Privacy Policy

Last updated: April 24, 2026

Thank you for using AI Retail OS (hereinafter "the Platform"). This Privacy Policy explains how the Platform collects, processes, uses, and protects your personal data. By using the Platform, you acknowledge that you have read and agree to this Policy.

1. Data We Collect

The Platform may collect the following categories of data during your use of our service:

  • Account Information: Name, email address, phone number, and login credentials.
  • Store Data: Store name, logo, store settings, product information, inventory, and pricing data.
  • Order Data: Order contents, recipient name and address, payment method (excluding full credit card numbers), and shipping tracking information.
  • Customer Data: Purchase information, membership data, and interaction records provided by your customers through your store.
  • Third-Party Platform Data: With your authorization, account information, page data, live stream comments, and engagement data obtained from social platforms such as Facebook, LINE, and TikTok.
  • Usage Behavior Data: Browsing history, feature usage frequency, device information (browser type, OS, screen resolution), and IP address.
  • AI Interaction Data: Conversation content and instructions generated when you interact with AI features such as AI customer service and AI copywriting assistant.

2. How We Use Your Data

Collected data is used for the following purposes:

  • To provide and maintain the Platform's core features (product management, order processing, logistics, and membership management).
  • To process payment transactions and generate related financial records.
  • To provide live commerce features, including automated keyword detection and order creation.
  • To provide AI-assisted features, including smart product listing, AI customer service replies, and product description generation.
  • To analyze customer behavior and consumption patterns (RFM analysis, churn prediction) to support targeted marketing.
  • To send system notifications, service updates, and security alerts.
  • To improve service quality, fix bugs, and develop new features.
  • To comply with applicable laws and regulations.

We do not sell your personal data to any third party.

3. Data Sharing and Disclosure

We may share your data with third parties in the following circumstances:

  • Payment Processors: We share necessary transaction information with payment service providers (e.g., ECPay) to complete payment processing.
  • Logistics Providers: We share recipient information with your chosen logistics providers to complete delivery services.
  • Cloud Infrastructure: Data is stored with certified cloud service providers (Cloudflare, Supabase), governed by their respective data protection policies.
  • AI Service Providers: We share necessary information with AI model providers (e.g., Anthropic, OpenAI) to deliver AI-assisted features. These providers do not use your data to train their models.
  • Legal Requirements: When required to comply with court orders, lawful government investigations, or to protect the Platform's, users', or public's interests.

4. Third-Party Platform Authorization

When you connect third-party social platform accounts:

  • The Platform only accesses data within the scope you have authorized.
  • Facebook Authorization: Access to page lists, live stream information, and comment content for live commerce features.
  • LINE Authorization: Access to LINE Official Account features for message broadcasting and membership binding.
  • TikTok Authorization: Access to live stream information and comments for live commerce features.
  • You may revoke authorization for any third-party platform at any time in your store settings.
  • After revoking authorization, the Platform will stop accessing that platform's data, but historical data already obtained will be retained until you request deletion.

5. Data Protection Measures

We take the following measures to protect your data security:

  • All data transmissions use TLS/SSL encryption.
  • Sensitive data (third-party Access Tokens, API keys) is stored encrypted.
  • Row Level Security (RLS) is implemented at the database level to ensure complete tenant data isolation.
  • Regular security audits and vulnerability scans are conducted.
  • Access control follows the principle of least privilege, granting only necessary personnel access to necessary data.
  • Passwords are processed through secure hashing algorithms; the Platform cannot read your original password.

6. Cookies and Tracking Technologies

The Platform uses the following cookies and similar technologies:

  • Essential Cookies: Maintain login status and identify tenant stores — required for normal service operation.
  • Functional Cookies: Remember language preferences, interface settings, and other personalization options.
  • Analytical Cookies: Collect anonymous usage statistics to improve the service experience.

You can manage or disable cookies through your browser settings, but disabling essential cookies may affect service functionality.

7. Data Retention

  • Account data: Retained until you actively delete your account.
  • Order and transaction records: Retained for at least 5 years in accordance with tax and commercial regulations.
  • Usage behavior data: Retained for up to 2 years, then automatically anonymized or deleted.
  • AI interaction records: Retained for up to 1 year, then automatically deleted.
  • After account deletion, we will complete the data erasure process within 30 business days (except data required to be retained by law).

8. Your Rights

You have the following rights regarding your personal data:

  • Right of Access: Access the personal data the Platform holds about you.
  • Right of Rectification: Request correction of inaccurate or incomplete personal data.
  • Right of Erasure: Request deletion of your personal data (except where retention is legally required).
  • Right to Restriction: Request restriction of the Platform's processing of your personal data.
  • Right to Data Portability: Request a copy of your personal data in a structured, machine-readable format.
  • Right to Withdraw Consent: Withdraw previously given consent to data processing, without affecting the lawfulness of processing before withdrawal.

To exercise the above rights, please contact [email protected]. We will respond within 15 business days.

9. Children's Privacy

The Platform does not provide services to children under the age of 16. We do not knowingly collect personal data from minors under 16. If we discover that we have inadvertently collected a child's personal data, we will delete it immediately.

10. Cross-Border Data Transfers

Your data may be transferred to and stored on servers outside your country or region. We ensure such transfers comply with applicable data protection regulations and that appropriate security safeguards are in place.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via Platform notifications or email. Continued use of the Platform indicates your acceptance of the updated policy. We recommend checking this page periodically for the latest privacy protection measures.

12. Chrome Extension "Community Order Assistant"

The Platform provides a Chrome Extension called "Community Order Assistant" (OrderPally for AI Retail OS), which helps merchants import comments and sync products from Facebook Group posts with one click. The following supplementary data collection and usage rules apply specifically to the Extension:

A. Data Read Scope (Limited to facebook.com and merchant-initiated actions only)

  • When a merchant clicks the Extension button ("Sync as Product" or "Import Comments") on a Facebook Group post page, the Extension reads the post's text content, image URLs, group name, commenter display names and Facebook user IDs, comment content, and timestamps.
  • The Extension does NOT read the merchant's Facebook password, private messages, content from other groups or pages, and does not execute automatically without merchant action.
  • The Extension only loads on the facebook.com domain and does not affect other websites.

B. Data Transmission

  • Data read is only transmitted to the Platform's servers (airetailos.com), authenticated using the merchant's existing session cookie — the merchant's Facebook credentials are never stored or leaked.
  • All transmissions use HTTPS encryption.
  • The Platform does not transmit data collected by the Extension to any third party.

C. Storage and Retention

  • Imported posts and comments are stored in the merchant's tenant database (isolated by Row Level Security) and can only be accessed by authorized personnel of that tenant.
  • Retention period follows Section 7 of this Policy (order and transaction records for at least 5 years; other data by category).
  • Merchants can delete individual sessions, comments, or orders through the back-end dashboard.

D. Chrome Permissions Explanation

  • activeTab: Obtains current tab information when the merchant clicks the Extension icon, used to determine if the page is a Facebook post.
  • storage: Temporarily stores import progress and status information — no personal data included.
  • scripting: Dynamically injects a capture script into the current Facebook tab when the merchant actively triggers the feature.
  • host_permissions: *://www.facebook.com/* to read post page DOM; https://www.airetailos.com/* to return data to the Platform's servers.

E. Single-Purpose Statement (Chrome Web Store requirement)

The sole purpose of this Extension is: to help merchants already logged into the AI Retail OS dashboard import Facebook Group posts and comments from their own managed groups into the Platform for order management.

13. Contact Us

If you have any privacy-related questions, complaints, or requests to exercise your rights, please contact us: