sellgent

Privacy Policy

Sellgent ("we", "our", "us") is committed to protecting the personal data of merchants and their end-users. This policy explains what data we collect, why we collect it, and how we handle it.

1. Legal Basis for Processing

We process personal data only where a valid legal basis exists under applicable data protection law. The bases we rely on are:

Consent — for direct marketing and optional analytics features where your explicit consent is required; consent may be withdrawn at any time
Contractual obligation — to deliver the Sellgent platform and AI customer support services you have subscribed to
Legitimate interest — to detect fraud, protect platform security, improve the service through aggregated analytics, and defend our legal rights
Legal obligation — to comply with applicable laws, respond to lawful government or regulatory requests, and exercise our legal rights

2. Data We Collect

Merchant account data: name, email address, billing information
End-user chat logs: messages exchanged through the embedded widget
Contact session identifiers: anonymized session tokens and optional name fields
IP addresses and browser metadata for security and abuse prevention
Analytics events: page views, widget interactions, feature usage
Merchant-supplied knowledge base content: URLs and uploaded documents

3. Purpose of Processing

Provide and improve the Sellgent AI customer support service
Authenticate merchants and manage account access
Generate AI responses to end-user queries
Detect and prevent abuse, fraud, and security threats
Send transactional emails (billing receipts, alerts)
Aggregate, anonymized analytics to improve the platform
Research and develop new features and services

4. Third-Party Disclosures

We share data only as necessary to operate the service. Our sub-processors are listed in the Sub-processor section. We do not sell personal data to third parties.

5. Cross-Border Transfers

Data may be transferred to the United States to process AI queries via our sub-processors (Convex, OpenAI, Anthropic, Resend, Polar, and Cloudflare). Where EU/UK data subjects are involved, transfers rely on Standard Contractual Clauses (SCCs, EU Decision 2021/914) or the UK International Data Transfer Agreement (UK IDTA), as applicable. For Japanese data subjects, transfers to the US are made under contractual measures consistent with Japan's Act on the Protection of Personal Information (APPI); the United States does not have an equivalency determination under APPI. Full details and copies of applicable transfer mechanisms are available on request at privacy@sellgent.tech.

6. Data Retention

Chat logs: retained for 90 days by default; merchants can configure shorter periods
Account data: retained while the account is active, deleted within 30 days of account closure
Backup copies: encrypted backups are purged within 90 days of a deletion request for technical integrity reasons and are not accessible for operational use during this period
Analytics events: retained for 12 months in aggregated form
Billing records: retained for 7 years as required by applicable law

7. User Rights

Depending on your location, you may have the following rights with respect to your personal data:

Right to be informed — this Policy describes how we collect, use, and share your data
Right of access — to obtain a copy of the personal data we hold about you
Right of rectification — to correct inaccurate or incomplete data
Right to erasure — to request deletion of your data, subject to our lawful retention obligations
Right to restrict processing — to limit how we use your data in certain circumstances
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to our processing of your data, including for direct marketing
Right to be notified of breaches — we will notify you and applicable regulators without undue delay (and within 72 hours where required by law) of any confirmed personal data breach affecting your data

To exercise any of these rights, contact us at privacy@sellgent.tech.

8. Children's Privacy (COPPA & GDPR)

The Sellgent merchant platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 13 (or under 16 where required by local law). Sellgent is a B2B service used by merchants; end-users interacting with the widget on a merchant's store may include minors. Merchants are responsible for ensuring their own widget deployments comply with applicable children's privacy laws (including COPPA in the United States and GDPR Article 8 in the EU/UK) for their end-users. If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will delete it promptly. To report suspected data from a minor, contact privacy@sellgent.tech.

9. California Consumer Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to know what personal information we collect, use, disclose, and share
Right to delete your personal information, subject to certain exceptions
Right to correct inaccurate personal information
Right to opt out of the sale or sharing of your personal information
Right to limit use of sensitive personal information
Right to non-discrimination for exercising your privacy rights

Sellgent does not sell your personal information and does not share it for cross-context behavioral advertising purposes. To exercise any of the above rights or to submit a "Do Not Sell or Share My Personal Information" request, contact us at privacy@sellgent.tech. We will respond to verified requests within 45 days as required by law.

10. Direct Marketing

We will only use your name and email address to send direct marketing communications (such as product updates, offers, and promotions) where you have given us your explicit prior consent. You may withdraw consent and opt out of marketing at any time, free of charge, by clicking the unsubscribe link in any marketing email or by contacting us at privacy@sellgent.tech. Opting out of marketing does not affect transactional or service-related communications, which we may send as necessary to provide the platform.

