Last Updated: 05-08-2024
Cognify Insights LLC (doing business as Skite.ai) provides an AI-powered voice assistant service for e-commerce stores, such as Shopify merchants, that answers customer phone calls using artificial intelligence. We value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard your information, and outlines your privacy rights. It applies to all users of our services worldwide, including customers who call our voice assistant and merchants who use the Skite.ai service. By using Skite.ai’s services (the “Services”), you agree to the practices described in this Privacy Policy.
Your privacy is important to us. This Privacy Policy describes what personal information we collect in the course of providing our voice assistant Services, how we use and disclose that information, and the choices and rights you have regarding your data. We aim to comply with all applicable privacy laws, including the EU/EEA General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other relevant U.S. state and international privacy laws. We do not use your data for advertising purposes, and we do not share your personal information with any unrelated third parties for their own marketing. If you do not agree with this Policy, please refrain from using our Services. If you have any questions, you can contact us at support@skite.ai.
Public Privacy Policy: This Privacy Policy is publicly available and explains how Skite AI (the "App") collects, uses, and discloses personal information when you (the Shopify merchant/store owner) install or use the App. We provide this policy in compliance with Shopify’s requirements for public apps[1] and applicable privacy laws.
This Privacy Policy is intended for Shopify merchants who use the Skite AI App. In this document, "you" and "your" refer to the merchant (Shopify store owner), and "we", "us", or "our" refer to the providers of the Skite AI App. We act as a service provider (or "processor") for your store, especially when handling your customers' data on your behalf.
Please read this policy carefully to understand what information we collect, how we use it, how we keep it safe, and your choices regarding your data. By installing or using the Skite AI App, you agree to the data practices described in this Privacy Policy.
We only collect the minimum information necessary to provide our services. In line with Shopify’s guidelines[12], below is a clear outline of the types of data the Skite AI App accesses or collects and their sources:
When you install Skite, we use Shopify’s APIs (including admin and storefront API endpoints) to access certain information in your store. This may include:
Your store name, store URL, and contact details (e.g. store owner name, email) as provided via Shopify. This is used to identify your account and communicate with you if needed.
We may retrieve product details and inventory status. For example, to know when a product is back in stock, the App might query your product catalog or inventory levels.
If the App’s functionality involves reaching out to your customers (e.g. to place a call for a back-in-stock reminder), we will access necessary customer data from your store via Shopify’s APIs. This typically includes customer identifiers and protected customer data like name and phone number (and possibly email if needed)[3]. We only access these fields after you grant the required permissions during app installation, and only for the customers relevant to the App’s features.
In general, you (the merchant) do not need to manually provide us with much information outside of Shopify. We use the data obtained through the Shopify integration. However, if you contact us for support or provide feedback, we may collect whatever information you choose to give us (such as your name, email, or details of an issue) to assist you.
The core functionality of Skite AI involves facilitating communications (like phone calls) between you and your customers under certain conditions (for example, to remind a customer that a product is back in stock). As such, the App may collect or generate some data about your customers:
If the App places an outbound call to a customer on your behalf (such as a back-in-stock notification call), the call may be recorded or transcribed (with your consent and in compliance with laws). This means we might collect the audio recording of the call and/or a text transcription of the conversation.
The App will generate summaries or analyses of the call (for example, an AI-generated summary of what was discussed, or any customer requests noted during the call). We also log call metadata like the customer’s phone number (to place the call), call duration, and time of call. These records and summaries are relayed back to you via your merchant dashboard for your review and action. In other words, the information gathered from customer interactions is used to inform you – the merchant – so you can follow up or take appropriate action. The App does not use this information for any purpose other than providing you with this service, and we do not contact your customers directly without your authorization.
Like most apps, we may automatically collect some technical data about how you use the App for the purpose of analytics and improving the service. This can include logs of actions you take in the App’s dashboard (e.g. authorizing a suggested call, viewing a summary) and general device or browser information when you access the App interface through Shopify. This data is typically about the merchant’s interactions (not the customers) and does not include sensitive personal information, but we mention it for transparency.
We do not collect any data from your customers’ browsing activities on your storefront (the App does not insert tracking cookies or code on your storefront). We only handle your customers’ data that you have in Shopify and that is necessary for the App’s voice-call features, as described above.
