Last updated: May 9, 2026

Privacy policy

Plain-English privacy policy for WisWes. We tried to keep it short and readable — if anything is unclear, email [email protected] and we'll explain.

Privacy at a glance

What we store
Merchant account fields, store API tokens, and shopper chat logs.
What we never store
Card numbers — those go straight to Stripe.
Who else sees it
Anthropic / OpenAI (LLM inference), Hetzner (EU hosting), Stripe (billing), Resend (email).
Training opt-out
We never train models on your data, and the LLM providers we use are contractually no-training.
Retention
Chat logs: 90 days. Account data: lifetime + 30 days. Everything deleted within 30 days of cancellation.
Your rights
Access, export, correct, delete — self-serve in the dashboard, or email [email protected].

Full detail in the sections below. See also our terms and refund policy.

1. Who this policy is for

WisWes ("we", "us", "WisWes") provides an AI shopping-assistant platform that drops into ecommerce stores. This policy covers two groups: (a) merchants who sign up for a WisWes account, and (b) end shoppers who chat with the assistant on a merchant's storefront. The data we collect about each group, and what we do with it, is different — we've called out which group each section applies to.

2. Data we collect from merchants

When you sign up for a WisWes account we collect: your name, email, company name, billing address (only if you take a paid plan), and the credentials you choose. When you connect a store we collect the API tokens or shared secrets needed to talk to that store. When you use the dashboard we log standard request metadata (IP, user agent, timestamps) for security and abuse monitoring. We do not ask for, and do not want, any payment card numbers — those go straight to Stripe.

3. Data we process from shoppers

When a shopper chats on your storefront, the assistant receives the messages they type and the context your store sends with them — typically a session id, a cart id if the shopper is logged in, and a customer id if they've identified themselves. To answer the shopper, the assistant may call your store's APIs and read back products, cart contents, addresses, or order status. We do not collect names, emails, addresses, or payment details from shoppers directly — anything personal that flows through is data your store already had, surfaced into the chat at the shopper's request.

4. Why we process this data

Merchant data: to operate your account, send service emails, bill you (if applicable), and detect abuse. Shopper data: to answer the shopper's question or take the action they asked for, and to show you (the merchant) the conversation logs so you can audit and improve the assistant. We also use aggregated, anonymised metrics — total chats per day, average response time, which tools fired most — to operate and improve the platform.

5. Sub-processors we share data with

Running the platform requires a small set of vendors. We pass them only the data they need to do their job, under written data-processing terms. The current list: Anthropic and OpenAI (large-language-model inference for chat replies — sent the conversation context, never your billing data); Hetzner (EU-based hosting for the WisWes servers and database); Stripe (payments — receives your billing details directly, we never see your card); Resend (transactional email — receives your account email and the email body). We update this list when it changes; the dashboard shows the current set under Settings → Data.

6. We do not sell or train on your data

We do not sell merchant data or shopper data to anyone. We do not use your store data, your shoppers' conversations, or your custom prompts to train foundation models — ours or anyone else's. The LLM providers we send messages to (Anthropic, OpenAI) are on no-training contracts; their published API terms confirm this. If a future provider were ever to require training opt-in, we would not enable that path without your explicit, per-tenant consent.

7. Data retention

Conversation logs are kept for 90 days by default, then deleted. Account-level data (your name, email, billing history) is kept for the lifetime of your account plus 30 days. After cancellation, all merchant data and conversation logs are deleted within 30 days. If a regulator or law requires us to keep something longer (rare — usually invoice records for accounting), we keep only the minimum required and isolate it from the live platform.

8. Your rights

If you live in the EU/EEA, the UK, California, or any jurisdiction with comparable rules, you have the right to: access the personal data we hold about you, correct it, delete it, port it to another provider, and object to processing in some cases. The dashboard exposes self-serve buttons for export and deletion. For anything that isn't one click — or if you're an end shopper rather than a merchant — email [email protected] and we'll respond within 30 days.

9. Cookies and the widget

The marketing site uses one strictly-necessary cookie to remember if you've dismissed banners. The dashboard uses a session cookie for login. The chat widget on a merchant's storefront uses localStorage (not cookies) to keep a session id across page loads so the conversation doesn't reset when the shopper navigates. Neither the marketing site nor the widget runs third-party analytics or advertising trackers.

10. Children

WisWes is a B2B platform sold to merchants. We do not knowingly collect data from anyone under 16. If a merchant deploys the widget on a store that sells to children, the merchant is responsible for any age-gating their jurisdiction requires; we do not currently offer a child-directed mode.

11. International transfers

Our primary servers are in the EU (Hetzner, Germany). When we send conversation context to LLM providers, that traffic may be processed in the United States. These transfers rely on the Standard Contractual Clauses (SCCs) where required, and on adequacy decisions where they exist. If you operate under a regime that prohibits US-based model inference, contact us — we can route to EU-resident models on Enterprise plans.

12. Security

In transit, all traffic is TLS 1.2+. At rest, the database is encrypted at the disk level. Shared secrets minted by store integrations are encrypted in the database with a key held outside the application. Access to production is restricted to a small number of people, gated by SSH key, and logged. We run dependency-audit scans on every deploy. No system is uncrackable; if we ever discover a breach affecting your data we will notify you within 72 hours of confirming it.

13. Changes to this policy

We may update this policy as the platform changes. Material changes will be emailed to your account address at least 30 days before they take effect, and the "Last updated" date at the top of this page will reflect the change. Continuing to use WisWes after a change means you accept the updated policy — if not, cancel before it takes effect.

14. Contact

Privacy questions, data subject requests, or anything else? Email [email protected] — a real person reads it and replies within five business days.