← Back to home
🇧🇷 Versão em portuguêswisell.ai

Privacy Policy

Last updated: February 11, 2026

Wisell Technologies ("Wisell", "we", "us", or "our") operates the Wisell.ai platform, including the website at https://wisell.ai, the Wisell dashboard, the Wisell chat widget, and related integrations (collectively, the "Service").

This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service, whether as a merchant integrating Wisell into your store ("Merchant") or as a consumer interacting with a Wisell-powered assistant on a merchant's store ("End User").

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Who We Are

Wisell is a B2B SaaS platform that provides AI-powered sales assistants for e-commerce stores. Our assistants operate through website chat widgets and WhatsApp Business, helping merchants convert visitors into customers through guided conversations, product recommendations, and assisted checkout.

Data Controller: For Merchant data, Wisell acts as the data controller. For End User data collected through a Merchant's store, Wisell acts as a data processor on behalf of the Merchant (who is the data controller).

Contact:

  • Email: privacy@wisell.ai
  • Website: https://wisell.ai

2. Information We Collect

2.1 Information from Merchants

When you create a Wisell account or use our dashboard, we collect:

  • Account Information: Name, email address, phone number, company name, and billing address.
  • Store Information: Store URL, platform type (Shopify, WooCommerce, Nuvemshop), product catalog data, and store settings.
  • Payment Information: Billing details processed through Shopify Billing API or Stripe. We do not store complete credit card numbers on our servers.
  • Usage Data: Dashboard interactions, feature usage, conversation analytics, and performance metrics.
  • Communication Data: Support requests, feedback, and correspondence with our team.

2.2 Information from End Users

When an End User interacts with a Wisell-powered assistant, we may collect:

  • Conversation Data: Messages exchanged with the AI assistant, including product inquiries, preferences, and feedback.
  • Contact Information: Name, email address, phone number, and shipping address — only when voluntarily provided by the End User during a conversation or checkout process.
  • Device and Technical Data: IP address (anonymized), browser type, device type, and referral URL.
  • Order Information: Products viewed, cart contents, and checkout details when the End User uses assisted checkout.

2.3 Information from Third-Party Platforms

When a Merchant connects their store to Wisell, we receive data from:

  • Shopify: Product catalog, customer information (name, email, phone, address), order data, and store configuration, as authorized by the Merchant through Shopify's OAuth flow.
  • WooCommerce: Product and order data via REST API, as configured by the Merchant.
  • Nuvemshop: Product and order data via API integration.
  • WhatsApp Business API: Phone numbers and message content for conversations conducted through WhatsApp.

2.4 Information Collected Automatically

  • Log Data: Server logs including access times, pages viewed, and system activity.
  • Cookies and Similar Technologies: Session cookies for authentication and functionality. We do not use tracking cookies for advertising purposes.
  • Analytics: Aggregated, anonymized usage statistics to improve our Service.

3. How We Use Information

3.1 To Provide and Improve the Service

  • Operating the AI sales assistant on Merchants' stores.
  • Processing assisted checkouts and transactions.
  • Generating product recommendations and personalized responses.
  • Providing conversation analytics and performance dashboards.
  • Improving AI response quality and accuracy.
  • Detecting and preventing fraud, abuse, and security threats.

3.2 To Communicate

  • Sending transactional emails (account creation, billing, order confirmations).
  • Providing customer support.
  • Sending service updates and product announcements (with opt-out).
  • Responding to legal requests and court orders.
  • Complying with applicable data protection laws (GDPR, LGPD, CCPA).
  • Maintaining records as required by tax and commerce regulations.

4. How We Share Information

We do not sell personal data. We share information only in the following circumstances:

4.1 With Merchants

End User conversation data and contact information are shared with the Merchant whose store the End User interacted with. Merchants are the data controllers for their customers' data.