We use the collected information solely to provide and improve the services of the Skite AI App. Specifically, we use data in the following ways:
All data we access from Shopify and your customers is used to perform the features you expect from Skite. For example
Customer contact information (name, phone) and relevant product info are used to place an outbound call to the customer only when you have authorized such a call via the dashboard. The App may suggest an outbound call (such as “Customer X should be notified about product Y being back in stock”), but it will only proceed with that call after you, the merchant, confirm or schedule it. We designed it this way to ensure you have control over contacting your customers. Skite will never autonomously contact your customers without your consent.
During the call, the App may use an AI system to converse with the customer or deliver the message. The content of that call (recording/transcript) is used to create a summary and identify any actionable insights (e.g., the customer wants to place an order, or the call went to voicemail, etc.).
The call summary, transcript, and any recommendations (like “Customer requested a follow-up email”) are provided to you through the App interface. This is essentially relaying the customer’s data and requests back to you, in a convenient, analyzed format, so that you can take further action as needed. This is a core purpose of processing the data.
We may use your contact information (email or phone number, if provided) to send you service-related notifications. For example, we might notify you of a completed call or send alerts/notifications within the App (or via email) about calls that need your approval or summaries that are ready. We may also send you updates about the App, including new features or important privacy/security updates. We will not send you marketing emails unrelated to the App without your consent.
Internally, we might review the call transcripts or logs (which might include personal data) to improve our AI models or fix issues – but only in an aggregated or anonymized way whenever possible. For instance, we might analyze generic usage patterns (e.g., what percentage of calls result in successful contacts) to improve performance or reliability. If we ever need to review a specific call record for debugging or support purposes, we will do so with extreme care and only as necessary. We do not use your customers’ data for any independent analytics or profiling outside of providing the service to you.
Information (like logs of API calls or unusual usage patterns) may be used to monitor for abuse of the App, to secure accounts, and to prevent any unauthorized access or fraudulent activity. This is to protect both you and us, and to comply with Shopify’s terms and legal requirements.
If we are ever required by law or legal process to use or disclose certain data (for example, responding to a lawful subpoena for call records), we will only do so in accordance with applicable laws. Wherever possible and legally permissible, we would inform you of such requests.
We want to emphasize that we do not sell or rent personal data, and we do not use the information we collect for any purpose outside the scope of the Skite AI App’s functionality. We do not use your customers’ data for our own marketing or advertise to your customers. All data usage is confined to serving you and improving your experience with the App.
We understand the sensitivity of your data and your customers’ data. We do not share personal information with third parties for their own marketing or independent use. However, like many apps, we rely on a few trusted service providers (third parties) to operate effectively. Any third-party processing of data is only done to support the App’s functionality and under strict data protection agreements. The categories of third parties we use are:
We may use AI models and services such as OpenAI’s (or a similar provider's) API services as a processor to transcribe and analyze call content. For example, after a call is made, the audio recording may be sent securely to such an AI service provider (like OpenAI) to transcribe the conversation and generate a summary or insights. This helps provide you with an accurate call summary and any detected customer requests or sentiment. Importantly, the data sent to such a provider is used only to return the results to us (and ultimately to you) – These service providers do not use API data to train their public models or for any purpose beyond providing the service[4]. According to OpenAI’s policies, API inputs and outputs may be retained temporarily (up to 30 days) on their systems to monitor abuse, after which they are deleted. We do not allow the AI providers to use the data beyond these limited purposes, and we have a data processing agreement in place with them. In all cases, we transmit data to the AI service over encrypted connections to protect it in transit.
To actually place phone calls to your customers, we integrate with a third-party telephony/voice calling service (e.g., Twilio or a similar provider). This service will receive the customer’s phone number and the call content (voice data) in order to connect the call. The provider acts as a conduit for the call, much like a phone carrier. We ensure any such provider is reputable and compliant with privacy requirements. They may keep basic logs of the call (as phone companies typically do, for billing or legal compliance), but they are not permitted to use the content of the calls for any purpose other than connecting the call. If recordings are stored with the telephony provider (for example, if the call recording is generated through their system), those recordings are protected and only accessible to us (and ultimately to you via the App). We treat these with the same care as data on our own systems.
