Privacy Policy

Thank you for using FunctionalAI. This Privacy Policy explains how FunctionalAI ("we," "us," or "our") collects, uses, discloses, and protects personal information when you use our website and services ("Service"). It also describes your rights and choices regarding your personal data. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and other relevant regulations.

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

We may collect several types of information from and about users of our Service, including:

Information You Provide Directly

When you sign up for FunctionalAI or use our Service, you may provide personal information such as your name, email address, company name, and account login credentials. You may also provide content when using the Service's features – for example, by entering chat conversations, uploading files or documents, or providing prompts to the AI. All data that you input into the Service (including any text, files, or other materials) is collected and stored to enable the Service's functionality.

Information from Connected Accounts

If you choose to integrate or connect third-party accounts with FunctionalAI, we will access certain information from those accounts with your permission. For example:

• If you connect an email account (such as Gmail), we may access your emails, email headers, attachments, and related data in order to read incoming messages or draft/send responses on your behalf.
• If you connect a social media or messaging account (such as Instagram, Facebook Messenger, WhatsApp, LINE, etc.), we may retrieve messages, comments, or other relevant content from that platform to process them through our AI and generate replies or analyses.

Payment and Transaction Information

If you make a purchase or subscribe to a paid plan, our third-party payment processors (like Lemon Squeezy or Stripe) will collect your payment details. FunctionalAI itself does not store full payment card details. We may retain records of transactions and subscriptions for accounting, subscription management, and legal compliance purposes.

Automatically Collected Information

When you use our website or app, we may collect certain information automatically via cookies, log files, and similar tracking technologies. This can include your IP address, browser type, device type, operating system, referring URLs, pages viewed, and links clicked.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Operate the Service: We process your registration information to create and maintain your account, and we use your input data to generate AI responses and perform the functions you request.
• To Integrate with Third-Party Services: If you connect external accounts (email, social media, etc.), we use the data from those accounts as instructed by you to facilitate the integration.
• To Communicate with You: We may use your contact information to send service-related communications, including confirmations, updates, and customer support responses.
• For Customer Support and Account Management: If you reach out to us with questions or issues, we use your information to respond and help resolve them.
• To Improve and Develop the Service: We analyze usage trends and user interactions to improve our platform, typically in an aggregated or de-identified manner.
• For Security and Abuse Prevention: We may process data to detect, prevent, and respond to potential fraud, hacking attempts, or misuse of our Service.
• To Comply with Legal Obligations: We may need to use or retain your information to comply with laws, regulations, or court orders.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you have requested, including account creation, AI chatbot functionality, and customer support.
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Service, preventing fraud, ensuring security, and conducting analytics. We balance these interests against your rights and freedoms.
• Consent: Where required, we obtain your consent for specific processing activities, such as marketing communications or optional third-party integrations. You may withdraw consent at any time.
• Legal Obligation: Processing necessary to comply with applicable laws, regulations, or legal processes.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information when you use our Service. Here is how we use these technologies:

Types of Cookies We Use

• Essential Cookies: Required for the Service to function properly. These include authentication cookies, security cookies, and session management cookies. You cannot opt out of these cookies.
• Analytics Cookies: We use Google Analytics to understand how users interact with our Service. These cookies collect information about page views, session duration, and user behavior in an aggregated, anonymized manner.
• Preference Cookies: These cookies remember your settings and preferences (such as language or display options) to provide a more personalized experience.

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect the functionality of the Service. For more information on managing cookies, visit www.allaboutcookies.org.

Do Not Track

Some browsers have a "Do Not Track" feature that signals to websites that you do not want your online activity tracked. Our Service does not currently respond to "Do Not Track" signals.

5. How We Share or Disclose Information

We understand that your data is important, and we only share personal information with others in the following circumstances:

Service Providers and Partners

We use trusted third-party companies to perform certain functions to operate and improve FunctionalAI. Key service providers include:

• OpenAI (AI Processing): We send the content of your queries and documents to OpenAI's GPT-based language models to generate responses. They may retain data for up to 30 days to monitor for abuse but do not use this data to train their general AI models by default.
• Payment Processors: When you make payments, the transaction is processed by Lemon Squeezy, Stripe, or similar platforms. We do not collect or store your sensitive payment card details.
• Hosting and Infrastructure: We use cloud platforms to host our application and databases under strict security measures.

