PickyPal | Your AI Shopping Advisor for Ecommerce Brands

Privacy Policy

Effective Date: April 1st, 2025

Article 1 - Introduction

This Privacy Policy explains how PickyPal collects, uses, shares, and protects personal data when providing its AI-powered chatbot service (“the Service”) to business clients (“Clients”) who integrate the Service into their own platforms.

PickyPal is committed to protecting personal data in accordance with the EU General Data Protection Regulation (GDPR) and relevant French data protection laws.

For the purposes of GDPR, PickyPal acts as a Data Controller for Client account and billing data, and as a Data Processor for End User chat data processed on behalf of Clients.

Article 2 - Who this Policy applies to

This Privacy Policy applies to:

- Clients: Businesses using PickyPal via the subscription (including admin users);

- End Users: Individuals interacting with the chatbot on our Clients' websites/apps;

- Visitors: People visiting our website (www.pickypal.co).

Article 3 - Data we collect

3.1 From Clients:

- Contact info: Name, business email, company name, billing info;

- Login info: Admin account credentials (if applicable);

- Usage data: Dashboard activity, subscription history, support tickets;

- Payment data: Processed via a third-party processor.

3.2 From End Users:

- Chat data: Questions, search items, product preferences, language;

- Metadata: Device type, IP address, browser locale (anonymized);

- Cookies: Only if the solution is embedded in web browser (see Cookies Policy).

Article 4 - Why we use the Data

We use the data to:

- Deliver the chatbot service for the performance of contract based on article 6.1.b of the GDPR;

- Personalize or improve chatbot responses for legitimate interest based on article 6.1.f of the GDPR;

- Contact Clients for service-related matters for legitimate interest and consent;

- Analyze and improve product performance for legitimate interest with anonymization;

- Fulfill legal or regulatory obligations based on article 6.1.c of the GDPR.

Article 5 - Cookies & tracking

If you access PickyPal via web browser, we may use cookies to:

- Authenticate sessions;

- Analyze user interaction (e.g., chat engagement metrics);

- Save preferences.

We do not use marketing cookies or third-party advertising trackers. See our Cookies Policy for details and opt-out options.

Article 6 - Data sharing

We do not sell or rent personal data.

PickyPal agrees to keep all information and data shared by the Client strictly confidential.

All data will be handled in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

No data will be shared with third parties without the Client’s prior written consent.

PickyPal reserves the right to download the conversations, anonymized, in compliance with GDPR and the best practices in protecting the user’s personal information, for purposes of evaluation, improvement, and analytics.

PickyPal is fully compliant with GDPR and the applicable data protection laws.

Where data is transferred outside the European Economic Area (EEA), PickyPal ensures appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs), or transfers only to countries with adequacy decisions.

Article 7 - Data retention

The retention period varies according to the data type as follows:

- For Client data, the retention period is as long as the subscription is active, plus 10 years for invoicing and legal records;

- For chat data, the retention period is 12 months by default. The Client may request a longer or shorter storage period in writing, subject to technical feasibility;

- For logs and metadata, the retention period is 12 months (anonymized thereafter);

- For website cookies, the retention period is up to 12 months, per cookie type, with user consent renewed at least every 6 months in accordance with CNIL guidelines.

Article 8 – Clients and end users’ rights

Under GDPR, the Client or their end users have the right to:

- Access personal data;

- Correct inaccurate or incomplete data;

- Request deletion (“right to be forgotten”);

- Object to or restrict processing;

- Request data portability (where applicable);

- Withdraw consent (where processing is based on consent);

- Lodge a complaint with a data protection authority.

To exercise these rights, email: dana.daou@pickypal.co or dev@pickypal.co

For end users, PickyPal will forward rights requests to the relevant Client.

Article 9 - Data security

We implement appropriate technical and organizational measures to protect personal data, including: HTTPS encryption; anonymization and pseudonymization techniques; access control and internal security policies; and regular audits and data breach response plans.

Article 10 - Changes to this Policy

We may update this Privacy Policy to reflect changes in the law or our services. The “Effective Date” above will be updated accordingly. Material changes will be communicated to Clients directly.

Article 11 – Contact

If you have any questions about this Privacy Policy or how we handle personal data, contact: dana.daou@pickypal.co.