The Skite AI App and its backend may be hosted on third-party cloud infrastructure (such as Amazon Web Services or other cloud providers). Any personal data (customer info, call transcripts, etc.) stored in our database resides on those secure servers. We rely on these third-party data centers to store data safely. All such providers are vetted for strong security practices and compliance with relevant standards. They do not have access to the data in any readable form – we use authentication, access controls, and encryption to ensure that only authorized processes and personnel can access the data.
We may use third-party tools to collect error logs or usage analytics for the App (for example, a service that alerts us if the app crashes or if a call fails). These logs might incidentally include some identifiers (like a store ID or error details), but we do not intentionally send any customer personal data to generic analytics platforms. Any such service is used purely for improving the App’s stability and will be configured to minimize data collection.
Aside from the above service providers, the only other circumstances in which we might disclose data are:
It might sound obvious, but we want to state that information about your customers that the App processes will be visible to you. For example, call summaries and transcripts involving your customers are displayed in your Skite dashboard. This isn’t “sharing” in the traditional sense (it’s your data, being given back to you), but we mention it to be clear that you will have full access to the processed information.
If required by law to disclose data (for instance, a court order), or if disclosure is necessary to enforce our rights or agreements or to protect against fraud or security issues, we may share information with the relevant authorities or parties. We will always evaluate such requests carefully and object to overly broad requests. Our policy is to notify you of any legal demands for your data, unless we are legally prohibited from doing so.
No Other Sharing
We do not share or transfer personal data to any other third parties. We do not sell customer information to data brokers or advertising companies. All third parties that process data on our behalf (like the ones listed above) are contractually obligated to keep it confidential and to use it only for the specific services they provide to us.
We retain collected data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Below are our retention practices for different types of data:
We keep basic information about your store (store ID, configuration settings you’ve made in the App, etc.) for as long as you have the Skite AI App installed on your store. This data is needed for the App to function each time you use it. If you uninstall the App, we will delete or anonymize this data in a timely manner. In compliance with Shopify’s requirements, when you uninstall, we receive a webhook notice and will remove personal data we have from your store within <30 days of uninstall (usually much sooner)[5].
Call recordings, transcripts, summaries, and any customer information we have processed on your behalf are stored so that you can access them in the App. By default, we retain these records to provide you ongoing access (for example, to review past calls or histories). However, you have control over this data:
You can delete specific call records or transcripts from within the App interface (if such a feature is provided), or you can request us to delete them at any time. We will promptly comply with such deletion requests.
Even if you do not manually delete records, we will not retain customer call data indefinitely. We implement a retention policy such as automatically deleting or archiving call recordings and personal data after 12 months unless you request otherwise. This limitation ensures we are not keeping data longer than necessary.
If a customer of yours requests deletion of their data (for example, under GDPR or other privacy laws) and we receive a request through Shopify’s data deletion webhook or via you, we will find and erase any call recordings, contact info, or other personal data of that customer from our systems. We log such deletions to maintain compliance records.
Any data sent to our AI providers (OpenAI or otherwise) is transient from our perspective – we send the prompt (e.g., the call transcript) and receive back a summary. We store the summary in our database for your reference. The original transcript may be stored with the call record. The AI provideer itself does not retain the data beyond 30 days (as noted above), and we do not continually resend or share data with them beyond the initial processing. Internally, if we keep transcripts, they follow the same retention rules just mentioned for call records.
Our system logs and database backups may incidentally contain some personal data (e.g. an ID or phone number in an error log, or call data in a backed-up database snapshot). These are typically rotated and purged on a regular schedule. Backup files are encrypted and only kept for disaster recovery purposes for a limited time. When they expire, they are deleted securely.
When data is deleted from our active systems, we ensure it’s removed or anonymized in all locations (production database, analytics data stores, etc.). Please note there might be a short period where data remains in encrypted backups, but those too are subject to deletion on a rolling basis. We will not restore or use deleted data except if required for security/legal reasons (e.g., to investigate fraud before fully purging).
Compliance with Deletion Requests We have implemented Shopify’s mandatory webhooks for data erasure requests. This means if you or a customer initiate a data deletion request via Shopify (for example, a GDPR "Right to Erasure" request or if you uninstall the App), we will automatically receive that request and wipe the relevant personal data from our records[6]. You can also contact us directly at any time about deleting data, and we will assist.
