A plain-English explanation of what data we collect, how we use it, and the controls you have.
If you’re looking for the legally binding version, see our Privacy Policy, Data Processing Agreement, and Subprocessor List.
What is Fyncall?
Fyncall is an AI-powered customer-support and sales inbox for Shopify merchants. It connects to your store, syncs your products, orders, and customer information, and lets your customers ask questions or buy products through WhatsApp, Instagram, your website chat widget, or email — handled by an AI agent that you control.
Two groups interact with Fyncall:
- Merchants — Shopify store owners who install Fyncall on their store and use the dashboard to manage conversations, configure the AI, and view analytics.
- End customers — the shoppers who message a merchant. They never sign in to Fyncall directly; they’re chatting with the merchant’s store and Fyncall is the AI assistant on the other side.
This page explains how data flows for both groups.
TL;DR — the 60-second summary
- We sync your Shopify products, orders, customers, and inventory so the AI knows what to talk about.
- Customer messages (and a small amount of context like name and recent orders) are sent to AI providers — primarily Microsoft Azure OpenAI, with OpenAI as a fallback. These providers do not train their models on your data.
- We store conversation history so you can review it later and so the AI has context for the next message.
- We hold customer data only as long as you keep your Shopify store connected. When you uninstall Fyncall, we delete all your store and customer data within 48 hours, in line with Shopify’s privacy webhooks.
- We never sell personal data. Ever.
- You can request a copy of, or deletion of, any individual customer’s data at any time — instantly via Shopify’s privacy tools, or by emailing us at
privacy@fyncall.com.
What data Fyncall collects
We’ve grouped the data into four buckets, depending on where it comes from.
1. Data from your Shopify store
When you install Fyncall, Shopify gives us a permission token to read (and in some cases write) the following types of records:
| Type | Examples of fields | Why we need it |
|---|---|---|
| Customers | Name, email, phone, address, order history, marketing-consent status | So the AI recognises who’s chatting and can personalise replies |
| Orders | Order number, items, prices, shipping/billing addresses, fulfillment status, order notes | So the AI can answer “where is my order?” / “I want to return this” |
| Products & variants | Product name, description, price, images, inventory levels | So the AI can recommend products and tell customers what’s in stock |
| Collections, discounts, locations | Public catalog metadata | For commerce features (recommendations, discount codes, store-pickup info) |
We sync this data continuously via Shopify’s webhooks so the AI is always working from current information.
2. Data from messaging channels
When a customer messages your store, Fyncall receives the message via the channel they used:
| Channel | What we receive |
|---|---|
| WhatsApp (via Twilio or Meta) | The customer’s WhatsApp phone number, message text, any photos/audio/files they sent |
| Instagram Direct (via Meta) | Their Instagram-scoped sender ID (not their real handle), message text, attachments, story replies, comments mentioning your account |
| Web chat widget (on your storefront) | A randomly-generated visitor ID, the message text, the page they were viewing, browser type, IP address (for geolocation only), and any name/email/phone they voluntarily share with the chat |
| Email (Gmail, Outlook, or SMTP/IMAP) | Sender address, subject, body, attachments — same as a normal email client |
3. Data you enter in the Fyncall dashboard
The things you upload or configure yourself:
- Knowledge base files (PDFs, Word docs, etc.) used to answer customer questions
- AI agent system prompts and personality instructions
- Workflow rules (e.g. “if a customer asks about returns, use the return policy KB”)
- Message templates
- Your team’s user accounts (email, password, role)
4. Operational metadata
Standard things any web app needs to run:
- Login session tokens and audit logs
- Integration tokens for Shopify, WhatsApp, etc. (encrypted before storage)
- API request logs for debugging
- Aggregate metrics (number of messages handled, response times) — these never include the message content itself
What we do with the data
Powering the AI conversation
When a customer sends a message, here’s what happens:
- The message arrives at Fyncall’s backend.
- We load relevant context: their recent conversation history (typically the last 5–15 messages), their name and recent orders if known, and any knowledge-base snippets that look relevant.
- We send that bundle to an AI provider (see “Which AI providers we use” below) and get back a reply.
- We send the reply back to the customer through the same channel they used.
- We store the message in our database so you can read it in your inbox and so the AI has memory for the next exchange.