11. Third-Party Links

The Sellgent platform may contain links to third-party websites or services that are not governed by this Policy. We do not collect or control data that third parties may gather at their own discretion. Inclusion of a third-party link does not imply endorsement or affiliation. We recommend reviewing the privacy policy of any third-party site before providing personal data to it. We are not responsible for the data practices of such third parties.

12. Changes to This Policy

We reserve the right to update this Policy at any time. If we make material changes, we will notify you via email or in-app notification. Changes will take effect 30 days after such notification. Your continued use of the platform after the effective date constitutes acceptance of the updated Policy. If you do not agree to the changes, you should discontinue use of the platform before they take effect.

13. Governing Law & Severability

This Policy is governed by the laws of the State of Delaware, United States. Any dispute arising under this Policy shall be resolved by binding arbitration in Delaware. If any provision of this Policy is found to be invalid or unenforceable, that provision shall be limited to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.

14. Contact

For questions about this policy, reach us at privacy@sellgent.tech.

US State Privacy Rights

This supplemental notice applies to residents of US states with comprehensive privacy laws. Rights vary by state; the broadest applicable rights are described below.

Do Not Sell or Share My Personal Information

Sellgent does not sell your personal information. Sellgent does not share your personal information for cross-context behavioral advertising purposes. To submit a formal "Do Not Sell or Share My Personal Information" request, or to opt out of any future sale or sharing, contact us at privacy@sellgent.tech. We will respond to verified requests within 45 days.

Children's Privacy (COPPA)

Sellgent is a B2B merchant platform. All merchant accounts require users to be 18 or older (see Terms of Service §1). We do not knowingly collect personal data from anyone under 13. Merchants deploying the Sellgent widget on their storefronts are solely responsible for COPPA compliance with respect to their own end-users.

Additional US State Privacy Rights

Residents of California (CCPA/CPRA), Virginia (CDPA), Colorado (CPA), Connecticut (CTDPA), Texas (TDPSA), and other states with comprehensive privacy laws have the right to: know what personal information we collect and how it is used; access, delete, and correct their personal information; opt out of any sale or sharing; limit the use of sensitive personal information; and be free from discrimination for exercising these rights.

To exercise any state privacy right, contact us at privacy@sellgent.tech. We will respond within the timeframe required by your state's law — 45 days for California; 45 days (with a possible 45-day extension) for most other states.

Terms of Service

These Terms of Service ("Terms") govern your access to and use of the Sellgent platform. By creating an account you agree to these Terms.

1. Eligibility

You must be at least 18 years old and have the legal authority to enter into binding contracts on behalf of your business.

2. Subscription & Billing

Sellgent offers subscription plans billed monthly or annually via Polar
Prices are displayed exclusive of applicable taxes
Subscriptions auto-renew; you may cancel at any time from your dashboard
Trial periods (if offered) convert automatically to a paid plan unless cancelled
Refunds are evaluated on a case-by-case basis; contact support within 7 days of a charge

3. Content License

By uploading content to Sellgent (including knowledge base documents, URLs, product data, and any other materials), you grant Sellgent a non-exclusive, worldwide, royalty-free license to process, store, copy, and use that content solely to deliver and improve the Services. You retain full ownership of your content and this license terminates upon account closure. Sellgent may process anonymized, aggregated conversation data to improve platform performance, but this does not grant rights to use your content for training public AI models — that is governed separately by our AI Usage Disclosure.

4. Merchant Representations & Warranties

By using the platform, you represent and warrant that:

You have posted a privacy policy on each storefront where you deploy the Sellgent widget, clearly disclosing use of third-party AI processors to your customers
You have obtained all required consents and authorizations from your end-users for data collection and processing through the widget under all applicable laws
All information you provide to Sellgent is accurate, and you will promptly update it to maintain accuracy
You will comply with all applicable consumer protection, data protection, e-commerce, and advertising laws in your jurisdiction
You have the legal authority to grant the content license described in §3
You will not use the platform in a manner that infringes the rights of any third party or violates any applicable law

5. Acceptable Use

You agree not to use the platform to send spam, distribute malware, infringe intellectual property rights, or engage in any illegal activity. See our full Acceptable Use Policy.