We take the security of your data very seriously. Here are key measures we employ to protect personal information processed by the Skite AI App:
All network communication between the App and Shopify’s API, as well as between our App and third-party services (like OpenAI or the telephony provider), is encrypted using HTTPS/TLS. This means that when we transmit customer information (such as phone numbers or call audio for transcription), it’s protected in transit. Additionally, sensitive data at rest in our databases (including call transcripts and recordings) is encrypted where feasible. For example, call recordings and transcripts may be stored in encrypted form on our servers or cloud storage.
Access to personal data is restricted strictly to those personnel and systems that need it to perform their job. We follow the principle of least privilege – only authorized personell will access data, and even then, only when necessary to resolve an issue or fulfill our obligations to you. Access to production databases, call recordings, or any sensitive data is protected by authentication, and we monitor and log such access.
You, as a merchant, access the App through your Shopify admin with OAuth authentication, which means we rely on Shopify’s secure login process. We do not separately store your password or login – that is handled by Shopify. The tokens we receive to access your store data are encrypeted and kept secure, and rotated as needed.
Our servers and cloud infrastructure are configured with firewalls and regular security updates. We utilize reputable cloud services that maintain high security standards (e.g., compliance certifications like SOC 2, ISO 27001). Data centers hosting our services have robust physical and network security.
We routinely test our App for common vulnerabilities and ensure best practices (such as protection against SQL injections, secure coding standards, etc.). We also monitor our systems for any suspicious activities. If we detect any potential data breach or security incident, we have an incident response plan to contain and fix the issue and to notify affected parties as required by law.
Any employees or contractors who work on Skite are bound by confidentiality agreements. They are trained on data privacy and security practices. We ensure that anyone with access to data understands the sensitive nature of customer information and handles it accordingly.
Despite all these measures, it's important to note that no method of transmission over the internet or electronic storage is 100% secure. However, we strive to use industry best practices to protect your data. If you have particular concerns about data security, feel free to reach out to us (contact information below) for more details.
As a Shopify merchant using our App, you have certain rights and controls over your data (and your customers’ data that we handle on your behalf):
You can access the information and records the App has collected by viewing your dashboard. Call summaries, transcripts, and related data are available to you. If you require a copy of the data in a portable format, you can contact us and we will assist in exporting your data (to the extent required and allowed by law).
The data we display (like customer contact info or call content) is generally sourced from Shopify or from the call interactions. If you notice any inaccuracies (for example, an incorrect transcription of a name), you typically can correct the source data in Shopify (for contact info) or contact us to amend our records (for example, we could update a transcript if needed). We will correct any factually incorrect data that we have control over.
You have the right to deletion (the "right to be forgotten") for personal data. As described in the Data Retention section, you may delete call records through the App or request deletion of any personal data we hold. This includes both your own personal data (if any) and your customers’ data that we process. We honor all deletion requests and will erase the requested data from our systems (except to the extent we are legally required to keep it, in which case we’ll inform you). Furthermore, your customers also have rights: if a customer asks you to delete their personal data and that data resides in our system (e.g., their phone number and call record), please initiate a deletion request to us (or through Shopify’s Customer Data Erasure request). We will promptly delete the customer's data and confirm with you once done.
If our App ever relies on your consent for any data processing (for example, if we introduce an optional feature that requires separate consent), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the legality of processing performed prior to withdrawal, but it might mean certain features will no longer function. In the current version of the App, most processing is either necessary for the service or done on the basis of fulfilling our agreement (not on explicit consent), but if you believe consent is applicable, you can always adjust your settings or uninstall the App.
In certain jurisdictions, you have the right to object to or restrict certain processing activities. For example, you might object to us using data for improvement/training purposes. We do not use data for marketing, but if you have any concerns about how we handle your data, let us know. We will either cease the processing in question or work with you to address the concern.
We will never discriminate or retaliate against you for exercising any of these privacy rights. Your access to the App’s services remains the same regardless of any privacy requests you make.
To exercise any of these rights or if you need assistance with your data, you can contact us at our support email. We may need to verify your identity or authority (especially if it’s a request involving a specific customer’s data) before fulfilling the request, for security reasons. If a request comes to us from a customer directly, and we determine it is actually your customer, we will either direct them to contact you (the merchant) or we will notify you of the request, since as a processor we cannot disclose or delete a merchant’s customer data without instructions from the merchant (per Shopify’s policies).