4.2 With Service Providers

We use third-party service providers to operate our platform:

Provider Purpose Data Shared Location
Supabase Database and authentication Account data, conversation data US/EU
Vercel Hosting and deployment Technical/log data Global (Edge)
Stripe Payment processing Billing information US/EU
Shopify App platform and billing Store and customer data US/Canada
Meta (WhatsApp) Messaging platform Phone numbers, messages US/EU
DeepSeek AI language model Anonymized conversation content China
Google (Gemini) AI language model (fallback) Anonymized conversation content US
OpenAI AI language model (fallback) Anonymized conversation content US
Sentry Error monitoring Technical error data US
Resend Email delivery Email addresses, notification content US

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Wisell, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will notify affected users before their data is subject to a different privacy policy.

5. AI Data Processing

5.1 How AI Processes Data

Wisell uses large language models (LLMs) to power conversational assistants. When an End User sends a message:

  1. The message is processed by our Decision Engine to determine intent.
  2. Relevant context (product catalog, store settings, conversation history) is assembled.
  3. The message and context are sent to an AI model for response generation.
  4. The response is validated against safety and compliance rules before delivery.

5.2 AI Model Providers

  • Primary: DeepSeek (handles approximately 90% of conversations).
  • Secondary: Google Gemini (complex queries, approximately 10%).
  • Fallback: OpenAI GPT-4 (used only when primary and secondary models are unavailable).

5.3 Data Minimization in AI Processing

  • We send only the minimum context necessary for response generation.
  • Payment card numbers are never sent to AI models.
  • Personal data is anonymized where possible before AI processing.
  • Conversation data is not used to train third-party AI models.

6. Data Retention

Data Type Retention Period Justification
Merchant account data Duration of account + 5 years Legal and tax obligations
Conversation data 12 months Service improvement and analytics
End User contact data 12 months or until deletion request Merchant's legitimate interest
Payment records 7 years Tax and financial regulations
Server logs 90 days Security and debugging
Analytics (aggregated) Indefinitely Non-personal, anonymized

After the retention period, data is permanently deleted or irreversibly anonymized.

7. Your Rights

7.1 Rights Under GDPR (European Economic Area, United Kingdom)

If you are located in the EEA or UK, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit how we process your data.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Legal Bases for Processing (GDPR Article 6):

  • Contract Performance: Processing necessary to provide the Service (Art. 6(1)(b)).
  • Legitimate Interests: Analytics, security, and service improvement (Art. 6(1)(f)).
  • Consent: Marketing communications and optional features (Art. 6(1)(a)).
  • Legal Obligation: Tax, financial, and regulatory compliance (Art. 6(1)(c)).

Supervisory Authority: You have the right to lodge a complaint with your local data protection authority. In Spain: Agencia Española de Protección de Datos (AEPD) — https://www.aepd.es.

7.2 Rights Under LGPD (Brazil)

If you are located in Brazil, under Lei Geral de Proteção de Dados (Lei nº 13.709/2018), you have the right to:

  • Confirmation: Confirm whether we process your personal data.
  • Access: Access your personal data held by us.
  • Correction: Request correction of incomplete, inaccurate, or outdated data.
  • Anonymization, Blocking, or Deletion: Of unnecessary or excessive data, or data processed in non-compliance with the LGPD.
  • Portability: Transfer your data to another service provider.
  • Deletion: Request deletion of data processed with your consent.
  • Information: Know which entities your data has been shared with.
  • Consent Withdrawal: Revoke consent at any time.
  • Opposition: Object to processing that violates the LGPD.

Legal Bases for Processing (LGPD Article 7):

  • Contract Execution: Processing necessary to perform the contract (Art. 7, V).
  • Legitimate Interests: Analytics and service improvement (Art. 7, IX).
  • Consent: Marketing and optional features (Art. 7, I).
  • Legal Obligation: Regulatory compliance (Art. 7, II).

Supervisory Authority: Autoridade Nacional de Proteção de Dados (ANPD) — https://www.gov.br/anpd.

