deleted by the user or administrator
• User Accounts: Retained while your account is active
• Deleted Content: Soft-deleted messages are marked as deleted but retained for moderation purposes
• Session Data: JWT tokens expire and are automatically removed

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct your profile information
• Deletion: Request deletion of your account and data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing of your data for certain purposes

To exercise these rights, please contact us at privacy@shaka.chat

8. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Cookies and Tracking

We use minimal tracking technologies:

• Session Tokens: JWT tokens stored in browser storage for authentication
• Local Storage: Used to maintain your session and preferences

We do not use third-party advertising or analytics cookies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending an email to registered users. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

13. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: To provide the chat service you've requested
• Legitimate Interests: To improve our service and prevent abuse
• Legal Obligations: To comply with applicable laws
• Consent: Where you have given explicit consent

14. CCPA Compliance (For California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to know if personal information is sold or disclosed
• Right to opt-out of the sale of personal information
• Right to request deletion of personal information
• Right to non-discrimination for exercising your rights

Note: We do not sell your personal information.