6. AI Accuracy Disclaimer & Merchant Responsibility

AI-generated responses are provided "as is" and may not be accurate, complete, or current. You (the merchant) are solely responsible for (a) configuring the AI with accurate knowledge base content, (b) reviewing AI responses before and after deployment, (c) all commitments made to your end-users through the widget, including any pricing, refund, or shipping statements generated by the AI, and (d) ensuring AI output complies with all applicable consumer protection laws in your jurisdiction. Sellgent is not liable for any losses, claims, or regulatory penalties arising from AI response inaccuracies. The merchant is the final gatekeeper for all commitments communicated to end-users: any AI-generated statement regarding discounts, refunds, pricing, or delivery must be independently verified and approved by the merchant before being treated as a binding commitment.

7. Disclaimer of Warranties

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SELLGENT PLATFORM IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT ANY WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. SELLGENT DOES NOT WARRANT THAT THE SERVICE WILL BE UNINTERRUPTED, ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED.

8. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, SELLGENT'S AGGREGATE LIABILITY TO YOU FOR ANY CLAIM ARISING UNDER THESE TERMS SHALL NOT EXCEED THE FEES YOU PAID IN THE THREE (3) MONTHS PRECEDING THE CLAIM. IN NO EVENT SHALL SELLGENT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND WHATSOEVER, INCLUDING LOST PROFITS OR LOSS OF DATA, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THESE LIMITATIONS, SO THEY MAY NOT APPLY TO YOU IN FULL.

9. Indemnification

You agree to indemnify, defend, and hold harmless Sellgent and its officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or in any way connected with: (a) your use of the platform; (b) AI responses generated through your configured widget and deployed to your customers; (c) your violation of these Terms or the warranties in §4; or (d) your violation of any applicable law or third-party rights. This obligation survives termination of your account.

10. Data Processing

When you upload customer data or embed the widget on your store, you act as the Data Controller and Sellgent acts as the Data Processor. Our Data Processing Agreement governs this relationship. As Controller, you are responsible for providing all required privacy notices to your end-users under applicable law, including GDPR Articles 13 and 14.

11. Force Majeure & Upstream AI Provider Availability

Sellgent shall not be liable for any failure or delay in performance caused by circumstances beyond its reasonable control, including but not limited to: acts of God; natural disasters; war or terrorism; government actions; internet or telecommunications failures; or the unavailability, degradation, or modification of upstream AI model providers (including OpenAI and Anthropic). In the event of upstream AI provider outages, Sellgent will make commercially reasonable efforts to restore service or provide fallback functionality, but makes no guarantee of continuity of AI-powered features during such periods.

12. Account Security

You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. You must notify us immediately of any unauthorized use of your account or any other breach of security by contacting security@sellgent.tech. Sellgent is not liable for any loss resulting from unauthorized access caused by your failure to safeguard your credentials.

13. Changes to These Terms

We may update these Terms at any time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Your continued use of the platform after the effective date constitutes acceptance of the updated Terms. We will maintain a changelog of material policy updates accessible from the policies page.

14. Termination

Either party may terminate the agreement at any time. We may suspend or terminate accounts that violate these Terms without notice. Upon termination, your right to access the platform ceases immediately and your data will be deleted within 30 days per our retention policy (with encrypted backup copies purged within 90 days for technical integrity reasons). Provisions that by their nature should survive termination — including warranty disclaimers, limitation of liability, indemnification, and governing law — shall remain in effect.

15. Severability & Miscellaneous

Severability: if any provision of these Terms is found to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that the remaining Terms remain in full force and effect
No waiver: failure by either party to enforce any right under these Terms shall not constitute a waiver of that right
Headings: section headings are for convenience only and have no legal effect
Entire agreement: these Terms, together with the Privacy Policy, DPA, Acceptable Use Policy, AI Disclosure, and any supplemental terms, constitute the entire agreement between the parties and supersede all prior discussions
Assignment: you may not assign or transfer these Terms without Sellgent's prior written consent; Sellgent may assign these Terms without restriction
No agency: nothing in these Terms creates an agency, partnership, joint venture, or employment relationship between the parties

16. Governing Law

These Terms are governed by the laws of the State of Delaware, United States, without regard to conflict-of-law principles. Disputes will be resolved by binding arbitration in Delaware unless prohibited by applicable law.

Data Processing Agreement (DPA)

This DPA supplements the Terms of Service and applies whenever Sellgent processes personal data on your behalf. It complies with GDPR Article 28 and equivalent regulations.

