Privacy Policy
Effective date: February 19, 2026 This Privacy Policy explains how Dori collects, uses, and shares information when you use our website, applications, and embedded storefront widgets (the “Services”). If you are a merchant using Dori on your store, you are the controller of your customers’ data, and Dori acts as a service provider/processor on your behalf.
1. Information We Collect and How We Use It
We collect and process information that is necessary to operate the Services: Merchant account and configuration: When a merchant installs or configures Dori, we store account information and bot configuration (for example, enabled plugins, settings, and identifiers needed to connect integrations). Chat and usage data: When you interact with a Dori assistant, we process the messages you send and technical metadata (for example, timestamps, thread identifiers, and the page URL where the widget is used) to generate responses, maintain conversation continuity, prevent abuse, and troubleshoot issues. Shopify store data (when a merchant enables Shopify features): Depending on which plugins are enabled, we may process: - Order tracking inputs provided by the shopper (for example, order number and email) to retrieve order status from Shopify. - Cart context from the storefront (for example, a cart token and basic cart totals) so the assistant can answer cart questions in real time. Instagram Direct data (when a merchant connects Instagram): Depending on enabled features, we may process: - Message content and message metadata required to receive and respond to Instagram conversations through Dori. - Instagram account identifiers (for example, username and Instagram user ID) to display connection status and route messages. We do not collect or store payment card details. Checkout and payment processing are handled by the merchant’s platform (for example, Shopify).
2. Data Retention
We retain information only as long as needed to provide the Services and for legitimate business purposes (for example, security, troubleshooting, and legal compliance). Temporary operational data: Certain data used to power real-time features (such as cart context) is stored temporarily and is configured to expire automatically after a limited period of time. Chat history: Merchants can manage or delete stored chat data through the merchant experience where available, or by contacting us.
3. Data Confidentiality and Sharing
We prioritize keeping your information private and secure: No Selling of Data: We do not sell your personal information. Service Providers: We may share data with trusted service providers that help us operate Dori (for example, cloud hosting, analytics, email delivery, and AI model providers). These providers process data on our behalf and only as needed to deliver the service. Platform APIs: For connected platforms such as Shopify, WooCommerce, WordPress, or Instagram (via Meta APIs), we may send requests to platform APIs to fulfill the requested feature (for example, order tracking, cart retrieval, or Instagram messaging). Your data is also subject to the platform's privacy policy. Legal Compliance: We may share data only if required by law to protect your rights and interests.
4. User-Controlled Data Management
We empower users with tools to manage and control their data: Delete Data Button: Merchants can delete stored chat data from our servers at any time using the 'Delete Data' button available in the app. Integration Controls: Merchants can disconnect Instagram integration at any time from the dashboard. Account Deletion Requests: You can request to delete your account and associated data by contacting us directly. We will process such requests promptly, following all legal requirements.
5. Security Measures
We implement robust security measures to protect your data from unauthorized access, alteration, or destruction: Best Practices: Our safeguards include encryption, secure storage, and monitoring for potential breaches. Limitations: While we strive for the highest level of security, no online platform can guarantee 100% protection against unforeseen breaches.
6. Updates to This Privacy Policy
We reserve the right to update this Privacy Policy at any time. Users will be notified of significant changes, and we recommend regularly checking this page to stay informed about updates.
7. Third-Party Platform Integration
If you use Dori on a merchant storefront (for example, a Shopify store), the merchant is responsible for their own privacy policy and customer notices, and the platform’s policies also apply. Dori may process information necessary to provide the merchant-enabled features (for example, order tracking, cart-related assistance, and Instagram messaging when connected). We recommend merchants ensure their storefront privacy disclosures reflect any enabled integrations.