That’s the whole loop. The AI does not have access to credit-card numbers, passwords, or any data outside what Shopify makes available to your store.
Showing you the inbox
Your dashboard reads from the same database to show you live conversations, customer profiles, AI activity, and analytics.
Improving the service
We use aggregate, anonymised usage data (e.g. “the average AI response time across all merchants today is 4 seconds”) to monitor performance and find bugs. We do not train AI models on your data, and we do not use individual customer messages to improve our service.
Which AI providers we use
This is the part most merchants want to know about, so we’re being explicit:
| Provider | What it does for us | Where they process the data |
|---|---|---|
| Microsoft Azure OpenAI Service | Primary engine for understanding messages and generating replies | Microsoft data centres (region depends on your account; we run in a specific Azure region — see Subprocessor List for the exact location) |
| OpenAI | Fallback for chat replies and embeddings (used for knowledge-base search) | United States |
| Google Gemini | Used to process knowledge-base files when you upload them to be indexed | United States |
Important commitments from these providers:
- Azure OpenAI does not use customer prompts to train Microsoft’s foundation models. Microsoft signs a Data Protection Addendum that includes EU Standard Contractual Clauses for non-EU transfers.
- OpenAI’s API does not use API inputs/outputs to train OpenAI’s models by default. Their Enterprise / Business agreements include a DPA.
- Google’s Gemini API under their Cloud / Workspace business agreements does not use customer data for advertising or for training general models.
The full list of every external service we send your data to (cloud hosting, email infrastructure, payment processing, etc.) is in our Subprocessor List.
Where we store data
| Storage | What lives there | Where it’s hosted |
|---|---|---|
| Application database (PostgreSQL) | Customer records, conversation history, orders, products, settings | Microsoft Azure (East US 2 region) |
| File storage (Azure Blob Storage) | Photos/audio/documents customers send via chat, knowledge-base files you upload, your invoices | Microsoft Azure |
| Cache (Redis) | Short-term performance cache and rate-limit counters; does not hold message content | Microsoft Azure (same region) |
| Knowledge-base index (RAGFlow, self-hosted) | Searchable chunks of your knowledge-base files | Microsoft Azure (same region) |
Backups of the database run nightly and are kept for 30 days. They’re encrypted on disk.
Encryption
- In transit: every connection to Fyncall and from Fyncall to the AI providers uses TLS 1.2 or 1.3 — the same encryption your bank uses.
- At rest: Microsoft Azure encrypts the underlying disks at the platform level. On top of that, we additionally encrypt the most sensitive fields ourselves — your Shopify access tokens, OAuth credentials, and 2FA secrets — using AES-128 (Fernet) with a key only our backend has access to. So even an attacker who somehow exfiltrated the raw database would not be able to call Shopify on your behalf.
How long we keep data
| Data | Retention |
|---|---|
| Your merchant account | For as long as your Fyncall account is active, plus a reasonable grace period if you reactivate |
| Customer conversation history | While the customer’s record exists in your store and Fyncall is connected. You can shorten this in your settings, or delete individual customers at any time. |
| Shopify-synced data (customers, orders, products) | Mirrored from your store; deleted within 48 hours of you uninstalling Fyncall |
| Database backups | 30 days from creation |
| Audit logs | 12 months for security investigations |
When you uninstall Fyncall from your Shopify store:
- Immediately: we mark the store as disconnected and stop syncing. Your access token is wiped from our database.
- Within 48 hours: Shopify sends us the
shop/redactprivacy webhook. We respond by hard-deleting all your data — customers, orders, products, conversations, knowledge-base files, attachments, the lot. This timeline is required by Shopify and we follow it strictly.
When an individual customer asks you to delete their data:
- You forward the request to Shopify (using their built-in privacy tools) or email us directly at
privacy@fyncall.com. - We have 30 days to comply. In practice we redact within 48 hours unless we need extra context from you.
- The customer’s name, email, phone, and address are redacted to
[REDACTED]. All their messages have their content replaced with[REDACTED]. All identity records linking them to a chat platform are deleted.