1. Roles

You (the merchant) are the Data Controller
Sellgent is the Data Processor
End-users whose data is processed are Data Subjects

2. Processing Instructions

Sellgent processes personal data solely on your documented instructions — primarily to deliver AI-powered customer support through the embedded widget. Sellgent will notify you if it believes an instruction violates applicable data protection law. The categories of personal data processed include: end-user chat messages, optional name fields, anonymized session identifiers, and IP addresses. The categories of data subjects are your store's end-users and prospective customers.

3. Sub-processors

Sellgent uses sub-processors to deliver its service. A current list is available in the Sub-processor section. We provide at least 30 days' advance notice before adding new sub-processors, giving you the opportunity to object in writing. If you reasonably object and Sellgent is unable to address your objection, you may terminate your subscription with a pro-rata refund for the unused period.

4. Confidentiality of Personnel

Sellgent ensures that all personnel authorised to process personal data on its systems are bound by written confidentiality obligations or are subject to an appropriate statutory duty of confidentiality. Access to personal data is restricted to those personnel who require it to perform their role (principle of least privilege).

5. Data Subject Assistance

Sellgent will assist you in responding to data subject access requests (DSARs) within the timescales required by law. Contact us at privacy@sellgent.com with structured DSAR requests.

6. Security Incident Notification

In the event of a personal data breach affecting your data, Sellgent will notify you without undue delay and not later than 72 hours after becoming aware of the breach, enabling you to fulfil your own regulatory notification obligations.

7. Data Deletion & Return

Upon termination, all live personal data will be deleted within 30 days
On request, Sellgent can provide a JSON export of stored chat data before deletion
Encrypted backup copies are purged within 90 days of the deletion request for technical integrity reasons; data in backup is not accessible for operational use during this window

8. Audit Rights

Sellgent will make available to you all information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by you or a third-party auditor mandated by you. Audits must be conducted during normal business hours with at least 30 days' written notice, and must not unreasonably disrupt Sellgent's operations. Sellgent may require auditors to sign a confidentiality agreement before granting access. Audit costs are borne by you unless the audit reveals a material breach by Sellgent.

9. Cross-Border Transfers (SCCs & UK IDTA)

For EU personal data transferred to sub-processors outside the EEA, Sellgent relies on Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914). For UK personal data transferred outside the UK, Sellgent relies on the UK International Data Transfer Agreement (IDTA) as approved by the UK Information Commissioner's Office, or the UK Addendum to the EU SCCs where applicable. For personal data of Japanese data subjects transferred to US-based sub-processors (Convex, OpenAI, Anthropic), recipients are located in the United States, which does not have a cross-border transfer framework equivalent to Japan's Act on the Protection of Personal Information (APPI); however, each sub-processor has contractual obligations consistent with APPI standards. Copies of applicable SCCs and transfer agreements are available on request at privacy@sellgent.com.

Acceptable Use Policy

The following activities are strictly prohibited when using the Sellgent platform. Violations may result in immediate account suspension or termination.

Prohibited Uses

Sending unsolicited bulk messages or spam through the widget
Distributing malware, ransomware, or exploitative software
Infringing third-party intellectual property rights (copyright, trademarks, patents)
Engaging in illegal activities, including fraud, identity theft, or money laundering
Harassing, threatening, or abusing end-users or support staff
Scraping or bulk-extracting data from third-party platforms without authorisation
Attempting to reverse-engineer, decompile, or tamper with Sellgent systems
Reselling or providing sub-accounts to third parties without prior written consent
Using the platform to generate or distribute CSAM or other illegal content
Circumventing rate limits, account restrictions, or security controls

Enforcement

Sellgent reserves the right to investigate suspected violations and may cooperate with law enforcement. Accounts found in violation may be suspended or terminated without refund. We encourage good-faith reporting of abuse to abuse@sellgent.com.

Cookie Policy

Sellgent uses cookies and similar technologies on the dashboard web app and the embeddable widget. This section explains what cookies we use and how you can control them.

Cookies We Use

Cookie	Purpose	Duration	Type
Session cookie	Authenticate your merchant session	Session	Essential
Auth token	Keep you signed in between visits	30 days	Essential
Analytics	Aggregate usage statistics (privacy-safe)	12 months	Analytics
Widget session	Identify returning widget end-users	7 days	Functional

EEA/UK Cookie Consent

If you access Sellgent from the EEA or UK, a cookie notice banner is displayed on first visit. Essential cookies are set automatically; analytics cookies are only set after consent. You can withdraw consent at any time via your browser settings or the cookie preferences link in the footer.