7.3 Rights Under CCPA/CPRA (California, United States)

If you are a California resident, you have the right to:

  • Know: What personal information we collect and how it is used.
  • Delete: Request deletion of your personal information.
  • Opt-Out: Opt out of the sale or sharing of personal information.
  • Non-Discrimination: Not be discriminated against for exercising your rights.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

7.4 How to Exercise Your Rights

To exercise any of the above rights, contact us at:

  • Email: privacy@wisell.ai
  • Subject: Include "Data Rights Request" and specify the right you wish to exercise.

We will respond within 30 days (GDPR/LGPD) or 45 days (CCPA). We may request verification of your identity before processing your request.

End Users: If you interacted with a Wisell-powered assistant on a merchant's store, you may also contact the merchant directly, as they are the data controller for your information.

8. International Data Transfers

Wisell may transfer personal data outside your country of residence. We ensure appropriate safeguards are in place:

  • EEA/UK to US: Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Brazil to abroad: Compliance with LGPD Chapter V requirements, including adequacy assessments and contractual safeguards.
  • AI processing: Conversation data sent to AI model providers may be processed in the US or other jurisdictions. We use data processing agreements with all AI providers.

9. Data Security

We implement appropriate technical and organizational measures to protect personal data:

  • Encryption: Data encrypted in transit (TLS 1.2+) and at rest.
  • Access Control: Role-based access control and multi-tenant isolation via Row Level Security (RLS).
  • Authentication: Secure authentication with session management.
  • Monitoring: Real-time error monitoring and security alerting.
  • Infrastructure: Hosted on enterprise-grade platforms (Vercel, Supabase) with SOC 2 compliance.
  • AI Safety: Response validation, content filtering, and compliance checking before delivery.

Despite these measures, no method of transmission or storage is 100% secure. If you become aware of a security vulnerability, please contact us immediately at security@wisell.ai.

10. Children's Privacy

Our Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@wisell.ai, and we will delete it promptly.

11. Cookies and Tracking

11.1 Cookies We Use

Cookie Type Purpose Duration
Session cookie Strictly necessary Authentication and session management Session
Preference cookie Functional Language and display preferences 1 year

11.2 What We Do NOT Use

  • No advertising or tracking cookies.
  • No cross-site tracking.
  • No fingerprinting technologies.
  • No third-party analytics cookies (we use server-side analytics only).

12. Shopify-Specific Provisions

If you install Wisell through the Shopify App Store:

  • Data Access: We access your store's product catalog, customer data (name, email, phone, address), and order information through Shopify's Admin API, solely to provide the Service.
  • Billing: If you subscribe through Shopify Billing, your payment is processed by Shopify. We receive subscription status but not payment card details.
  • Uninstallation: When you uninstall Wisell from your Shopify store, we deactivate your account and cease data collection. Your data is retained per our retention policy (Section 6) and can be deleted upon request.
  • GDPR Webhooks: We comply with Shopify's mandatory compliance webhooks for customer data requests, customer data erasure, and shop data erasure.

13. WhatsApp-Specific Provisions

For conversations conducted through WhatsApp Business:

  • Phone Numbers: End User phone numbers are processed to deliver messages. They are stored as part of conversation records.
  • Message Content: Messages are processed by our AI and stored as conversation data.
  • Meta's Terms: WhatsApp conversations are also subject to Meta's Privacy Policy and WhatsApp Business Terms of Service.
  • Opt-Out: End Users can stop interacting with the assistant at any time by ending the conversation.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Merchants of significant changes via email or dashboard notification at least 30 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

For any questions or concerns about this Privacy Policy or our data practices:

  • Email: privacy@wisell.ai
  • General Support: support@wisell.ai
  • Security Issues: security@wisell.ai

For GDPR inquiries, you may also contact our Data Protection representative at dpo@wisell.ai.

*This Privacy Policy is provided in English and Portuguese (Brazil). In case of conflict between versions, the English version shall prevail for international matters, and the Portuguese version shall prevail for matters governed by Brazilian law.*

Esta página também está disponível em português. 🇧🇷 Versão em português