Welcome to AskDolphin (“AskDolphin,” “we,” “us,” or “our”). This Privacy Policy (“Policy”) is designed to inform you about how we collect, use, store, disclose, and protect your personal data when you use our websites, dashboard, live chat widget, Dolphin AI, QR code features, or any other services (“Services”) we offer.
In this Policy, we will use certain defined terms to make it easier to understand:
- “Business Clients”: This refers to store owners, brands, companies, and similar entities that sign up for and/or use AskDolphin services to provide chat, QR code, or AI-based customer support to their own customers or site visitors.
- “End-Users”: The individual customers, visitors, or users who interact with AskDolphin’s chat widget, QR codes, or AI assistant on a Business Client’s website or via a specific link.
- “Personal Data” or “Personal Information”: Information that relates to an identified or identifiable natural person. This can include direct identifiers like a name or email address, as well as indirect identifiers like device or usage information that can link back to a person.
By using our Services, you confirm that you have read and understood the contents of this Privacy Policy and accept the practices described herein. If you do not agree, please discontinue using the Services.
AskDolphin is a SaaS-based customer engagement platform that:
- Offers real-time chat solutions for businesses to communicate with their customers,
- Provides AI-driven support (through “Dolphin AI”) to answer common questions and handle basic support tasks,
- Generates Smart QR Codes so that customers can scan them in-store or post-purchase to receive product-specific or general support,
- Plans to integrate with third-party platforms such as Shopify, WhatsApp, Facebook, and others in the future to manage interactions in a centralized inbox.
We are committed to helping businesses streamline their customer service experience while respecting the privacy and data protection laws applicable to them and their customers.
This Policy covers our activities as:
- A Data Controller/Business:
- Where we collect and decide how to process the Personal Data of our Business Clients (e.g., the information you provide when you create an account, billing information, or usage logs).
- A Data Processor/Service Provider:
- Where we process Personal Data on behalf of our Business Clients concerning End-Users. For instance, chat transcripts, voice recordings (when using the microphone feature), or other details provided by the End-User to the Business Client via the AskDolphin platform.
For End-User data, the Business Client typically acts as the primary data controller responsible for meeting the legal requirements of data privacy laws, while AskDolphin acts as a processor or service provider, following the instructions of the Business Client.
We collect a range of data depending on how you interact with our Services. This includes:
- Registration and Contact Details:
- Name, email address, business name, phone number, physical address, billing or payment information (e.g., credit card details if you subscribe to paid plans), job title, or role.
- Data Source Information:
- For Dolphin AI training and answering end-user queries, you may provide brand details, address, social media URLs, product catalogs, documentation, FAQs, or any other relevant content.
- QR Code Information:
- Details about the QR codes you generate for products, after-sales, or general queries, including references to product SKUs or specific landing pages.
- Settings and Customization:
- Preferences for the appearance and functionality of the AskDolphin widget, such as color schemes, widget position, greeting messages, chat icons, team roles, and department settings.
- Communication Data:
- Messages or attachments you share with our support teams, emails and any other data you submit when contacting us.
- Usage Data:
- Logs of actions you take in the AskDolphin dashboard (e.g., creating or editing QR codes, responding to chats, generating AI responses).
- IP addresses, browser info, device identifiers, access timestamps, pages visited in your account, and session details.
- Integration Data (including Shopify details):
- If you integrate with third parties, we may collect or store tokens or API credentials to facilitate data exchange. For Shopify integrations, we might store your Shopify store URL, Shopify access tokens, and any relevant metadata to handle mandatory webhooks.
When a store owner deploys our Services on their site or through printed QR codes:
- Chat and Support Data:
- The text messages, attachments, images, or any information submitted by the End-User via the AskDolphin live chat.
- If the user uses the microphone feature, we capture the voice input, convert it to text, and store the textual representation (and possibly the voice snippet if the store owner opts for transcription retention).
