Privacy Policy

Legal

Privacy Policy

Effective date: June 17, 2026 · Last updated: June 17, 2026

This Privacy Policy explains how Chatworthy AI ("Chatworthy", "we", "us") collects, uses, and protects information when you use our AI agent platform, our website at chatworthy.ai, and any chat widget powered by Chatworthy that you encounter on a customer's website ("the Services").

Chatworthy is a product of AI Discovery Group. We are based in the United States.

1. The two kinds of users we serve

Chatworthy has two distinct types of users, and this policy treats them differently:

  • Customers (you, the business operator) — you sign up for Chatworthy, configure agents, and embed our widget on your website.
  • End users (your customers) — people who chat with an agent you have deployed.

2. What we collect from Customers

  • Account information — your name, email, password (hashed), workspace name, and billing email.
  • Configuration data — your agents, knowledge base content, payment offers, system prompts, and integration settings.
  • Billing information — your subscription tier and status. Payment information is handled by Shopify Payments; we never see or store credit card numbers.
  • Usage data — AI message counts, dashboard activity, and feature usage for service operation and capacity planning.

3. What we collect from End Users

  • Chat messages — the content of messages an end user sends through a Chatworthy-powered widget.
  • Conversation metadata — timestamps, the agent involved, and any escalation or handoff actions.
  • Limited identifiers — a customer-supplied identifier (e.g. email) only if the end user provides it in chat or the embedding site passes it via the widget snippet.

We do not place tracking cookies on End Users through the widget. We do not build advertising profiles. The chat conversation is stored to enable the Customer to review and respond, and to retrain the agent on what its own customers actually ask.

4. How we use information

  • To operate the Services — generating AI replies, persisting conversations, sending escalation emails.
  • To improve the Services — monitoring performance, debugging, and capacity planning. We use aggregated and de-identified usage metrics.
  • To bill Customers and prevent fraud.
  • To respond to support requests.
  • To comply with legal obligations.

We do not sell personal information. We do not use End User chat content for advertising. We do not allow third parties to advertise to End Users through our Services.

5. How we use AI providers

To generate agent replies, we send conversation content to Anthropic (Claude) and/or OpenAI under their commercial API terms. Under these terms, API inputs and outputs are not used to train the providers' models. If a Customer brings their own AI key, content is processed under that Customer's contract with the provider.

6. Payment processing

In-chat payments are processed by Stripe, Shopify, or Square depending on the Customer's chosen payment provider. Credit card data never touches Chatworthy systems; it goes directly from the End User to the payment processor's PCI-compliant infrastructure. We retain only the offer name, price label, and the checkout link the Customer configures.

7. Data security

Detailed security information is available at chatworthy.ai/pages/security. In summary: TLS in transit; managed-database encryption at rest; AES-256-GCM encryption of stored AI API keys; workspace isolation at the database query level; signed inbound webhooks with HMAC verification; rate limiting on public endpoints.

8. Data retention

  • Conversations — retained for the life of the Customer's account, then 30 days after cancellation, then deleted (unless the Customer requests earlier deletion).
  • Account data — retained while the account is active and for 30 days after cancellation.
  • Billing records — retained for 7 years to meet tax and accounting obligations.

9. Your rights

You can request access to, correction of, or deletion of your personal information by emailing privacy@chatworthy.ai. We will respond within 30 days. California, Virginia, Colorado, and Connecticut residents and EEA/UK residents have additional rights under state and regional law, including the right to opt out of any "sale" or "sharing" of personal information (we do neither) and the right to lodge a complaint with a supervisory authority.

10. Children

Chatworthy is not directed at children under 16, and we do not knowingly collect personal information from them. End Users of widgets deployed on Customer sites are subject to that Customer's own terms; Customers must not deploy Chatworthy widgets in contexts directed at children under 13.

11. International data transfers

Our services are operated from the United States. If you access Chatworthy from outside the U.S., your information may be transferred to and processed in the U.S. We rely on Standard Contractual Clauses where applicable for EEA/UK transfers.

12. Changes to this policy

We will update this policy when our practices change. The effective date above will reflect the most recent change. Material changes will be announced to account holders by email.

13. Contact

Privacy questions: privacy@chatworthy.ai. Security disclosures: security@chatworthy.ai. General contact: hello@chatworthy.ai.

This document is provided as a working draft and should be reviewed by qualified legal counsel before being treated as a legally binding policy for your specific jurisdiction and use case.