Skite AI is available to merchants around the world. By its nature, using cloud services and third-party APIs, personal data may be transferred or processed in countries other than your own. In particular, note the following:
Our servers may be located in the United States. This means if you are outside those regions, your data (and your customers’ data) will be transferred to and stored on servers in those regions.
The third-party services we use – such as OpenAI (which is primarily based in the United States) and telephony providers (which may use local and global carriers) – might also involve transferring data internationally. For example, when we send a call recording to OpenAI for transcription, that data is processed on OpenAI’s servers in the U.S.
Protection for International Transfers: Whenever we transfer personal data out of its country of origin, we take steps to ensure adequate protection. If you or your customers are in the European Economic Area (EEA) or other regions with data transfer restrictions, we rely on mechanisms such as Standard Contractual Clauses (SCCs) or other legally approved measures to legitimize the transfer[7]. We only work with third-party processors that have committed to complying with privacy frameworks (for instance, OpenAI is GDPR-compliant and offers Data Processing Addendums; our cloud providers are certified under EU-US data frameworks or have SCCs in place).
By using the App, you understand that your data may be processed in countries outside of your home jurisdiction. These countries may have data protection laws different from your jurisdiction. However, we will always handle your information as described in this Privacy Policy and in accordance with applicable law, no matter where it is processed.
If you require more information about international data transfers or specific safeguards in place, please contact us and we will provide additional details.
We have designed our data practices to comply with Shopify’s App Store requirements and global privacy laws (such as GDPR, CCPA, etc.)[1][8]. Some key points of compliance include:
This Privacy Policy is linked in our Shopify App Store listing (for public apps) and is readily available for you to review at any time[1]. We will update it as needed to reflect any changes in our practices or new requirements, and the latest version will always be public.
We subscribe to Shopify’s mandatory webhooks for data deletion. This means we automatically handle requests like customers/data_request, customers/redact, and shop/redact as required by Shopify’s Partner Program and applicable law. In essence, when Shopify notifies us of a deletion request or store uninstall, we take the required action to delete personal data from our systems within the required timeframe.
We only request access to customer data that is strictly necessary for the App’s functionality[10]. For example, we request permission to read customer contact information (such as phone or email) because without it the App cannot perform calls or notifications. We have explained our use of this data in this policy and in the app review process to Shopify. If in the future we consider accessing additional data, we will update our scope and this policy accordingly and seek required approvals.
While not a "privacy" law requirement per se, we recognize that calling customers may be subject to marketing or communication consent rules. The App is intended to facilitate service communications (like back-in-stock alerts) rather than unsolicited marketing. We encourage you as a merchant to ensure you have appropriate consent from customers to contact them via phone. The App will only make calls you authorize, so you can choose to only call customers who have opted in to such communications. (If you have a question about whether a particular use is allowed, consider your local telemarketing laws or Shopify’s policies on customer contact.)
Our App is not directed to children. Shopify stores typically are for general audiences. We do not knowingly collect any personal information from children under the age of 13 (or applicable age of consent in other jurisdictions). If you believe we have inadvertently processed information of a minor, please let us know and we will delete it.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for any other reason. When we make changes, we will revise the "Last Updated" date at the top of the policy. For significant changes, we may also provide a more prominent notice – for example, by emailing you or posting an announcement within the App.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of the Skite AI App after any changes to the Privacy Policy constitutes your acceptance of those changes. If you do not agree with any update, you should uninstall the App or contact us to express your concerns.
If you have any questions, concerns, or requests regarding this Privacy Policy or how Skite AI handles your data, please do not hesitate to contact us at support@skite.com
We are committed to addressing any issues or inquiries promptly. Reaching out to us with questions about privacy will not affect your rights. If you need to, you can also contact Shopify support for general questions about app data handling, but for specifics about Skite’s data use, we are the best point of contact.
By using the Skite AI App, you acknowledge that you have read and agree to this Privacy Policy. Thank you for trusting Skite.ai with your business needs – we value your trust and are dedicated to protecting your privacy while delivering a useful service.
[1] [2] [6] [7] [8] Privacy requirements
[3] [10] Work with protected customer data
[4] OpenAI API Privacy Policies Explained
[5] Checklist of requirements for apps in the Shopify App Store