- Device and Session Data:
- IP address, browser type, operating system, device type, approximate location, language preference, chat timestamps, how the user navigates the store or chat session.
- Email Data:
- When an end-user chooses to leave an email address to receive offline responses, we store that email address. We also record messages or notifications that are sent.
- QR Code Scans:
- If an end-user scans a QR code for in-store or post-purchase support, we record that the QR code was scanned, along with metadata like device type, approximate time, and IP-based location. This helps us connect the user to the correct product page or support information.
Important: For end-user data, our role is primarily that of a processor or service provider for the Business Client. The store owner or brand typically determines which data is collected and how it is used, subject to their own privacy policy.
We use cookies and similar technologies (e.g., web beacons, pixels, device IDs) to:
- Understand how Business Clients use our dashboard and website,
- Keep sessions active and secure,
- Improve performance and user experience,
- Measure marketing campaigns,
- Provide analytics for user interactions with the chat widget.
Please see Section 12 (Cookies and Similar Technologies) for more details about how we use these technologies and how you can manage them.
If you use our integration with Shopify or other third-party apps:
- We collect basic store or platform information to link your account.
- We comply with Shopify’s mandatory data handling and webhooks to manage customer data requests (e.g.,
customers/data_request, customers/redact, and shop/redact). - We store minimal credentials or tokens necessary to keep the integration functional.
We process personal data under various legal bases depending on the jurisdiction. For instance:
- Consent: If you’ve explicitly agreed to certain uses of your data, such as receiving marketing emails or enabling voice queries for end-users.
- Contractual Necessity: Where data processing is needed to fulfill our contractual obligations (e.g., providing the Service to you as a paying subscriber).
- Legitimate Interests: For example, analyzing how users interact with our Services so we can improve them, preventing fraud, or ensuring IT security. We will consider any potential impact on you and your rights before proceeding with such processing.
- Legal Obligations: Where we must comply with a legal requirement, like responding to lawful government requests or maintaining transaction records.
For personal data of end-users, we typically rely on the store owners’ instructions and the store owners’ compliance with the relevant legal basis.
We use your data to:
- Create and maintain your account, authenticate users, manage subscription plans, and generate invoices.
- Provide real-time chat functionality between your team members and your customers.
- Train, update, and operate Dolphin AI to respond to common queries.
- Generate and manage Smart QR codes that allow in-store or post-purchase customer support.
- Facilitate offline queries and email follow-ups to end-users who engage with the chat but prefer email responses.
- Client Support: We use your contact details to respond to your requests, fix issues, and troubleshoot.
- Service-Related Notifications: We may send essential notices, such as updates to this Privacy Policy, changes in subscription details, or new features.
- Marketing Communications: If you have consented (or if otherwise permitted by law), we may send promotional materials regarding new features, product updates, or partner offers. You can opt out at any time.
- AI Model Training: We use brand, product, and frequently asked question data you provide to improve the accuracy of Dolphin AI.
- QR Code Tracking: To deliver the correct product or general chat page for end-users, we track usage events tied to the scanned QR code.
- Billing and Payment: We handle subscription charges, refunds, or updates to your plan.
- Fraud and Abuse Prevention: We may monitor transactions and usage logs to detect malicious or unauthorized activities.
- Internal Analytics: Aggregating usage data to improve load times, interface design, or user experiences.
- Interest-Based Advertising: Where permitted, we may use cookies or tracking solutions to show relevant ads, either on our own site or on third-party platforms.
- Profiling: We might create aggregated profiles based on usage patterns to tailor features or marketing content. However, we do not sell personal information to data brokers.
We only share personal data with third parties for the specific purposes outlined below:
We contract with vetted third-party providers that help run our business. These include:
- Hosting and Infrastructure (e.g., cloud servers)
- Payment Processors (e.g., credit card processing)
- Analytics Providers (e.g., to track usage or visitor behavior)
- Email Service Providers (e.g., to send notifications or newsletters)
- AI and Chat Processing (e.g., natural language processing engines if integrated)
All sub-processors must adhere to strict confidentiality obligations consistent with this Policy.
