Get your free practice visibility report

Privacy Policy

Effective Date: December 7, 2025

Last Updated: December 7, 2025

This Privacy Policy describes how BoostPanda AI ("Company," "we," "our," or "us") collects, uses, and protects your information when you use our AI-powered customer communication platform.

1. Information We Collect

Account Information

  • Name and contact information (email, phone number)
  • Business information (company name, address, industry)
  • Account credentials
  • Payment information (processed by third-party payment processors)

Shopify Merchant Data

When you install our Shopify app, we collect:

  • Shop domain and store information
  • Store owner name and email address
  • Shopify customer data necessary to provide chat support services
  • Order information relevant to customer inquiries

Customer Communication Data

When providing our services, we may process:

  • Chat messages and conversation history
  • Customer contact information (name, email, phone)
  • Appointment and scheduling information
  • Voice recordings (when using our voice assistant features)

Automatically Collected Information

  • IP addresses and device information
  • Website usage data and analytics
  • System logs and performance data

2. How We Use Your Information

We use your information to:

  • Provide and maintain our AI communication services
  • Process customer inquiries and communications
  • Improve our AI models and service quality
  • Send service updates and support communications
  • Comply with legal obligations
  • Protect against fraud and security threats

3. Shopify App Data Practices

Data Access

Our Shopify app accesses only the data necessary to provide customer support services:

  • Customer information for identifying and assisting customers
  • Order data for handling order-related inquiries
  • Shop information for account management

Data Storage

  • All Shopify data is encrypted in transit and at rest
  • Access tokens are encrypted using AES-256-GCM encryption
  • Data is stored on secure cloud infrastructure

App Uninstallation

When you uninstall our Shopify app:

  • Your integration is immediately deactivated
  • Your workspace enters read-only mode
  • Per Shopify's GDPR requirements, all associated data (customers, chats, messages) is permanently deleted within 48 hours

Data Portability

You may request an export of your data at any time by contacting us.

4. HIPAA Compliance (Healthcare Providers)

Business Associate Agreement

For healthcare practices covered by HIPAA, we serve as a Business Associate and will execute a Business Associate Agreement (BAA) that governs our handling of Protected Health Information (PHI).

PHI Protection

  • We implement administrative, physical, and technical safeguards to protect PHI
  • Access to PHI is limited to authorized personnel on a need-to-know basis
  • All PHI is encrypted in transit and at rest
  • We maintain audit logs of PHI access and processing

Data Minimization

We only process the minimum amount of patient information necessary to provide our services.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

Service Providers

Third-party vendors who assist with:

  • Cloud hosting and storage
  • Payment processing
  • Analytics and monitoring
  • Customer support

Legal Requirements

We may disclose information when required by law, court order, or to:

  • Protect our legal rights
  • Prevent fraud or security threats
  • Comply with regulatory requirements

6. Data Security

We implement industry-standard security measures including:

  • End-to-end encryption for all communications
  • AES-256-GCM encryption for sensitive credentials
  • Multi-factor authentication
  • Regular security assessments
  • Secure cloud infrastructure
  • HMAC signature validation for all webhooks

7. Data Retention

  • Account Information: Retained while your account is active plus 30 days after termination
  • Customer Communication Data: Retained according to your business's retention policies or legal requirements
  • System Logs: Retained for up to 12 months for security and performance monitoring
  • Shopify Data: Deleted within 48 hours of app uninstallation per GDPR requirements

8. Your Rights and Choices

Access and Control

You have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your data (subject to legal retention requirements)
  • Export your data in a portable format

Marketing Communications

You may opt out of marketing emails at any time using the unsubscribe link or by contacting us.

GDPR Rights (EU Residents)

If you are in the European Union, you have additional rights under GDPR including:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with supervisory authorities

Shopify GDPR Compliance

We fully comply with Shopify's GDPR requirements:

  • Customer Data Request: We provide all stored customer data upon request
  • Customer Data Erasure: We anonymize and delete customer records upon request
  • Shop Data Erasure: We delete all shop data within 48 hours of app uninstallation

9. International Data Transfers

Your information may be processed in the United States where our servers are located. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Additional security measures for cross-border transfers

10. Children's Privacy

Our services are not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Third-Party Services

Our platform integrates with third-party services including:

  • Shopify (for e-commerce integration)
  • Google Calendar (for appointment scheduling)
  • WhatsApp Business API (for messaging)
  • Various CRM and practice management systems

Each third-party service has its own privacy policy governing their data practices.

12. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain user sessions
  • Analyze website usage
  • Improve user experience

You can control cookie preferences through your browser settings.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

  • Email notification
  • Notice on our website
  • In-app notifications

Continued use of our services after changes indicates acceptance of the updated policy.

14. State Privacy Laws

California Residents (CCPA)

California residents have the right to:

  • Know what personal information is collected
  • Delete personal information
  • Opt-out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising privacy rights

Other State Laws

We comply with applicable state privacy laws including those in Virginia, Colorado, and other states with comprehensive privacy legislation.

15. Contact Information

For privacy-related questions or to exercise your rights, contact us at:

BoostPanda AI

  • Email: hello@boostpanda.ai
  • Address: 8 The Green, Ste R, Dover, Delaware 19901, United States
  • Phone: +1 (252) 623-4320

For HIPAA-related concerns: hello@boostpanda.ai

This Privacy Policy is designed to be transparent about our data practices while ensuring compliance with applicable privacy, healthcare, and e-commerce platform regulations.