What rights customers have
If you’re an end customer of a Fyncall-using merchant, you can:
| Right | How to exercise it |
|---|---|
| Get a copy of your data | Ask the merchant, or email privacy@fyncall.com. We’ll respond within 30 days. |
| Correct inaccurate data | Ask the merchant; they can update it directly. |
| Have your data deleted | Ask the merchant. Shopify sends us the request; we redact within 48 hours. |
| Object to AI processing | Ask the merchant to switch your conversation to a human agent. They can do this with one click. |
| Lodge a complaint | Contact your country’s data-protection authority. EU residents: your local supervisory authority. UK: ICO. California: California Privacy Protection Agency. |
If you’re a merchant, you can do all of the above for any of your own customers from the Fyncall dashboard.
Security practices
- Tenant isolation: every database query is scoped to your
tenant_id. Other merchants cannot see your data, by design — it’s enforced at the query layer. - Two-factor authentication is available on all merchant accounts (TOTP-based, with backup codes).
- Brute-force protection locks out login attempts after 5 failures in 15 minutes per email.
- Access control: role-based permissions (super-admin, admin, agent) restrict what each user can do.
- Code review and dependency scanning run on every change before it ships.
- Server access is SSH-key-only with
fail2ban, and only ports 22, 80, and 443 are exposed publicly. - Audit logs record every privileged action and every privacy-related event.
We do not currently hold SOC 2 or ISO 27001 certification. If your organisation requires either as a condition of using us, please reach out — we can talk about scope and timeline.
A note on free-text customer messages
Customer messages are free-form text. Despite our best efforts, customers can — and sometimes will — write things in chat that we’d never deliberately collect:
- “I have a peanut allergy, do these products contain nuts?”
- “I’m pregnant and wondering if this is safe…”
- Religious, political, or sensitive identity-related comments
These messages are stored and (when relevant to the next reply) sent to the AI provider as conversation context. We don’t filter them out, because they’re often necessary for the AI to give a useful answer.
What this means in practice:
- The AI provider sees the message just as you would in your inbox.
- Storage is the same as for any other message — encrypted in transit, stored in your dedicated tenant in our DB, deletable on request.
- We treat every message as potentially sensitive and apply the same access controls regardless.
If your industry handles obviously sensitive data (medical, financial, legal advice), reach out before installing — we’ll discuss whether Fyncall is the right tool, or what configuration changes you need.
What we don’t do
- We don’t sell personal data, ever — to anyone, for any purpose.
- We don’t show ads or run any third-party advertising trackers in the app.
- We don’t share customer data between merchants. Each merchant’s data is fully siloed.
- We don’t train AI models on your data, and the AI providers we use have signed agreements committing the same.
- We don’t use cookies in our chat widget. (We use a few
localStorageentries — listed in the Privacy Policy — to keep the chat session running across page loads.)
What you can configure
You’re in control of the things below. They live under Settings in your Fyncall dashboard:
- Conversation retention period — keep messages for a year, six months, or wherever you want.
- AI guardrails — block the AI from discussing certain topics, or force escalation to a human on certain triggers.
- Knowledge base contents — what the AI is allowed to reference when answering.
- Human takeover triggers — when an agent should be paged (e.g. for a complaint, or after N back-and-forth messages with no resolution).
- Data export — download a snapshot of your conversations, customers, and analytics any time.
- Account deletion — close your account from the Settings → Account → Delete page; data is purged within 48 hours.
Compliance frameworks we follow
- Shopify App Store privacy requirements — including the three mandatory GDPR webhooks (
customers/data_request,customers/redact,shop/redact). - GDPR (EU/EEA + UK) — we act as a data processor on behalf of merchants for end-customer data, with merchants as the data controller. Standard Contractual Clauses are in place for transfers to the US.
- CCPA / CPRA (California) — California residents have the rights summarised in the table above. We never sell personal information; the “Do Not Sell” opt-out doesn’t apply because there’s nothing to opt out of.
- PIPEDA (Canada), LGPD (Brazil) — we honour comparable rights.
Have a question?
- Privacy / data deletion / data subject rights:
privacy@fyncall.com - Security disclosures:
security@fyncall.com - General support:
support@fyncall.com
We respond to privacy-related requests within 30 days at the outside, and usually within 48 hours.
This page is a plain-English summary. The legally binding version of the same information is in the Privacy Policy, Data Processing Agreement, and Subprocessor List. Where this page and those documents disagree, the legal documents are authoritative.
Last updated: 2026-04-26.