We may share your data with companies or affiliates under common ownership or control, provided they observe the same privacy and data protection obligations.
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal data may be transferred. We will notify you if such a transfer might materially affect your personal data processing.
We may disclose data when required by law, subpoena, or if we believe it is necessary to:
- Comply with a legal obligation,
- Protect our rights, property, or safety, or that of our users,
- Investigate or prevent wrongdoing in connection with the Services.
If you activate an integration (e.g., linking your AskDolphin account with Shopify or social media channels), certain data (like chat transcripts or transaction details) may be shared with or retrieved from that third-party. Any data you provide to these third parties is governed by their privacy policies.
We may share aggregated or de-identified data with research organizations, potential partners, or the public for analytics or to showcase usage trends. This information cannot be used to identify a specific individual.
We will keep personal data only as long as it is needed for the purposes described in this Policy, unless a longer retention period is required by law (e.g., tax or accounting regulations) or is needed to resolve disputes, enforce our rights, or comply with legal obligations. When your data is no longer required, we will delete or anonymize it in accordance with applicable laws and our contractual obligations.
We employ various security measures to safeguard your personal data from unauthorized access, alteration, disclosure, or destruction. These include:
- Encryption: We encrypt data in transit (TLS/HTTPS) and, where appropriate, at rest.
- Access Controls: Restricted access to personal data, requiring identity and access management solutions.
- Monitoring: Logs and alerts that track suspicious activities or attempts at unauthorized access.
- Employee Training: All personnel must comply with our internal data protection policies and sign confidentiality agreements.
However, no transmission or storage method is 100% secure; thus, we cannot guarantee absolute protection. You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your devices.
AskDolphin may process data across multiple jurisdictions, including countries that do not have equivalent data protection laws as your home country. When we transfer personal data internationally, we use recognized safeguards:
- Standard Contractual Clauses (SCCs)
- Data Privacy Framework (or its successors)
- Binding Corporate Rules, where applicable
- Any other relevant transfer mechanism required by local law.
We will inform you if any material changes occur regarding the international transfer of your personal data.
If you are based in the European Economic Area (EEA) or the UK, or other regions with similar data protection laws, you may have certain rights:
- Right of Access: Request a copy of the personal data we hold about you.
- Right of Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal or contractual obligations.
- Right to Restriction: Ask to limit how we process your data in certain contexts.
- Right to Object: Object to certain processing (like direct marketing or processing under legitimate interests).
- Right to Data Portability: Obtain data you provided in a structured, commonly used format.
- Right to Withdraw Consent: If processing relies on consent, you can withdraw it at any time.
Residents of certain states (e.g., California under the CPRA, Colorado, Connecticut, Utah, and Virginia) may have analogous rights, such as:
- Requesting Disclosure: The categories of personal information collected, sold, or shared.
- Deletion: The right to request deletion of personal data.
- Opt-Out: The right to opt-out of the sale or sharing of personal information, or targeted advertising.
- Correction: The right to request correction of inaccurate personal data.
- Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.
- Business Clients: If you have an AskDolphin account, you can typically update certain information directly via your account settings. For other rights, or if you need assistance, email us at [email protected].
- End-Users: Please direct any data subject requests to the store owner or brand (the data controller). We will promptly assist our Business Clients in fulfilling such requests in accordance with applicable laws.
We may request verification of your identity before proceeding with your request, and we reserve the right to deny or limit your request if allowed by law (e.g., if fulfilling the request is impractical or conflicts with legal obligations).
Our Services are not intended for individuals under the age of 13 (or other relevant minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us; we will take steps to remove such data promptly.
Cookies are small text files placed on your device by websites or applications to store certain information. Other similar technologies include tracking pixels, web beacons, device identifiers, or local storage.