6. AI Model Training & Merchant Data

We want to be explicit about how your data is used in relation to AI model training:

For Shopify Merchants

If you use FunctionalAI through our Shopify integration, we want to be crystal clear about our data practices:

• We do NOT train AI models on your store data. Your product information, customer details, and order data are used solely to power your AI assistant's responses.
• We do NOT train AI models on your customers' conversations. The conversations your customers have with your AI assistant are never used to train any AI model — ours or anyone else's.
• Your data is isolated. Knowledge bases and conversation history are strictly separated between merchant accounts. One merchant cannot access another merchant's data.

Third-Party AI Providers (OpenAI)

We use OpenAI's API to generate AI responses. According to OpenAI's data usage policy:

• Data sent via their API is NOT used to train their models by default.
• They may retain data for up to 30 days solely for abuse and misuse monitoring.
• We have not opted in to any data sharing programs with OpenAI.

For the latest information on OpenAI's data practices, please refer to their official data usage policy.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

• Account Information: We keep your profile information for as long as your account is active. If you delete your account, we will initiate the process of removing or anonymizing your personal data.
• Conversation Data: Content such as chat transcripts and AI outputs are stored to provide you with continuity and for your later reference.
• Payment Records: Subscription and billing information is retained as required for financial reporting and audits (usually 5-7 years as dictated by tax laws).

8. Data Security

We take the security of your personal information seriously. We have implemented various technical and organizational measures to protect your data, including:

• Encryption: We utilize encryption to protect data in transit and at rest. Our website and APIs are accessible only over HTTPS (TLS encryption).
• Access Controls: We limit access to personal data to authorized personnel who have a need to know that information.
• Security Testing: We regularly review our practices and keep our software updated with security patches.

9. Your Rights and Choices

You have certain rights regarding your personal information, especially if you are in the EEA or in other jurisdictions with similar data protection laws:

• Access and Portability: You have the right to request a copy of the personal data we hold about you.
• Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it.
• Erasure: You can request that we delete your personal data under certain circumstances.
• Restriction of Processing: You have the right to ask us to limit the processing of your personal information in certain scenarios.
• Objection to Processing: You have the right to object to our processing of your personal data in some cases.
• Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw your consent at any time.

To exercise any of these rights, please contact us at privacy@functional-ai.com or through the contact information provided below. We will respond to verifiable data-subject requests within 30 days of receipt, with one 60-day extension where permitted by law for particularly complex or voluminous requests (you will be informed within the first 30 days if an extension is needed).

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for collecting it, and the third parties with whom we share it.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You have the right to request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California privacy rights, please contact us at privacy@functional-ai.com. We will respond to verifiable requests within 45 days.

11. International Data Transfers

FunctionalAI is based in Poland (in the European Union), but we serve users around the world. Your personal information may be transferred to and processed in countries other than the country in which you are resident. Where personal data of EU/UK/EEA or Swiss data subjects is transferred outside the EEA/UK/Switzerland to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) as amended for the UK (ICO Addendum) and Switzerland (FDPIC amendments), together with supplementary technical and organizational measures. Full details, including the current list of sub-processors, are in our Data Processing Agreement.

11a. Data Processing Agreement (for Controllers)

If you are a business customer using the Service to process personal data of your own customers or end-users, we act as your Processor under GDPR Art. 28. Our Data Processing Agreement (DPA) is incorporated into our Terms and applies automatically; a signed counterpart is available on request at privacy@functional-ai.com.

11b. Personal Data Breach Notifications

In the event of a confirmed personal data breach affecting your personal data, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Art. 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. For business customers, breach notifications are governed by §8 of the DPA (within 48 hours of awareness).

11c. Cookies and Tracking Technologies

We use strictly necessary cookies to operate this website and, with your prior consent, analytics and session-replay technologies (Google Analytics with IP anonymization and Google Consent Mode v2; PostHog product analytics and session replay with inputs masked by default). No non-essential cookies or analytics scripts are loaded before you grant consent through our cookie banner. You can change your choices at any time via the “Cookie preferences” link in our footer; we store your preferences locally in your browser.

12. Age Requirements and Children's Privacy

FunctionalAI is a business service intended for users who are at least 18 years of age or who have the legal capacity to enter into binding agreements on behalf of a business or organization. By using the Service, you represent that you meet these requirements.

We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have inadvertently collected personal data from a minor without proper consent, we will delete that information as soon as possible. If you believe a minor has provided us with personal information, please contact us at privacy@functional-ai.com.

13. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy. If the changes are significant, we will provide a more prominent notice.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

We will do our best to address any issue or query promptly and transparently. If you are an EU/EEA individual and you believe we have not adequately resolved your privacy concern, you have the right to lodge a complaint with your relevant data protection authority.

Thank you for trusting FunctionalAI. Your privacy is important to us, and we are dedicated to safeguarding your personal information while providing you with a powerful and secure AI-driven service.