Privacy Policy

Last updated: 6 June 2026

1. The short version

Zypento helps ecommerce stores recover abandoned carts using AI agents. To do that, your store sends us cart data (items, customer email, etc.); we use that data only to compose recovery messages on your behalf. We don't sell personal information. Per-business AI feedback stays per-business.

2. Data we collect

From you (the operator):

• Account details (name, email, password hash).
• Business profile (store name, URL, brand voice samples, plan).
• Payment metadata via our billing provider (we don't store full card numbers).

From your store:

• Abandoned cart contents (line items, totals, currency).
• The shopper's email address — only when you've enabled the "Collect shopper email for cart recovery" toggle in the Zypento plugin's settings (off by default). When the toggle is off, no shopper email reaches Zypento.
• An opaque cart identifier (used to correlate abandoned carts with their later recovery or non-recovery).
• Order outcomes (recovered / not recovered) for attribution.

Operational telemetry:

• Click events on recovery links (for attribution).
• Diagnostic logs (request IDs, error traces). Stripped of message bodies.

3. Why we collect it

• To provide the service (compose & send recovery messages, report outcomes).
• To bill the right plan (counting carts processed per month).
• To improve your agent: feedback you give in the dashboard (👍/👎/💬) shapes the next nudge for your business.
• To prevent abuse (rate-limits, fraud detection on logins).

4. AI processing

The recovery agent composes messages by sending the AI provider (OpenAI, Anthropic, or Google, depending on your configuration) a tightly scoped prompt: the cart's line-item names, item prices, cart total, and your brand voice samples. The shopper's name and email address are not sent to the AI provider — they are substituted into placeholder tokens ({{{customer-name}}}, etc.) by Zypento after the model returns the draft, so the model never sees the recipient. Providers may briefly retain inputs they do receive for abuse-monitoring per their own policies.

The reaction/feedback loop is scoped to your business only. Comments you write in the dashboard feed into your business's next prompt; they are not shared across customers or used to train a global model.

5. Sharing & subprocessors

We share data with a small set of subprocessors required to run the service. The list below identifies each one and the scope of personal data it can receive:

• AI providers (OpenAI / Anthropic / Google): cart line-item names, prices, totals, and your brand voice samples. No shopper name, email, address, IP, or order ID is sent. The provider you use depends on your dashboard configuration.
• Cloud hosting and managed-database provider: all data stored by the service, encrypted at rest.
• Billing provider (Freemius): your operator account name, email, and subscription metadata — for invoicing and entitlement. Shopper data is never sent here.
• Transactional email provider (for Zypento → operator emails only): your operator email address + the body of account-related messages (sign-up confirmation, password reset, billing notices). Shopper-facing recovery emails do not pass through this provider.

How recovery emails are actually sent. Zypento composes the recovery email body and the subject line, then hands the rendered content back to your store via a signed POST to your store's Zypento plugin endpoint. Your store delivers the email using its own infrastructure (typically WordPress's wp_mail() and whatever SMTP / transactional-email service you have configured on the store). Zypento does not transmit recovery emails to shoppers directly, and we do not act as a subprocessor of your own email-delivery vendor.

We don't sell personal data. We don't share it with advertisers. We will give reasonable advance notice (via in-product notice or to your account email) before adding any new subprocessor that receives shopper personal data.

6. Data retention

• Account & business profile: kept while your account is active, deleted on request.
• Abandoned cart records: 90 days, then purged unless they led to a recovery (those are kept for attribution).
• AI-generated nudge bodies: 90 days.
• Operational logs: 30 days.

7. Security

We encrypt data in transit (TLS) and at rest. Access to production systems is logged and limited to engineers on call. We follow least-privilege principles for internal access. Suspected incidents: security@zypento.com.

8. Your rights

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, and to object to processing. You can act on most of these directly from the dashboard, or email privacy@zypento.com and we'll respond within 30 days.

9. International transfers

Zypento is built on cloud infrastructure that may process data outside your country. We rely on standard contractual clauses or equivalent transfer mechanisms where required.

10. Cookies

Marketing pages set a small number of first-party cookies for session continuity and signed-in state. Dashboard pages additionally set a CSRF nonce. We do not use cross-site tracking cookies.

11. Changes to this policy

We may update this policy. Material changes will be announced at the email on your account at least 14 days before they take effect.

12. Contact

Privacy questions or data requests: privacy@zypento.com.