Managing Cookies

Most browsers allow you to refuse or delete cookies via their settings menu
Disabling essential cookies may prevent you from signing in to the dashboard
Third-party browser extensions (e.g., uBlock Origin) can block analytics cookies

AI Usage Disclosure

Sellgent uses large language models (LLMs) to power its customer support widget. Responses generated by the AI may not always be accurate, complete, or up to date. Do not rely on AI-generated responses as a substitute for professional, legal, or financial advice.

What the AI Does

Answers customer questions using your knowledge base and product data
Escalates conversations to human support when it cannot confidently respond
Summarises previous conversation context to maintain continuity
Generates suggested responses for human agents to review and approve

Accuracy Limitations

The AI may occasionally produce incorrect or outdated information ("hallucinations")
Pricing, shipping, and return commitments are always governed by your store's own policies
The AI does not have real-time access to live inventory or order status unless you configure an integration
Sellgent is not liable for losses arising from AI response inaccuracies

Model Training & Data Usage

Sellgent uses third-party AI model providers. We have opted out of model training on customer data where such opt-outs are available. Your conversations are not used to train public AI models. Refer to the Sub-processor list and each provider's own policies for details.

Merchant Obligations for Human Oversight

As the merchant deploying this AI, you bear sole responsibility for the accuracy of all content served to your customers. You must: (a) maintain an up-to-date knowledge base that accurately reflects your current pricing, shipping, and return policies; (b) regularly audit AI responses for accuracy and immediately disable or correct any response patterns that produce inaccurate commitments; (c) ensure your customers have access to human support for any commitment-level queries (refunds, disputes, account actions); and (d) not configure the AI in a way that removes escalation pathways or prevents customers from reaching a human agent. Failure to maintain adequate oversight is a violation of the Terms of Service and may result in account suspension.

Escalation to Human Agents

Merchants can escalate any conversation to a human agent at any time via the dashboard. Conversations involving refund requests, order disputes, or account-level actions should always be reviewed and confirmed by a human agent before any commitment is communicated to the end-user.

Security

Sellgent applies a defence-in-depth approach to security. The following controls are in place to protect your data and your customers' data.

Encryption

All traffic is encrypted in transit using TLS 1.2+ (HTTPS only)
Sensitive data at rest is encrypted using AES-256
Database backups are encrypted before storage

Access Control

Two-factor authentication (2FA) is enforced for all administrative accounts
Principle of Least Privilege: staff access is limited to what is required for their role
Access rights are reviewed quarterly and revoked immediately upon offboarding

API Key Management

API keys are hashed before storage; plaintext keys are never stored
Keys can be rotated or revoked at any time from the dashboard
Suspicious API key usage triggers automated alerts

Logging & Monitoring

Login events and authentication failures are logged with timestamps and IPs
Sensitive setting changes (API keys, billing, user roles) are audit-logged
Automated anomaly detection monitors for unusual access patterns
Logs are retained for 90 days and stored in an append-only system

Vulnerability Management

Dependencies are monitored for CVEs using automated tooling
Security patches are applied within 48 hours for critical vulnerabilities
Responsible disclosure inquiries: security@sellgent.com

Sub-processors

Sellgent engages the following sub-processors to deliver its service. We have verified that each provides a DPA and appropriate data protection measures. We provide at least 10 days' advance notice of any new sub-processor additions.

Current Sub-processor List

Category	Vendor	Location	Purpose	Model Training	DPA
Cloud Infrastructure	Convex	United States	Database, real-time sync, serverless functions	No	Yes
AI Models	OpenAI	United States	LLM inference for AI responses	Opted out via ZDR / API usage	Yes
AI Models	Anthropic	United States	Alternative LLM inference	Opted out via API usage policy	Yes
Email Delivery	Resend	United States	Transactional emails (receipts, alerts)	No	Yes
Payments	Polar	United States	Subscription billing and payment processing	No	Yes
File Storage / CDN	Cloudflare R2	Global edge	Widget asset delivery and image storage	No	Yes
Authentication	Better Auth	Self-hosted	Merchant session management	N/A	N/A

Note for Japanese Users (APPI): Your personal data may be transferred to sub-processors located in the United States — specifically Convex (database and serverless functions), OpenAI (LLM inference), and Anthropic (LLM inference). The United States does not have a data protection framework recognised as equivalent under Japan's Act on the Protection of Personal Information (APPI). Sellgent ensures that each of these sub-processors is contractually bound to maintain data protection standards consistent with APPI requirements and our Data Processing Agreement. For questions, contact privacy@sellgent.tech.

Last updated: March 2026. To be notified of sub-processor changes, contact privacy@sellgent.tech.

Policies & Terms