- Strictly Necessary Cookies: Essential for the operation of our site or platform, enabling features like session management.
- Functional Cookies: Remember user preferences, such as language or interface customizations.
- Performance/Analytics Cookies: Measure how users interact with our websites or dashboards, to improve user experience.
- Advertising/Targeting Cookies: Used to deliver relevant ads or promotions, track ad performance, or retarget users.
You can manage cookie settings via your browser or device settings, typically under “privacy” or “security” preferences. You can also decline certain cookies, but note that some functionalities may not work fully if you do so.
We may use third-party analytics tools (e.g., Google Analytics, Microsoft Clarity) or advertising partners that use cookies/pixels to collect usage data. For more details or to opt out, see the resources provided by each third-party, such as Your AdChoices or the Network Advertising Initiative.
When integrated with Shopify, we subscribe to required webhooks:
customers/data_requestcustomers/redactshop/redact
We honor these webhooks by deleting or anonymizing personal data where legally mandated or upon valid request from a merchant. This ensures compliance with Shopify’s developer terms and relevant data protection obligations.
- We provide store owners with the capability to handle data subject rights for customers who interact with the store. If a request for data erasure or access is received from Shopify, we respond within the timeframe required by law or Shopify’s policies.
- In the event a store is uninstalled or no longer uses the AskDolphin app, we may continue storing data for a limited time for legitimate interests (e.g., compliance, dispute resolution). However, we will eventually delete or anonymize it according to our retention schedules or upon verified request.
We are committed to complying with international data protection standards. Here are some of the primary regulations we address:
For individuals in the EEA, we act as either a controller or processor depending on our direct relationship with you or with the store owner. We ensure:
- Lawful Basis: We rely on consent, contract, legitimate interests, or legal obligations.
- Data Minimization: We collect only the minimum amount of data necessary for the defined purpose.
- Data Subject Rights: EEA residents have the right to access, rectify, erase, or object to processing, among other rights.
We similarly adhere to the UK GDPR for data subjects in the United Kingdom. Our obligations mirror those outlined under EEA GDPR, taking into account local UK enforcement authorities.
If you are in California, the California Privacy Rights Act (CPRA) (expanding on CCPA) grants rights such as:
- Right to Know: Categories and specific pieces of data we have collected.
- Right to Delete: Request the deletion of personal data.
- Right to Opt-Out of the sale/share of personal data.
- Right to Correct inaccurate data.
- Right to Non-Discrimination for exercising any privacy right.
Other U.S. states (Colorado, Connecticut, Utah, Virginia, etc.) also provide personal data rights. We apply consistent and reasonable measures to comply with these states’ laws.
We monitor privacy law developments globally (e.g., LGPD in Brazil, PIPEDA in Canada, PDPA in Singapore). If you have specific questions about compliance in your region, please contact us.
- Business Clients: Email us at [email protected] with a description of your request.
- End-Users: Contact the store owner. If needed, the store owner can coordinate with us to fulfill your request.
We will respond to verifiable requests within timeframes outlined by applicable laws (e.g., 30 days under GDPR or 45 days under CPRA). Some circumstances may require an extension or verification checks.
We may amend this Privacy Policy periodically to reflect changes in our practices or to address new legal or regulatory obligations. The “Last Updated” date at the top indicates when changes were made. If the changes are significant, we may notify you via email or through a notice on our website or dashboard.
Your continued use of our Services after an updated version is posted indicates your acceptance of the revised Policy, except where additional consents are required by law.
If you have any questions, comments, or concerns about this Privacy Policy or our data handling practices, please get in touch:
AskDolphin
Email: [email protected]
For EEA or UK residents, if you believe we have not addressed your data protection queries satisfactorily, you have the right to lodge a complaint with your local Data Protection Authority.
Thank you for choosing AskDolphin. We remain dedicated to providing transparent and secure services to ensure the privacy and satisfaction of both business clients and end-users.